Should you be concerned about your child’s data privacy?

Posted by

With the rise of educational tools aimed at K-12 students and the lucrative sector attracting new entrants almost daily, data privacy has been front of mind for education activists, think tanks, and government officials alike. And with good reason, as the platforms are collecting massive amounts of data. 

“We have the most comprehensive database on the educational experience in the globe. So given that information that we have, no one else has those data assets at their fingertips to be able to develop those algorithms and predictive models.”

Algorithms. Predictive Models. Data Assets. If you skimmed this quote from an investor conference given last year, you might think that Dan Goldsmith, the former CEO of the private equity firm Instructure, was referencing the latest data collecting loyalty program or social media platform and you’d be wrong. Instead, this is how Dan explained the value in his company’s latest $2 billion acquisition, Canvas – the popular learning management software that recently overtook Blackboard as the market leader. 

As school systems across the world wrestle with how to best keep their student’s attention, combat the reduction of funding, create equitable learning experiences, and augment traditional classroom learning, they have increasingly turned to digital solutions to meet their needs. A move that has fueled growth in the educational technology (EdTech) Sector.

Even before the tailwinds brought on by the COVID-19 pandemic, the EdTech industry was experiencing astronomical growth. “Between 2019 and 2025, the market is expected to grow 2.5x it’s current size, accounting for $404 billion in global spending. With the K-12 sector accounting for the largest revenue share.” (Source: Holoniq)

Image showing the components of Personally Identifiable Information

Providers like Canvas, Blackboard, and Schoology service boasts over 74 million users. Providing services that range from content hosting to grade books continuing education classes for working professionals. It’s in the initial user setup that is of particular concern. Specifically, the information that is collected by these learning management providers. Due to the nature of academic resources, many of the leading providers have access to users’ names, dates of birth, addresses, and more. These pieces of information can individually identify a person hence the term Personally Identifiable Information (PII).

It’s PII information that has often been considered especially valuable to the companies that offer these services. The breadth of this information paired with the millions of users provides enough data points for companies to refine predictive algorithms. A sentiment echoed by former Canvas CEO, Dan Goldsmith, “We can predict, to a pretty high accuracy, what a likely outcome for a student in a course is, even before they set foot in the classroom.” (Source)

An assertion that, for parents and onlookers alike, calls to question how students’ almost mandatory participation on these platforms might put them at risk later in life due to how data is consumed and used in decision-making processes at many companies. 

To be clear, this isn’t to suggest that providers don’t need to collect this information or that all companies collect this information with the intent to carry out nefarious deeds. It’s to say that the end-user should know how companies use, store, and potentially sell this data and to whom, with the option to opt-out if they so choose. 

Given that this information is personally identifiable, it creates an opportunity for companies to pair our data, and that of our children,  across a larger set of purchased user data and create a more intrusive and robust profile of each platform user in the near future. A move that could prove to be costly as user data is growing in its use throughout the hiring process. Leading to a worst case scenario where an employer has the ability to draw conclusions about an applicant’s potential performance in the workplace due to their past performances in classes across their entire education history. The growing use of edTech and potentially damaging scenarios like the one mentioned above have underscored many conversations about the enforceability of FERPA, the Family Educational Rights and Privacy Act, between schools, educational vendors, and other third parties. Specifically, how much of the protections around student information extends to the third-party vendors that are not bound to uphold the protections FERPA.  

To that end, legislators across the globe have been busy shoring up their existing policies and enacting new ones to protect the data of students everywhere. In fact, according to FERPA Sherpa, a resource site launched by the nonprofit Future of Privacy Forum and the Data Quality Campaign, from 2013 to 2016, there have been 49 states and the District of Columbia that have combined to introduce +400 bills addressing student data privacy. An effort that resulted in 36 states passing 73 student data privacy bills into law. Which, if 2020 is any indication, is a pace that does not look to be slowing down as the educational technology sector continues its growth.

Although the General Data Protection Regulation (GDPR) was enacted in Europe, , it’s proving to be important in the US as well,  since there are numerous companies operating both domestically and abroad that will have to comply with the changes listed throughout the GDPR. Because of that need for compliance, there have been discussions around the GDPR becoming the “gold standard” for data privacy in every market. 

Overall, students have benefited from the adoption of technology in the education process and the continued adoption of such technology will be integral in the educational landscape for years to come. As widespread adoption and integration continue to take place, state and federal governments will need to do more than just fill the gaps in existing protections, they will need to create comprehensive frameworks for new entrants in the EdTech space while ensuring that local educational professionals have access to proper training and resources to ensure the protection of our students’ data. 

If you are in EdTech or a user of EdTech and interested in learning how Rownd can help you gain control of your data, reach out now at