EXECUTIVE SUMMARYStudents and their families are minecraft craft guid into a corner. As students across the United States are handed school-issued laptops and signed up for educational cloud services, the way the educational system treats the privacy of students is undergoing profound changes—often without their parents’ notice or consent, and usually without a real choice to opt out of privacy-invading technology. Students are using technology in the classroom at an unprecedented rate.

One-third of all K-12 students in U. Student laptops and educational services are often available for a steeply reduced price, and are sometimes even free. However, they come with real costs and unresolved ethical questions. In short, technology providers are spying on students—and school districts, which often provide inadequate privacy policies or no privacy policy at all, are unwittingly helping them do it. This paper presents what we have observed and learned about student privacy in the course of our investigation. After an introduction to EFF’s approach to student privacy, we turn to our analysis. In Part 1, we report on the results of a large-scale survey and interview study we conducted throughout 2016.

Schools issued devices to students without their parents’ knowledge and consent. Parents were kept in the dark about what apps their kids were required to use and what data was being collected. With no notice or help from schools, the investigative burden fell on parents and even students to understand the privacy implications of the technology they were using. Parents had extensive concerns about student data collection, retention, and sharing. We investigated the 152 ed tech services that survey respondents reported were in use in classrooms in their community, and found that their privacy policies were lacking in encryption, data retention, and data sharing policies.

Parents who sought to opt their children out of device or software use faced many hurdles, particularly those without the resources to provide their own alternatives. School staff generally relied on the privacy policies of ed tech companies to ensure student data protection. Parents and students, on the other hand, wanted concrete evidence that student data was protected in practice as well as in policy. Need for digital privacy training and education. Both students and teachers voiced a desire for better training in privacy-conscious technology use. The data we collected on the experiences, perceptions, and concerns of stakeholders across the country highlights the need for ed tech companies to take seriously the privacy concerns of students, parents, teachers, and administrators. In Part 2, we provide in-depth analysis of ed tech’s legal and policy framework in the U.

State and federal laws that are supposed to protect student privacy have not kept up with ed tech’s rapid growth. The Student Privacy Pledge, enforced by the FTC and voluntarily signed by ed tech companies, features glaring loopholes in its definitions of what constitutes «student information» and «educational service providers. As states bring forward more and more student privacy legislation, three have stood out: California, Colorado, and Connecticut. We describe each state’s current legislation and the ways in which they each take unique steps to protect student data, provide resources to school districts, and rein in ed tech companies. In Part 3, we turn our analysis into a call for action and present our recommendations for: school administrators, teachers, librarians, system administrators, parents, students, and ed tech companies themselves. Finally, we conclude by bringing our survey reporting, legal analysis, and recommendations together to briefly state the key problems and issues surrounding K-12 digital student privacy in the U.