More

    Edtech companies breaking UK data laws, privacy campaigners claim

    Edtech companies are breaking UK data laws, leaving children’s data vulnerable to commercial exploitation, privacy campaigners claim, as free remote learning software that was adopted by schools in the pandemic comes under scrutiny.

    An investigation by children’s digital rights charity 5Rights is being presented to the Information Commissioner’s Office and the Department for Education on Wednesday, highlighting the policies of popular edtech products Google Classroom and ClassDojo.

    The research conducted an experiment tracking how school children interacted with Google Classroom, revealing how data was tracked by third parties and Google when the user clicks on external links. This data can be used to infer preferences and serve personalised advertising.

    The two companies have opaque privacy terms that are inconsistent with UK data protection law and confusing to teachers, it argued.

    The research comes as European governments seek to limit the use of Big Tech in educational settings: some regions in Denmark and Germany have banned the use of Google products in schools.

    The Dutch Data Protection Authority threatened last year to ban Google’s Chromebook laptops and its educational software for failing to protect children’s privacy. Google changed its terms of service in the Netherlands and renegotiated its school contracts.

    Edtech, or education technology, became widely adopted by schools during the pandemic, but the rush to remote learning meant the implications of using free software designed by Big Tech companies were not properly considered or regulated, campaigners argue.

    “The pandemic both showed the usefulness of the technology but exposed the lack of oversight simultaneously,” said Baroness Beeban Kidron, 5Rights’ chair.

    Kidron proposed the UK’s Age Appropriate Design Code, known as the Children’s Code, which was introduced in September last year. It forces technology companies to prevent children’s data from being used for marketing and advertising messages.

    Breaches of this and the EU’s General Data Protection Regulation can result in a potential fine of up to 4 per cent of global turnover for companies.

    “It is great to have platforms for remote education but that does not mean it is a free for all. A child’s search terms or browsing history might be used to target them with commercial products, and that is no good,” Kidron said. “Rather than being unwanted in our schools, [tech companies] should be visitors with rules.”

    Analysis of the platforms’ terms of service mean schools are considered data controllers and responsible for protecting the privacy of their pupils. But the report claims that schools do not have the understanding or resources to fully manage, scrutinise or fulfil these duties when this software is in place, due to the opaque wording of the terms.

    The government should require edtech providers to state clearly, publicly and transparently the nature of the data collected and used on children, with regularly independent audits, the report argues.

    The ICO said it was interested in any evidence of edtech that does not comply with the law.

    “The relationship that exists between edtech providers and schools is complex and we have provided tools and resources to support schools and education organisations across the UK,” it added.

    On Google Classrooms children’s data is collected if they click on an external link to Google services such as YouTube or Maps, to serve ads and collect data that could be used in future advertising or personalisation.

    This practice is commonplace in lessons, the research claims, and there is no warning for users that they are exiting an anonymous data environment. However, teachers can choose to prevent access to external sites.

    “Google’s services for schools are governed by clear privacy policies and have sophisticated security and encryption technology built in,” Google said.

    Schools using Google services own and control their data, it added, and said data collected within the Google Classroom interface was not used for ads.

    ClassDojo is a platform where teachers can mark children’s performance and behaviour on an app shared with parents. The platform makes money by charging for extra features. The report argues this could lead to discrimination and affect children’s records.

    ClassDojo said it was fully compliant with data privacy laws and pupil feedback was automatically deleted after a year.

    Additional reporting by Bethan Staton in London

    Edtech companies breaking UK data laws, privacy campaigners claim Republished from Source https://www.ft.com/content/3d649dab-8a54-450d-ae48-e65c3d395fb0 via https://www.ft.com/companies/technology?format=rss

    Recent Articles

    spot_img

    Related Stories

    Stay on op - Ge the daily news in your inbox