Is there a “Grinch” lurking in your classroom tech? Just like the Grinch sneaking into Whoville to steal presents, some can quietly collect, misuse, or share sensitive student information – turning what seems like a helpful resource into a student privacy risk.
Are students using any of The Grinch’s Top 10 Apps for Stealing Student Data in your classroom? (The Grinch’s favorites are some of the scary apps that the EdTech Leadership Alliance released in October 2024.)
Quizlet
A popular app for creating digital flashcards, quizzes, and games, Quizlet also shares personally identifiable information (PII) and uses it for targeted advertisements and product development.
Grammarly
Grammarly, an AI writing assistant that helps improve grammar, spelling, punctuation, and style, no longer signs data privacy agreements for the free version of their tool. Like the paid version, the free version includes generative AI, raising the privacy concerns of using Grammarly with students.
TED-EdTED-Ed offers educational videos, lesson plans, and tools for teachers and students, but it may also share PII and will not sign the National Data Privacy Agreement*.
Animoto
A cloud-based video creation tool that allows users to create videos from photos, videos, music, and text, Animoto uses targeted advertising and will not sign the National Data Privacy Agreement*.
Mentimeter
Mentimeter is a web-based presentation tool that allows users to create interactive polls, quizzes, and slides. Did you know that teens under the age of 16 are not permitted to use it? Also, the company will not sign the National Data Privacy Agreement*.
Padlet
Originally launched as Wallwisher in 2008, Padlet has been around for a long time. More recently, the tool released new features, and some have suggested it as a replacement for Jamboard. Only the paid version of Padlet is FERPA-compliant*.
Pixabay
Known by many as a free, online stock media library that provides access to images, videos, and other creative assets, Pixabay is not designed for children under the age of 13-years-old without adult approval. Additionally, Pixabay will not sign a data privacy agreement.
Typing Club
Typing Club offers standards-aligned, grade-based typing resources. The free version presents some privacy concerns because the program collects personal information like usernames, progress data, and usage patterns. This information could be used for targeted advertising.
Ideogram
Ideogram is an AI-powered website that generates images from text prompts. The site uses third-party trackers for marketing and may transfer data to countries with fewer protections. It is not intended for use with children, according to its privacy policy.
Duolingo
A language learning program, Duolingo allows users to learn through gamified lessons that incorporate reading, writing, listening, and speaking skills through short, daily practice sessions. Duolingo collects and shares personal data with third parties and refuses to sign data privacy agreements with schools.
How can you spot (and stop!) these data-hungry Grinches and protect students’ information? When evaluating an app, website, product, or services, use the questions in Best Privacy Practices for Using Apps in the Classroom from the Student Privacy Compass to determine whether the tool will keep students’ data safe. - Does the product collect Personally Identifiable Information (PII)?
- FERPA, the federal privacy law applies to “education records” only, but many state laws cover ALL student personal information.
- Does the vendor commit not to further share student information other than as needed to provide the educational product or service (such as third-party cloud storage, or a subcontractor the vendor works with under contract)?
- The vendor should never sell data.
- Does the vendor create a profile of students, other than for the educational purposes specified?
- Vendors are not allowed to create a student profile for any reason outside of the authorized educational purpose.
- When you cancel the account or delete the app, will the vendor delete all the student data that has been provided or created?
- Does the product show advertisements to student users?
- Ads are allowed, but many states ban ads targeted based on data about students or behavioral ads that are based on tracking a student across the web. TIP: Look for a blue, triangle “i” symbol which is an industry label indicating that a site allows behaviorally targeted advertising. These are never acceptable for school use. This would be particularly important when evaluating non-education-specific sites or services.
- alt text: a teal triangle facing to the right with an ”i” in the center
- Does the vendor allow parents to access data it holds about students or enable schools to access data so the school can provide the data to parents in compliance with FERPA?
- Does the vendor promise that it provides appropriate security for the data it collects?
- TIP: A particularly secure product will specify that it uses encryption when it stores or transmits student information. Encrypting the data adds a critical layer of protection for student information and indicates a higher level of security.
- Does the vendor claim that it can change its privacy policy without notice at any time?
- This is a red flag. Current FTC rules require that companies provide notice to users when their privacy policies change in a significant or “material” way and get new consent for collection and use of their data.
- Does the vendor say that if the company is sold, all bets are off?
- The policy should state that any sale or merger will require the new company to adhere to the same protections.
- Do reviews or articles about the product or vendor raise any red flags that cause you concern?
This holiday season, as we gather around to enjoy the classic tale of The Grinch Who Stole Christmas, it’s a perfect time to reflect on a different kind of thief: apps with poor data privacy practices. Let’s keep these digital Grinches out of the classroom! Be sure to always review the terms of service to ensure your students’ data stays safe and secure.
Terms Mentioned in this Post:
*What is the National Data Privacy Agreement (NDPA)?
A National Data Privacy Agreement (NDPA) is a standardized contract developed by the Student Data Privacy Consortium that aims to address common student data privacy concerns and streamline the contracting process between schools and vendors by setting clear expectations regarding how student data can be collected, used, and protected, essentially acting as a model agreement for schools to use when dealing with third-party data providers.
*What is FERPA compliance?
The Family Educational Rights and Privacy Act, or FERPA, protects students’ education records, including content that identifies students or that students create. FERPA compliance ensures that personal data cannot be exploited without proper consent.
What is a Student Data Privacy Agreement?
A Student Data Privacy Agreement (SDPA) is legal contract between a school district and a third-party vendor, such as an educational technology company, that identifies guidelines for how the vendor can collect, store, use, and disclose student personal information. Often, a SDPA includes limitations on data sharing, requirements for parental notification, and restrictions on selling data for commercial purposes.
DPAs may be executed along with other agreements/terms of service, or they may stand alone.
References:
EdTech Leaders Alliance. (2024). Scary apps.
Megan Ash serves as the Coordinator of Digital Learning at the Educational Service Center of Central Ohio. In this role, Ash has been involved with the development, delivery, and support of online courses offered to professional educators throughout the state of Ohio. She also provides support for member districts in online and blended learning as well as in technology integration. Megan earned an M.S. in strategic leadership and a B.S. in education. Additionally, she holds an Ohio teaching license and is a certified Google Level 1 and Level 2 Educator, a Quality Matters trainer and facilitator, and an Apple Educator and Apple Education Trainer.