You find a new quiz app that your students love. It is free, engaging, and saves you time on formative assessment. You sign up your whole class. Three months later, you discover the app has been collecting student location data, selling behavioral profiles to advertisers, and storing assessment results on servers with no clear data retention policy.
You did not mean to put your students at risk. You were trying to teach them effectively. But the edtech landscape is full of tools that trade student data for free access, and most teachers have never been told what to watch for.
This is not a scare piece. It is a practical guide to the data privacy decisions you are already making, whether you realize it or not.
Why This Falls on Teachers
In theory, student data privacy is an institutional responsibility. Districts have technology departments, data governance policies, and procurement processes. In practice, teachers are making data privacy decisions every day, often without guidance.
Every time you create student accounts on a new platform, upload a class roster to a website, use an app that tracks student progress, or share student work on social media, you are making a data decision. These decisions carry real consequences, and the burden of understanding them should not fall entirely on you. But until districts catch up, it does.
The Basics: What Data Are We Talking About?
Student data includes more than grades and test scores. In the edtech context, data falls into several categories:
Personally identifiable information (PII): Names, email addresses, student ID numbers, birthdates, photos, and anything that can identify a specific student.
Academic data: Grades, assessment results, learning progress, assignment submissions, and performance metrics.
Behavioral data: Login times, time spent on tasks, click patterns, pages visited, content engaged with, and response times. This is the category most people underestimate. Many edtech tools collect granular behavioral data that reveals far more about a student than their quiz scores do.
Metadata: Device type, location data, IP addresses, browser information, and usage patterns. Even when a tool does not ask for a student’s name, metadata can often be used to identify individuals.
Five Questions to Ask Before Adopting Any Tool
You do not need a law degree to make better data privacy decisions. These five questions will catch the majority of problems.
1. What Data Does This Tool Collect?
Read the privacy policy. Yes, they are long and deliberately confusing. Focus on the section about data collection. Look for language about what types of information the tool gathers. If the policy mentions collecting location data, device identifiers, or behavioral analytics, ask yourself whether that collection is necessary for the tool’s educational function.
A quiz app needs your students’ answers. It does not need their GPS coordinates.
2. Who Owns the Data?
Many free edtech tools claim ownership of content created on their platform. This means student work, assessment data, and usage information may belong to the company, not the student or the school. Look for clear language about data ownership. The data should belong to the student and the school, period.
3. Who Can See the Data?
Check whether the tool shares data with third parties. “Third party” often means advertisers, analytics companies, or data brokers. A common formulation is “we may share data with trusted partners to improve our services.” Translated: your students’ information may be sold or shared with companies you have never heard of.
4. How Long Is the Data Stored?
Some tools retain student data indefinitely, even after accounts are deleted. Look for a clear data retention and deletion policy. Can you delete student data when the school year ends? Will the company actually delete it, or just deactivate the account while keeping the data?
5. Is the Tool FERPA and COPPA Compliant?
FERPA (Family Educational Rights and Privacy Act) protects student education records. COPPA (Children’s Online Privacy Protection Act) restricts data collection from children under 13. Any tool used in a school setting should comply with both. Look for explicit compliance statements, not just vague references to “taking privacy seriously.”
If a tool cannot clearly answer these five questions, do not use it with students.
Common Mistakes Teachers Make
Signing Students Up With Personal Email
When a tool requires email addresses and students do not have school accounts, some teachers use personal emails or create accounts using student names. Both approaches expose PII unnecessarily. If a tool requires email, use school-issued addresses or check whether the tool supports class codes or teacher-managed accounts that do not require individual student emails.
Sharing Student Work Publicly
Posting student work on social media, class websites, or public platforms feels celebratory. But it creates a permanent digital record tied to a minor. Even with first names only, photos of student work combined with school names can identify individuals. Always get written parent consent before sharing any student work publicly. Keep the default to private.
Using Free Tiers Without Reading the Terms
Free tools subsidize their costs somehow. Often, the subsidy is student data. This does not mean every free tool is problematic, but it means the free tier deserves extra scrutiny. Some tools offer a genuinely free education tier with strong privacy protections. Others offer a free tier with data collection baked into the business model. The privacy policy will tell you which one you are looking at.
Assuming the District Vetted It
Unless your district has an explicit approved tools list and a process for reviewing edtech privacy policies, do not assume a tool is safe because other teachers use it. Many districts lag significantly behind their teachers’ tool adoption. You may be the first person at your school to actually read the privacy policy of a tool that dozens of teachers are already using.
Building a Privacy-Aware Classroom
Teach Students About Their Own Data
Students should know what data is being collected about them and why. When you introduce a new tool, explain what information it gathers and how it will be used. This is a media literacy skill that extends far beyond the classroom.
A high school teacher makes data transparency part of her technology introduction routine. Before students use any new tool, she walks them through the privacy policy highlights and asks: “Would you still want to use this knowing what it collects?” The conversations have been eye-opening for students and have strengthened their critical thinking about all the apps they use outside school.
Maintain an Inventory
Keep a simple list of every digital tool you use with students, what data each tool collects, and whether it has been reviewed for privacy compliance. Update it each semester. This practice protects you, protects your students, and gives your administration useful information about the district’s actual technology footprint.
Default to Minimal Data
Adopt a simple principle: collect and share the least amount of student data necessary. If a tool works with anonymous logins, use anonymous logins. If you can avoid uploading a class roster, avoid it. If you do not need a feature that requires additional data collection, turn it off.
Privacy as an Act of Care
Data privacy is an emotional issue, even when it looks like a technical one. When a student’s data is misused, it erodes trust. Trust in the tool. Trust in the teacher who chose the tool. Trust in the institution that allowed it.
TechEQ reminds us that every technology decision carries an emotional dimension. Choosing tools carefully, being transparent about data practices, and advocating for student privacy are acts of care. They communicate to students that their information, and by extension their wellbeing, matters.
Your Next Step
This week, pick the edtech tool you use most frequently. Find its privacy policy. Read the sections on data collection, data sharing, and data retention. If what you find concerns you, bring it to your administration. If it does not have a clear privacy policy, that is your answer.
Your students trust you with their learning. That trust extends to their data, whether anyone told you it would or not.
*This article is part of our [Digital Literacy](/digital-literacy) series on EdTech Institute, helping educators navigate the practical realities of student data privacy.*
Leave a Reply