1. What is #StudentsNotProducts?
#StudentsNotProducts is a Human Rights Watch campaign launched in May 2022 to amplify the findings of its ground-breaking report on it’s investigation into how government-authorized EdTech products used for remote learning during Covid-19 school closures violated students’ right to privacy. The campaign aims to educate students, teachers, and parents on the harms related to children’s online privacy and to mobilize them to call on governments to pass child data protection laws. (HRW #StudentsNotProducts)
2. What is AdTech and EdTech?
Advertising Technology (AdTech) refers to companies that collect massive amounts of data about people to target them with ads tailored to their presumed interests and desires. (HRW)
Educational Technology (EdTech) is software that is used for educational purposes, in an educational setting, or that processes student’s data. This includes software used to administer the school such as databases used to hold students’ data, systems used to deliver teacher’s lessons and materials, such as Google Classroom or Zoom, and systems that provide lessons themselves, such as Khan Academy or Duolingo. (Privacy International)
Check out the #StudentsNotProducts glossary to learn other key vocabulary.
3. Why does this matter?
When EdTech companies have access to your data, they have the opportunity to sell or share this data with advertising technology companies (AdTech), governments, law enforcement, schools or other private companies.
Although information like your favorite animal or color might seem unimportant, the release of more sensitive information like your location, reproductive/sexual health, sexual orientation, income-level or immigration status might have larger implications if exposed to companies, schools, the government or law enforcement. For example, if a student shares that a family members is undocumented in a Google Classroom chat, what could happen if that information is sent out to law enforcement? Read about students’ stories with data privacy breaches here.
Additionally, if any of these EdTech or AdTech companies experienced a data privacy break or were hacked, your data would then be available to the hackers.
4. How do I know if the EdTech I use at school is taking my information?
Human Rights Watch examined more than 150 EdTech products, recommended by 49 governments of the world’s most populated countries (including India, Taiwan, and the United States), to check how they handled student’s data. 89% of the EdTech products HRW looked at monitored or could monitor students, in most cases secretly and without the consent of students or their parents.
Some of the EdTech products investigated include Zoom, Google Meet, Khan Academy, Microsoft Teams, Diksha, Education Cloud, WhatsApp, and LINE. HRW created easy-to-read Privacy Profiles for all 163 EdTech products it examined so you can understand how these products handled students’ data and privacy. To see all the profiles visit #StudentsNotProducts under “Explore the Evidence”.
5. Is this happening to adults too?
Yes, students over the age of 18, parents, teachers and other administrators are at risk while using EdTech products for school or work.
Data privacy effects everyone who participates in the digital world. Although adults might not interact with EdTech, they interact with other technology platforms who may collect data off of them with or without their permission. For countries like the United States that do not have comprehensive data privacy laws, adults also lack necessary legal protections.
6. What are the current regulations to keep students and other individuals safe online?
Current data privacy laws vary by country.
In the United States, there is no single federal law that provides comprehensive data protection for minors. There is a patchwork of federal and state laws that apply. Federal laws protect either specific types of data like healthcare or credit information, or specific populations, like minors. This is why HRW is calling on the federal government to pass comprehensive data privacy protection laws as part of the #StudentsNotProducts advocacy.
In U.S. states without privacy laws, companies can use, share, or sell any data they collect about you without notifying you that they’re doing so. As of September 2023, only 11 states have any data privacy laws. California has some of the strongest data protection laws as consumers have the ability to sue a company against certain types of data breaches and to “globally opt out” from data sharing by device or browser (NYT). To see what protections you have in your state, check out this guide from Bloomberg Law.
In Europe (the EU), the General Data Protection Regulation (GDPR), requires companies to ask for some permissions to share data and gives individuals rights to access, delete, or control the use of that data.
In May 2023, Taiwan passed the Personal Data Protection Act, which was modeled off of the EU’s GDPR.
In August 2023, India passed the Digital Personal Data Protection Act. It has special provisions to protect the data of minors including requiring parental consent before minors’ data is processed and prohibiting targeted advertising towards children when it “is likely to cause any detrimental effect on the wellbeing of a child.” These regulations also apply to international companies operating in India (Reuters and Wilmer Hale).
7. What are cookies?
Cookies are small information files that a website sends to your browser (Ex: Safari, Google Chrome, etc.) and stores on your computer or mobile device. Some cookies help the website recognize you and tailor your experience on the sites, like YouTube providing you with recommended videos. Others assess how the website is being used, send information to advertising companies, or are required to allow a website to function.
With most websites, you cannot turn off all cookies, since some are “functional”, however most websites will ask if you want to “Accept All Cookies” which let you choose whether or not to accept marketing, statistics or other types of cookies. (National Geographic Kids)
8. How can I find out if my school is using EdTech platforms that are violating my privacy?
Start by make a list of the EdTech platforms you use regularly for school. Think about how you deliver assignments, communicate with teachers and faculty, and access lesson materials. Are there specific websites or technologies you use for specific classes? What accounts have you had to create for an educational purpose (e.g. College Board, Naviance, Khan Academy, etc.)? Once you’ve taken inventory of what products you use, ask friends, teachers and even administrators if they use these EdTech platforms or additional ones.
Now that you have a list, see if the EdTech you use was researched by HRW. HRW created easy-to-read Privacy Profiles for all 163 EdTech products it examined so you can understand how these products handled students’ data and privacy. To see all the profiles visit #StudentsNotProducts under “Explore the Evidence”.
Note: If a product does not have an HRW Privacy Profile, that does not mean that that product is or is not violating your privacy, it simply means HRW did not look into that specific EdTech platform.
9. Who determines which EdTech platforms my school uses?
EdTech platforms often require schools to purchase licenses, so campus or district administrators decide which platforms students and teachers use. When HRW interviewed teachers for the #StudentsNotProducts report, many were unaware of the privacy violations of the EdTech platforms they had been using.
10. What can I do to get my school to only use EdTech platforms that don’t violate my privacy?
STF has created resources for you to educate your community and advocate for your rights with your principal, school board, or federal lawmakers. We walk you through how to build a collation, talk to decision makers, and how to structure your asks so you can succeed. Check out our advocacy opportunities section to learn more.