Online learning in the new lockdown environment: How safe is children's personal data?
Updated: May 14, 2020
Dr Caroline Keen
April 28th, 2020
How well are we safeguarding our children's privacy? New research into parents’ and teenagers’ privacy strategies in the digital context suggest they are ill-equipped to protect children’s data privacy.
Parents and children are embracing new online technology to survive during lockdown restrictions but they need to be aware of personal information falling into the hands of corporate giants - and their own family environment becoming exposed through online learning.
While adopting new technology and online services has definite lockdown benefits, in doing so the family home becomes more visible to outsiders and potentially exposes environments, interactions and behaviours, as well as the lifestyle choices of all family members, to institutions and employers, colleagues and peers, members of local communities, and strangers. Using audio visual platforms and personal devices to conduct education or work from home raises both privacy and security concerns.
Faced with lockdown and social distancing policies, government, educators and families have rushed to adopt new digital services, apps and smart devices in order to work, learn and socialize from home, amplifying our dependence on digital technologies., Parents are eager to ensure education, work and social interaction can continue from home. During lockdown families have signed up to countless new digital services, devices and platforms resulting in digital tech companies capturing an ever-increasing amount of personal information.
Teachers are now using digital services, apps and platforms to communicate with students, including conferencing tools like Zoom, Google Classroom, apps, discussion posts, online assignments, and student management systems.
On the face of it, this move to online education may seem fantastic, but we need to ask if there are potential downsides. While families may eagerly allow digital access to their children, remote learning is not without its risks.
Not only does remote learning present challenges in terms of educational equity, but this also presents new privacy challenges for families. The more obvious privacy risks arise as the family home becomes more visible to outsiders, with audio visual platforms exposing home environments, interactions and behaviours, and lifestyle choices of all family members.
In-home learning is also rapidly changing the how teachers interact with students, with more personalized tutoring, online discussions and forums, and showcasing of student work. How will consent work in this new environment? Before lockdown schools exercised privacy controls requiring student permission to publish information and images about them. We may need new policies regarding pictures or audio recordings and other data captured by online ed tech systems on new e-learning environments and platforms.
The security of children’s personal information is also an issue for many digital platforms. Many of you will have seen media reports that Zoom experienced extraordinary growth due to the pandemic, but that it also lacks privacy protections, as evidenced by reports of unauthorized third parties gaining access to virtual classrooms in real-time (known as Zoombombing).
Parents may wish to consider how moving to online learning impacts the privacy of the family home, and more intimate lifestyle details of its members.
What are you happy for children to share? Perhaps consider setting some rules around what aspects of the home environment family life you would prefer to remain private.
And consider whether new communication and information sharing platforms have potential for cyberbullying or discrimination by others.
Parents may wish to consider setting up a neutral space in which children can sit with their tech devices while ‘at school’.
Make sure privacy settings are used in applications like Zoom
A second but perhaps longer-term privacy risk is children’s personal data privacy. With everyone at home, internet use has increased dramatically, with family members using larger numbers of apps, online services, and smart technologies to facilitate education and work, as well as engage with social and entertainment needs. Children’s heightened use of digitised services, brought about by the pandemic, increases the risks of children’s personal information being captured by digital companies and data brokers, presenting new threats to their longer-term privacy and life outcomes.
However, research by Dr Keen has found many parents are unaware of how children’s personal information is collected and used by corporations, and also aggregated and sold to third parties such as data brokers.
Parents and teenagers are very familiar with online risks such as identity theft, fraud, cyber bullying and unwanted public exposure, as well as the risks of children being groomed and sexual exploited. Many parents take measures to guard against these risks, by having rules about what they do and don’t share online, and teenagers themselves are adept users of privacy settings to prevent their personal uploads from falling into the wrong hands. This is not surprising since parents and teens think about privacy in terms of relationships, and seek to control others' access to personal information about them that could impact their public identities and social standing in relation to others. Public policy and education programs have to date focused heavily on encouraging parents and children to manage their online safety and conduct through raising awareness of online communication and conduct risks.
However, parents and teenagers are less familiar with these online commercial models that profit from collecting personal data (through manipulative marketing, and selling data to third parties) and, further, have little motivation to assess commercial privacy policies and limit commercial collection of personal information says Dr Keen.
Unlike their parents, today’s children and young people are subject to intensive corporate surveillance since picking up their first internet-enabled device. Research tells us that vast amounts of data are collected from children using online services and smart tech without the users’ knowledge. At aged thirteen a child can have as many as 72 million data points captured by online tracking technologies. For teenagers, around 12 million data points are given away to commercial interests every year.
However, this research revealed that many parents don’t think companies collect children’s data, are often unaware of how data is collected, and marketing practices targeting children online. They do not know that companies don’t always discriminate between adults and children and so continue to collect children’s data despite some regulatory approaches internationally.
At the same time, smartphone apps, social media platforms, student management software and apps, and even Google (now entrenched within many schools) collect and store massive amounts of personal data from children, even after the school bell. But many parents and teenagers remain unaware of commercial data processing practices and do not currently review privacy policies or terms and conditions. This is concerning as vast amounts of personal information about children is being collected by tech companies, sold to third parties, and through the process of profiling be used to assess risk, predict behaviour, and predetermine their choices, the consequences of which are not fully understood. Children’s data is big business to online ed tech companies. Free to all its users Google Classroom is embedded in many schools and this, along with other student management apps and software, record increasing amounts of sensitive and personal data. But how much do we know about how this will be used in the future? Student management systems and educational data repositories have been exposed as posing new security risks as they house increasing amounts of student data (Pearson 2018).
We do know that data is already used to determine a person’s eligibility to receive consumer offers, but there is also evidence that personal data may be used to deny some individuals access to essential services, while privileging others. For instance, individual profiles and automated decision-making technologies can be used to predict an individual’s likelihood of defaulting on a loan, committing a crime, of leading an unhealthy lifestyle, or assessing their likelihood of excelling in educational or work opportunities, resulting in discrimination that will exclude some children from essential services and opportunities later in life.
The key point is that, unlike past generations, today’s children are subject to intense corporate surveillance, resulting in previously taken for granted opportunities being predetermined by others. But the majority of parents interviewed did not review corporate privacy policies when signing on to new digital services, and certainly did not think to review these on the digital services their children used.
We are all guilty of just ‘ticking the box’, so it comes as no surprise that parents and teenagers regularly consented to the corporate collection of their data, in exchange for access to free or low-cost services online. However, these consent mechanisms effectively legitimize the collection of our personal data and so we should not just give this up without being informed of what data is collected, where it is stored, what it is used for, if it is repurposed and sold, and where it can end up, says Dr Keen.
Schools, parents and teenagers need to take an active role in reading through the privacy statements of the digital services they use, and evaluating the potential costs to children's privacy now and in the longer term.
In terms of evaluating the impact on younger children’s data privacy parents could consider a number of things.
What data is collected and how securely is it stored?
Are there options to opt out?
What do digital service companies do with the information?
How long is it kept for?
Is it supplied to third parties?
Can you access what is held about you or your child?
Can you ask for records to be deleted?
In an ideal world, children’s personal information should not be utilised or shared by technology providers with affiliated third party providers beyond what is required to teach remotely.
Parents can help protect their children’s data by:
Reviewing terms and conditions as well as privacy policies that they and their children use.
Removing apps and unsubscribing from services that are unnecessary or unused (you will be amazed how many you no longer use!)
Reviewing privacy settings on all apps and services used.
Turning off those apps that access camera, audio and geolocation data seemingly without any relationship to the service offered.
Choosing not to use services that do not give the option to opt-out of data collection.
Seeking out ways to mitigate tracking such as Firefox browser privacy options, using browsers that do not track you such as Duck Duck Go, or privacy apps that block tracking technologies.
Although online agreements have typically been inaccessible due to the language and time needed to read these, some businesses are attempting to do better by making data policies more accessible, introducing default-on privacy settings and the ability to opt-out of commercial data surveillance. At the same time we need to lobby harder for online digital services to implement policies such as ‘default-on privacy’ settings, ultimately to give individuals, parents and children back some control over their personal information.