Just before Halloween, a new tradition is gaining traction in the education technology field. It’s the Scary Apps List, compiled every October by the nonprofit EdTech Leaders Alliance (ETLA) to warn educators and district technology leaders about unprotected education apps. Student data.
Previously part of the nonprofit organization Learn21, ETLA was formed this summer as an independent organization and is part of the Ohio Chapter of the Consortium for School Networking (CoSN), the International Society for Educational Technology (ISTE), and the Association of State Educational Technology Directors. (SETDA) and the Student Data Privacy Consortium. But ETLA Executive Director Stacey Hawthorne, a former Ohio State teacher and instructional technology director who is also Learn21’s chief academic officer and CoSN’s incoming chair, said the group is committed to supporting educators across the country. He said that he is doing so.
Hawthorne said Learn21 started compiling the Scary Apps list last year, but she researches and creates the list herself. One of the main reasons why a tool ends up on the list is if the vendor refuses to sign a data privacy agreement. Other privacy issues that give rise to Scary Apps include sharing personally identifiable information, allowing targeted advertising, and excluding children in product terms and conditions as a potential liability loophole.
“It’s literally being marketed to school-age kids, but the terms and conditions say you have to be over 18 to use it, so that’s another big problem,” Hawthorne said. “I think this is just them saying, ‘If something happens on our platform, it’s not our fault because they didn’t meet the terms of service.'”
The list also names companies that use student data to build or improve products, which Hawthorne said passed the Senate in July and is awaiting approval by the House. This is one of the issues built into the Kids Online Safety and Privacy Act (KOSPA).
“You can’t take advantage of students like that,” Hawthorne said. “It’s not technically illegal at this point, but if they’re doing other things and using the data to train models, I’ll point them out on Scary Apps.”
raise awareness
New scary apps will be posted on ETLA’s website and social media pages every day throughout October, with details on why their respective privacy policies are not compatible with K-12 schools. For example, the list accuses Grammarly of deciding not to sign a data privacy agreement for its free version and Chess.com of sharing user data with third parties for targeted advertising. I’m doing it. The entries were written and designed with a Halloween theme, and Mr Hawthorne said the fun spin helped raise students’ awareness of the importance of data privacy.
“It was catchy and a lot of fun,” she said. “We ended up getting a lot of traction. We knew it was important to people.”
One school’s technology director, who is also a computer science teacher, told Hawthorne that he was currently using the concept of “scary apps” with his students, looked up the privacy policies of five of his favorite smartphone apps, and told Hawthorne that he was currently using the concept of “scary apps” with his students, and that he had researched the privacy policies of five of his favorite smartphone apps and told them about Halloween. He said he is asking them to give presentations on the theme. own.
Hawthorne said school districts across the country have asked her to present last year’s “Scary Apps” slides at staff meetings, and she plans to make the 2024 list available as a free resource starting in October.
As for whether ed-tech companies will contact or make changes based on these concerns, Hawthorne said he has not received any communication this year and has not changed the default settings that allow students to communicate with people outside of school. He said Canva was the only site he fixed last year. .
“There was a young woman who ended up communicating with someone outside of the school’s jurisdiction and was forced to send images to the point where police had to intervene,” Mr Hawthorne said. “So they changed the default setting to off. You can’t communicate outside the district.”
New law brings more terrifying apps to the surface
Anyone who wants to submit an edtech tool for Scary Apps can use the link in the first tile of the list. Hawthorne said he tracked down about 80% of the apps on last year’s list, with others coming from submissions and then double-checking them.
This year, Ohio’s new student data privacy law went into effect Oct. 24 and requires public schools to ensure that their contracts with education technology providers include certain protective terms for student data privacy. She said making the list has become easier. Hawthorne said ETLA has mediated contract negotiations for about 2,500 apps in the past eight weeks.
The organization is an intermediary between member districts in Ohio and attorneys from the Education Cooperative Student Data Privacy Alliance, of which ETLA is a member, and negotiates education technology vendor agreements in accordance with recent legislation. Hawthorne said he is aware of edtech companies rejecting the new terms because emails between lawyers and vendors have been copied.
“Honestly, I probably spent about 45 minutes per post last year, whether it was scouring the privacy policy or figuring out the app,” Hawthorne said. “In fact, my first 20 emails this year were created from emails I had saved over the past two months.”
A signed agreement is the key
For school districts that don’t have such services at their disposal, Hawthorne recommends starting with the Student Data Privacy Consortium. The Student Data Privacy Consortium is a nonprofit organization that created the National Data Privacy Contract template for contracts between education technology vendors and schools across the United States. The company hosts more than 130,000 signed data privacy agreements, according to a news release from the Consortium’s Free Resource Registry earlier this year.
Most people who take the time to read an app’s privacy policy should be able to understand whether the app provides sufficient data protection for students, but Hawthorne says long-term use requires a signed data privacy agreement. said that it is essential.
“You read the policy and you think, ‘Oh, this privacy policy is fine, it’s fine,’ but you don’t know that it’s not going to change the next week when you tell people to use the privacy policy.” she said. “If you have signed a data privacy agreement, we cannot change the agreement without your knowledge.”
