for Educators

Best Privacy Practices for Using Apps in the Classroom

What if I want to use an education app or tool and I don’t know if my school/district has vetted it?

Be familiar with your school’s policy or process for selecting new educational tools, if one exists.If an app or service you want to use is not on the “approved” list, ask for it to be vetted and ask how long the vetting process takes. If the process is lengthy, you will want to redesign your lesson or project plan. Once the app is approved, you can certainly use it later. The list may also contain similar alternative apps you can use in the meantime.

If no such vetting process exists in your school, the checklist at the bottom of this section can help you quickly evaluate whether your students’ information will be protected.

You can also look to sources like Common Sense Media or iKeepSafe to see if they have “rated” or “badged” an ed tech product for privacy. You can also check the database of the Student Data Privacy Consortium to see which apps are being used by other districts. Note that none of these sites replace getting the app you want to use vetted by your school, they are just signals of which apps are more privacy friendly – make sure you check with them!

Some tools have already been vetted

If your school or district has an approved list of ed tech products, services, websites, or apps, check that the service you use is included and ensure you are aware of any requirements or privacy options.When schools and districts decide to adopt certain technology tools, they should evaluate those tools to ensure they meet data privacy requirements. Some examples include:

  • Workflow and collaboration tools where students and teachers draft work together, give feedback, and communicate throughout the learning process.
  • Learning Management Systems (LMS) where teachers post instructions, assignments, and links to resources for students and parents to access.
  • Online gradebooks where teachers post grades and students and parents can access them using a username and password.
  • Communication tools for emails or newsletters.
What about companies that provide online tools to schools?
Schools are allowed to rely on technology companies to provide products and services, but have the responsibility to ensure that those vendors have appropriate protections in place for student data. The school must ensure that it retains direct control over the information the company collects, uses, and maintains. Schools are responsible for seeing that companies working with the school directly only use student information for authorized educational purposes. These companies have access to this data under the “school official” exception, for the limited purpose of using student information for educational purposes only.
What should I do if a student suggests an unvetted education app to use for a project?

As a teacher, you cannot officially endorse use of an outside product, but you can explain to the student the considerations they should take into account, including recommending the student let their parents know too.It’s quite common for students to find education apps on their own to use for projects, and educators should encourage students to be creative and take their suggestions seriously. This is a teachable moment—a great opportunity to talk with the student about data privacy and review that digital citizenship curriculum.

Here are some examples of questions you could use to start the conversation with your student:

  1. Did you have to make an account in order to start using that app? If so, did you have to provide personal information (email, name, age, etc.)?
  2. Does the app require parental permission? Who has access to your email and other information now that you’ve created that account?
  3. Does the app developer share your information with others? (It’s in their privacy policy.)
  4. Does the app collect additional information such as location or contacts?

In all likelihood, your student will not know the answers to some of these questions. That is OK, but it is important to explain to them that all of this information belongs to them. They should think about protecting it, and should be encouraged to discuss their choices at home with their parents as well.

Again, you can also suggest to them that they see if that tool is rated or badged on Common Sense MediaiKeepSafe, or in the database of the Student Data Privacy Consortium.

What if my students and/or I want to use or recommend a technology tool that was not specifically designed for education?

If you, the teacher, want to recommend an app that was not specifically designed for education, checking with your administration, complying with applicable school policies, and using the checklist in this guide just as you would for an education-specific app is still a best practice.It’s a common issue because there are many “consumer apps,” not designed for education that students may wish to use for learning or to help them with their homework and projects. These may include research tools, note taking apps, collaboration tools or apps that allow users to make videos, record audio or create other media such as cartoons, images, and so on.

However, commercial products not designed and marketed for schools may not have the privacy policies and practices in place to ensure the protection of user data to the standards of laws that protect student information. Therefore, if not prohibited by school policy, these products should be carefully evaluated to see if their use will put student data at undesirable risk.

If a student approaches you and asks to use an app for your assignment that you’re not familiar with, it is a good idea to use the opportunity to talk to your student using the suggested questions above.

Again, harness that teachable moment.

Some questions to help you quickly evaluate whether an app, website, product, or service will protect your students’ information.
  1. Does the product collect Personally Identifiable Information? FERPA, the federal privacy law applies to “education records” only, but many state laws cover ALL student personal information.
  2. Does the vendor commit not to further share student information other than as needed to provide the educational product or service? (Such as third party cloud storage, or a subcontractor the vendor works with under contract.) The vendor should clearly promise never to sell data.
  3. Does the vendor create a profile of students, other than for the educational purposes specified? Vendors are not allowed to create a student profile for any reason outside of the authorized educational purpose.
  4. When you cancel the account or delete the app, will the vendor delete all the student data that has been provided or created?
  5. Does the product show advertisements to student users? Ads are allowed, but many states ban ads targeted based on data about students or behavioral ads that are based on tracking a student across the web. TIP: Look for a triangle i symbol ( ) which is an industry label indicating that a site allows behaviorally targeted advertising. These are never acceptable for school use. This would be particularly important when evaluating non-education-specific sites or services.
  6. Does the vendor allow parents to access data it holds about students or enable schools to access data so the school can provide the data to parents in compliance with FERPA?
  7. Does the vendor promise that it provides appropriate security for the data it collects? TIP: A particularly secure product will specify that it uses encryption when it stores or transmits student information. Encrypting the data adds a critical layer of protection for student information and indicates a higher level of security.
  8. Does the vendor claim that it can change its privacy policy without notice at any time? This is a red flag—current FTC rules require that companies provide notice to users when their privacy policies change in a significant or “material” way, and get new consent for collection and use of their data.
  9. Does the vendor say that if the company is sold, all bets are off? The policy should state that any sale or merger will require the new company to adhere to the same protections.
  10. Do reviews or articles about the product or vendor raise any red flags that cause you concern?