February 13, 2024

Privacy Recommendations
for EdTech Stakeholders

Icon showing a school building with the label Schools/LEAs

6 Free Things To Do Right Now

  1.  DO only use technologies that have been COPPA Safe Harbor Certified.
  1. DO practice technology minimization; limit how much technology you’re using.
    • DO be intentional. Be convinced that the benefits exceed the privacy risks. More isn’t better.
    • DON’T exceed 20 technologies, especially in elementary schools. A good rule of thumb is to use no more technology than the school can reasonably manage monitor on an ongoing basis.
  1. DO examine website risks using EFF’s Privacy Badger, or The Markup’s Blacklight tools:
  1. DO use ISL’s  https://appmicroscope.org to familiarize yourself with the privacy risks in EdTech apps.
    •  If you have a school utility app, ask the vendor to review their App Microscope Safety Label and clarify advertising related data sharing (e.g. https://appmicroscope.org/app/1597/).
  1. DO remember that LEAs have no actual control over the behavior of off the shelf technologies. Use caution before recommending them for student use.
    • DO also remember that Schools that even for licensed technologies, the vendor makes unilateral decisions regarding software behavior, and always has access to all the data.
  1. DO review ISL’s EdTech benchmark data by state: https://public.tableau.com/app/profile/internetsafetylabs/viz/K-12EdTechBenchmark2022/StateSummary

6 Things To Introduce Next School Year

  1. DO remove all ads from your school and district websites.
  2. DO remove advertising trackers on school websites. It’s not enough to remove ads on the website, due to the presence of third-party trackers and scripts running on websites. 
    • Minimize 3rd party resources on school websites. 
  1. DO develop a systemic technology vetting process.
  2. DO create a technology notice for students and parents listing each technology that is required or recommended, and if the school has consented to data sharing [under COPPA] for the student.
  3. DO, at a minimum, allow parents and students to consent to technologies that collect information protected under PPRA.
  4. DON’T overuse the LEA’s ability to consent on behalf of the student.

3 Things To Do with 
Appropriate Funding

  1. DO designate a Software Product Manager who is responsible for developing and deploying a systemic technology vetting process.
  2. DO perform annual software privacy audits.
  3. DO have Data Privacy Agreements for all technologies the school is requiring students to use.

For Over Achievers

  1. DO measure efficacy of your current technology vetting using the tools listed above.
  2. DO contact ISL for assistance in auditing privacy risks in technology and establishing tech vetting practices. 
Icon of a scroll with a government building and checklist representing Policy Makers

Policy Makers

  1. DO fund at least one full-time software procurement specialist, accountable for tech oversight and vendor management. 
    • Treat software procurement as distinct from hardware. The skillsets differ vastly.   
  1. DO pass federal regulation to monitor and rigorously control data brokers and disallow collection of children’s data. 
Icon of a person's head and coding brackets representing EdTech Developers

EdTech Developers

  1. DON’T include advertising in EdTech. Until advertising can be done in a way that doesn’t ultimately uniquely identify users and harvest user information, best to not include it on EdTech.
  2. DON’T include cross-site, persistent identifiers in EdTech.
  3. DO configure your analytics platform to preserve student data privacy.
  4. DO only include third party SDKs that are strictly necessary for the expected functions.
  5. DO manage all third-party data processors and ensure student data privacy policies are in place throughout the supply chain, and regularly monitored.
  6. DO know your audience:  child-directed/mixed-audience/general audience.
  7. DO employ data purging practices/and make sure your supply chain does as well.
Icon of father, mother and child representing parents


  1. DO use ISL’s App Microscope (https://appmicroscope.org) to review the technology your children are using and to raise awareness with teachers and other parents.
  2. DO talk to your children about the safety and privacy risks of using technology.
  3. DO explain to them the risks of lying about their age in order to use a particular service.
DO contact ISL for any questions: