A number of education apps and websites endorsed by Australian governments and used throughout the pandemic have been surveilling and tracking children and sending their data to advertisers, according to a report by Human Rights Watch.
The New South Wales and Victorian governments have announced inquiries into the education technologies (EdTech) used in schools in the states in response to the report, released on Wednesday.
The NSW Privacy Commissioner has also confirmed they are making “further enquiries” into the issues raised in the report.
The Human Rights Watch report examined 164 EdTech products – apps and websites – and found that 146 (89 per cent) appeared to engage in data practices that put children’s rights at risk, contributed to undermining them, or actively infringed on these rights.
“These products monitored or had the capacity to monitor children, in most cases secretly and without the consent of children or their parents, in many cases harvesting data on who they are, where they are, what they do in the classroom, who their family and friends are, and what kind of device their families could afford for them to use,” the report said.
Most of these products also sent data, or granted access to this information, to third-party companies, typically advertising technology firms or Big Tech companies such as Google and Facebook.
Human Rights Watch looked at New South Wales and Victoria and the EdTech products used in those states, including Minecraft, Cisco Webex and Zoom.
It found that many of these apps used in Australian schools harvested a significant amount of data on children, including their precise location, and also tracked them online even after classes had finished and then shared this data with advertisers.
“An invisible swarm of tracking technologies surveil our kids throughout their day,” the report said.
“By endorsing and enabling the wide adoption of EdTech products, many governments offloaded the true costs of providing online education onto children, who were forced to pay for their learning with their privacy.”
These practices are a “deep breach of young people’s privacy”, Reset Australia executive director Chris Cooper said, and governments need to act to protect children from online surveillance.
“This is dystopian. While students were at their most vulnerable, and states were scrambling to work out how best to provide high quality education to young people in lockdown, private companies used this as a chance to track students, build commercial profiles about them and hone their invasive advertising practices. It’s the commercialisation of our education system by stealth,” Mr Cooper said.
In Victoria, EdTech products including Minecraft: Education Edition, Cisco Webex and Education Perfect: Science were endorsed by the state government.
According to the Human Rights Watch report, the Minecraft education app has access to the Wi-Fi media access control address, a “persistent identifier”, potentially engaged in “ID bridging”, tracked the precise location data of users and included software development kits.
According to the report, Cisco Webex is collecting IMEI numbers, potentially engaged in ID bridging, tracking the precise location of users, collecting information about wireless networks a phone was connected to, and tracking who a child knows through their contacts.
Education Perfect: Science was also found to include Facebook Pixel, which allows users’ data to be sent to Facebook, and engaged in key logging, a “particularly invasive procedure that surreptitiously captures personal information that people enter on forms, like names, phone numbers and passwords, before they hit submit”, according to the report.
In response to the report, the Victorian government said these products had been through a “rigorous privacy impact assessment”, and that the companies had assured the government about their conduct. It has pledged to have these assessments reviewed independently.
The Office of the Victorian Information Commissioner was not consulted about the specific EdTech apps in use in Victorian schools, but did produce a report in August 2020 on the use of EdTech in the state’s primary schools.
This report found that schools are at risk of breaching the Information Privacy Principles when using these apps that handle the personal information of children.
In NSW, EdTech products including Microsoft Teams and Zoom are used by school children throughout the state.
The report found that Microsoft Teams is tracking the precise location data of users, information about wireless networks a phone is connected to, tracking a user’s contacts and embedding software development kits.
Zoom is also tracking precise location data and wireless network information, according to the report.
The NSW government conducted assessments of two of its three EdTech products in June 2020 and October 2021, the Human Rights Watch report found, but these relied on a self-reported questionnaire completed by the companies and reviewed independently.
The state government has also said that it is investigating the claims in the new report.
The new Labor government needs to act on the report and move to legislate better privacy protections for children online, Mr Cooper said.
“This research provides significant evidence that regulation is needed, and that an opportunity exists for the new government to develop legislation that ensures all digital services young people use are included within their scope,” he said.
“No-one is going to read this report and think it’s acceptable that so-called ‘education products’ passed kid’s data on to Google’s Ad Manager, or embedded Facebook tracking pixels. Australian teenagers and parents have consistently told us they want more protection from exploitation online. This is a great opportunity for the new government to step up for our kids.”
The previous Coalition government’s Enhancing Online Safety bill, which it failed to pass through Parliament before the election, specifically excluded education products from these increased protections.
Do you know more? Contact James Riley via Email.