Governments of 49 of the world’s most populous countries harmed children’s rights by endorsing online learning products during Covid-19 school closures without adequately protecting children’s privacy, Human Rights Watch (HRW) said in a report. The report was released simultaneously with publications by media organisations around the world that had early access to the Human Rights Watch findings and engaged in an independent collaborative investigation.
“‘How Dare They Peep into My Private Life?’: Children’s Rights Violations by Governments that Endorsed Online Learning during the Covid-19 Pandemic,” is grounded in technical and policy analysis conducted by Human Rights Watch on 164 education technology (EdTech) products endorsed by 49 countries. It includes an examination of 290 companies found to have collected, processed, or received children’s data since March 2021, and calls on Governments to adopt modern child data protection laws to protect children online.
“Children should be safe in school, whether that’s in person or online,” said Hye Jung Han, children’s rights and technology researcher and advocate at Human Rights Watch. “By failing to ensure that their recommended online learning products protected children and their data, Governments flung open the door for companies to survey children online, outside school hours, and deep into their private lives.”
Of the 164 EdTech products reviewed, 146 (89 per cent) appeared to engage in data practices that risked or infringed on children’s rights. These products monitored or had the capacity to monitor children, in most cases secretly and without the consent of children or their parents, in many cases harvesting personal data such as who they are, where they are, what they do in the classroom, who their family and friends are, and what kind of device their families could afford for them to use.
Most online learning platforms examined installed tracking technologies that trailed children outside of their virtual classrooms and across the internet, over time. Some invisibly tagged and fingerprinted children in ways that were impossible to avoid or erase – even if children, their parents, and teachers had been aware and had the desire to do so – without destroying the device.
Most online learning platforms sent or granted access to children’s data to advertising technology (AdTech) companies. In doing so, some EdTech products targeted children with behavioural advertising. By using children’s data – extracted from educational settings – to target them with personalised content and advertisements that follow them across the internet, these companies not only distorted children’s online experiences, but also risked influencing their opinions and beliefs at a time in their lives when they are at high risk of manipulative interference. Many more EdTech products sent children’s data to AdTech companies that specialize in behavioural advertising or whose algorithms determine what children see online.
Actual cost of learning
With the exception of Morocco, all Governments reviewed in this report endorsed at least one EdTech product that risked or undermined children’s rights. Most EdTech products were offered to Governments at no direct financial cost. By endorsing and enabling the wide adoption of EdTech products, Governments offloaded the true costs of providing online education onto children, who were unknowingly forced to pay for their learning with their rights to privacy and access to information, and potentially their freedom of thought.
Few Governments checked whether the EdTech they rapidly endorsed or procured for schools were safe for children to use. As a result, children whose families could afford to access the internet, or who made hard sacrifices to do so, were exposed to the privacy practices of the EdTech products they were told or required to use during Covid-19 school closures.
Many Governments put at risk or violated children’s rights directly. Of the 42 Governments that provided online education to children by building and offering their own EdTech products for use during the pandemic, 39 Governments made products that handled children’s personal data in ways that risked or infringed on their rights. Some Governments made it compulsory for students and teachers to use their EdTech product, subjecting them to the risks of misuse or exploitation of their data, and making it impossible for children to protect themselves by opting for alternatives to access their education.
Kept in the dark
Children, parents, and teachers were largely kept in the dark about these data surveillance practices. Human Rights Watch found that the data surveillance took place in virtual classrooms and educational settings where children could not reasonably object to such surveillance. Most EdTech companies did not allow students to decline to be tracked; most of this monitoring happened secretly, without the child’s knowledge or consent. In most instances, it was impossible for children to opt out of such surveillance and data collection without opting out of compulsory education and giving up on formal learning during the pandemic.
Human Rights Watch conducted its technical analysis of the products between March and August 2021, and subsequently verified its findings as detailed in the report. Each analysis essentially took a snapshot of the prevalence and frequency of tracking technologies embedded in each product on a given date in that window. That prevalence and frequency may fluctuate over time based on multiple factors, meaning that an analysis conducted on later dates might observe variations in the behaviour of the products.
It is not possible for Human Rights Watch to reach definitive conclusions as to the companies’ motivations in engaging in these actions, beyond reporting on what it observed in the data and the companies’ and Governments’ own statements. Human Rights Watch shared its findings with the 95 EdTech companies, 196 AdTech companies, and 49 Governments covered in this report, giving them the opportunity to respond and provide comments and clarifications. In all, 48 EdTech companies, 78 AdTech companies, and 10 Governments responded as of 24 May. Several EdTech companies denied collecting children’s data. Some companies denied that their products were intended for children’s use. AdTech companies denied knowledge that the data was being sent to them, indicating that in any case it was their clients’ responsibility not to send them children’s data. These and other comments are reflected and addressed in the report, as relevant. As more children spend increasing amounts of their childhood online, their reliance on the connected world and digital services that enable their education will likely continue long after the end of the pandemic. Governments should pass and enforce modern child data protection laws that provide safeguards around the collection, processing, and use of children’s data. Companies should immediately stop collecting, processing, and sharing children’s data in ways that risk or infringe on their rights.
Human Rights Watch has launched a global campaign, #StudentsNotProducts, which brings together parents, teachers, children, and allies to support this call and demand protections for children online.
“Children shouldn’t be compelled to give up their privacy and other rights in order to learn,” Han said. “Governments should urgently adopt and enforce modern child data protection laws to stop the surveillance of children by actors who don’t have children’s best interests at heart.”