Why I started asking questions about edtech and privacy
I remember the first time my child's school announced a new online learning platform. The teachers were enthusiastic — more interactivity, easier homework submission, a single login for all subjects. As a journalist who watches how tech and policy intersect, my excitement was tempered by a simple question: what happens to my child's data?
Edtech can be brilliant when it's used thoughtfully. But it also collects a lot of personal information — names, birthdates, assessment scores, attendance, device identifiers, and sometimes location or behavioural data. When schools roll out platforms like Google Classroom, Microsoft Teams, ClassDojo or lesser-known apps, parents are usually expected to trust that data will be handled responsibly. I learned to ask sharper questions, and I think every parent should too.
Essential questions to ask the school
Start with the school. They choose the platforms and sign the contracts, so they should be able to answer the first set of questions clearly and confidently. If they can't, that's a red flag.
If the answers are fuzzy or the school points you to a long, unreadable privacy policy, ask them to summarise the key points in plain language. As a parent you’re entitled to clear, understandable information.
What to look for in an edtech provider’s privacy policy
When the school can’t give you enough detail, go to the source: the vendor’s privacy policy and terms of service. Here are the things I check first—use these as a checklist when you read or ask the school to show you the policy.
Practical questions about accounts and access
Some of the most immediate risks come from how accounts are set up and who can access them. Ask:
Schools should avoid giving broad admin rights to third-party providers or to unvetted staff accounts. Where possible, sensitive actions should require strong authentication and an audit trail.
Sensitive data and special considerations
Some data is more sensitive than others. If your child has a medical condition, special educational needs, or behavioural support plans, ask specifically how that information is safeguarded.
Red flags to watch out for
When I'm assessing platforms, a few recurring problems jump out immediately. If any of these apply, press for answers or raise the issue with the school governing body or the local authority.
How UK law protects pupils — and where it doesn’t
In the UK, pupil data is protected by the Data Protection Act 2018 and the UK GDPR. Schools are typically the data controllers and must ensure processors (edtech vendors) comply. The Information Commissioner's Office (ICO) provides guidance specifically about data protection and schools.
Key rights include the right to access personal data, the right to rectification, and in some cases the right to erasure. But the law doesn't remove the need for vigilance: lawful processing can still feel intrusive if a vendor uses data for commercial profiling or behavioural analysis. That’s why practical, specific questions matter.
Practical steps for parents
| Question to ask | Why it matters |
|---|---|
| Who controls my child’s data? | Identifies legal responsibility for how data is used. |
| What data is collected? | Keeps you aware of sensitive information stored about your child. |
| Who can access/export data? | Prevents unauthorised sharing or leaks. |
| How long is data kept? | Ensures data isn’t stored indefinitely. |
| Can I request deletion? | Gives parents control over their child’s digital footprint. |
Tech in schools can do a lot of good — but it should never come at the cost of a child’s privacy by default. By asking these questions and insisting on clear answers, you’re helping ensure edtech is used to support learning, not to build unnecessary data profiles. If you want, I can help draft an email template you can send to your school to get these answers — just say the word.
