The Information Commissioner’s Office (ICO) has warned of a number of shortfalls in the data protection policies of edtech tools in UK schools. The UK data regulator recently published its Edtech examined report, outlining how it has worked with edtech providers to review and improve data protection practices within the
Oscar Hornstein
The Information Commissioner’s Office (ICO) has warned of a number of shortfalls in the data protection policies of edtech tools in UK schools.
The UK data regulator recently published its Edtech examined report, outlining how it has worked with edtech providers to review and improve data protection practices within the sector.
Though the ICO noted there were positive practices around information security, its audits of 28 edtech providers whose products are used widely across schools in the UK found a number of compliance gap.
Common issues identified include providers not correctly identifying whether they were acting as data processors or controllers, particularly where children’s data was used for product development or analytics.
It also found “insufficiently detailed contracts with schools, incomplete data flow mapping, weak application of data minimisation and storage limitation principles, outdated or inaccessible privacy information, and gaps in Data Protection Impact Assessments”.
The ICO said that through its audits it has driven improvements across the sector with the vast majority of its recommendations being put into place by providers.
“Because children may not be able to choose or opt out of many digital tools their schools adopt, it is essential that parents, caregivers and pupils can trust that this technology meets the highest standards of data protection,” said a spokesperson from the ICO.
“Moving forward, the ICO is engaging with the Department for Education and devolved authorities on their work with schools to help improve how children’s personal information is handled in educational settings.”
