A roughly equivalent percentage of applications and services have either non- transparent, better, or worse practices about Behavioral Advertising.
Among the applications and services we evaluated for our 2018 State of EdTech Privacy Report, approximately 32% disclosed a qualitatively better response that collected information is never used for any third-party behavioral advertising. In addition, approximately 5% disclosed not expected responses. From our previous analysis of personal information used for Third-party Marketing, we observed approximately the same 32% of applications or services disclosing that no collected information is used from children or students for advertising or marketing purposes. However, it appears that because the use of collected information for behavioral advertising poses a greater compliance risk from the perspective of vendors, we see a corresponding 11% decrease to only 29% disclosing qualitatively worse practices, as compared to Third-party Marketing. In addition, we observed a similar increase of vendors remaining non-transparent on the issue, as compared to Third-party Marketing. Accordingly, this shift to non-transparency from qualitatively worse disclosures on such an important compliance related issue for children and students, likely illustrates many applications and services chose not to disclose substantive details about any behavioral advertising practices in order to avoid explicit disclosure of potential violations of Federal or State law.[1,2] It is also likely that among the applications and services that are non-transparent on this issue, many provide contextual advertising, but do not feel comfortable explaining the compliance related distinction between their use of contextual advertising, but not behavioral advertising in context.
Similarly with Third-party Marketing, among the 29% of applications and services with qualitatively worse practices, many use language to restrict their use to only parent or teacher information for behavioral advertising purposes, in order to avoid compliance issues with children or students. However, vendor compliance with this distinction is difficult, given that parents and teachers are not the primary users of these applications and services, but rather are intended for children and students who are generating the majority of behavioral data. From our evaluation process we observed many applications and services that provide secondary “Parent” or “Teacher” accounts or related applications or services to monitor their child or student’s progress through the primary data collection product. Parents and teachers should exercise caution, because these accounts or services could potentially be used as a means to collect behavioral related information from the parents and teacher themselves. This type of behavioral information could legally be used for advertising purposes, and even directed back to the parents and teachers for educational related products that could potentially be used directly, or indirectly, by their children or students.
Figure 1: This chart illustrates the percentage of question responses for Behavioral Advertising. Qualitatively better question responses indicate the application or service does not display any behavioral advertisements to children and students. Qualitatively worse question responses indicate the application or service does display behavioral advertisements to children and students. Non-Transparent responses indicate the terms are unclear about whether or not the application or service displays behavioral advertisements to children and students.
For more information about our key findings download the full 2018 State of EdTech Privacy Report.
 Children’s Online Privacy Protection Act (COPPA), 16 C.F.R. Part 312.2 (an operator is prohibited from including behavioral advertisements or amassing a profile of a child under the age of 13 child without parental consent).
 Student Online Personal Information Protection Act (SOPIPA), Cal. B.&P. Code §22584(b)(1)(A) (an operator is prohibited from using student data for targeted, behavioral, or contextual advertising).
 Children’s Online Privacy Protection Act (COPPA), 16 C.F.R. Part 312.2 (an operator may display contextual advertisements to a child under the age of 13 without verifiable parental consent, under the ’internal operations’ exception).