In this section you will find a collection of our core privacy resources that include publications, training materials, FAQ guides, and documentation on our evaluation process that describes our evaluation questions, evaluation tiers, and overall scores.
- The 2018 State of Edtech Privacy Report represents the culmination of our research over the past three years and evaluation of hundreds of education technology-related applications and services. Our overall findings are illustrative of current trends in the edtech industry including widespread lack of transparency and inconsistent privacy and security practices. The key findings illustrate better, worse, and unclear privacy and security practices of 100 popular edtech applications and services that were evaluated in the following areas: encryption, effective policy dates, selling data, third-party marketing, traditional advertising, behavioral advertising, ad tracking, third-party tracking, profiling, and the onward transfer of data to third parties.
- The Information Security Primer details how to set-up a security testing environment for Web-based and mobile apps, and also covers basic testing scenarios, how to test responsibly, and how to disclose responsibly if and when testing uncovers issues. The information security primer can be used by anyone interested in evaluating privacy and basic information security. Vendors can use these tools to evaluate their privacy and security practices. Districts can use these tools as part of their strategy to build an internal review process. Parents, students, teachers, and privacy advocates can use these tools to ask questions about privacy and security practices and to evaluate tools on their own.
- The privacy evaluation process combines transparency and qualitative questions in a single streamlined framework. This requires organizing all the questions into categories and sections derived from the Fair Information Practice Principles (FIPPs) that underlie international privacy laws and regulations. In addition, the questions and the categories that organize them all are mapped to a range of statutory, regulatory, and technical resources that provide background information on why each question is relevant to the privacy evaluation process.
- The privacy evaluation question set builds off the rubric developed by the districts. Every question in the question set is mapped to federal privacy statute (FERPA, COPPA, and so on), FTC guidelines, PTAC resources, and/or data-handling best practices. Because each question is mapped to a specific rationale, the question set can be used both to evaluate privacy practice and as a training or advocacy tool to help inform people about the different elements that can be relevant when thinking about privacy terms. Additionally, vendors can use these questions to proactively review their own policies.
- Our evaluation process for edtech applications and services attempts to address some of the common barriers to effectively evaluating privacy practices. Privacy concerns and needs vary widely based on the type of application or service and the context in which it is used. For example, it makes sense for a student-assessment system to collect a home address or other personal information. However, it would not make sense for an online calculator to collect a student’s home address or other types of personal information. Therefore, our evaluation process pairs a transparency evaluation with a qualitative evaluation. This provides the ability to track the information a policy discloses as well as the strengths and weaknesses of how a policy discloses that information. Lastly, our evaluation process includes reviewer-written summary evaluations that highlight the implications of the application or service’s privacy practices alongside the goals and contexts within which the service may be used.
- In schools and districts, people make decisions about privacy based on their specific needs — and these needs can vary between districts and schools. The privacy evaluation process is designed to support and augment local expertise, not replace it. The evaluation process incorporates these specific needs and the decision-making processes of schools and districts into three tiers: (1) Not Recommended, (2) Use with Caution, and (3) Use Responsibly.
- As part of our updated evaluations, we are including a numerical roll-up score with our summary reports. The numerical roll-up score should only be used as part of a decision-making process that includes the rest of the evaluation. The number's best use is as an indicator of how much additional work a person will need to do to make an informed decision about a service. This use is directly related to the core work driving the evaluations: to help people make informed decisions about a service with less effort. The higher the number, the less effort required to make an informed and appropriate decision.
- The Common Sense Media Help Center provides a searchable knowledge base about the Privacy Initiative and can help answer some Frequently Asked Questions.
- Our evaluation process attempts to explain complex privacy and security practices of applications and services in simple to understand language. However, there are many privacy, security, technology, and legal related acronyms that are used to describe our evaluation process and are explained here in more detail.
- Learn more about the Privacy Evaluation Initiative.
- Learn more about how school districts can participate.
- Learn more about how parents, teachers, and students can participate.
- Learn more about how vendors can participate.