Last week (Aug. 31), the Digital Futures Commission published the results of a study into the use of some popular digital learning tools in education.
The report found that “both Google Classroom and ClassDojo operate according to opaque privacy policies and legal terms that are inconsistent with data protection laws and that could result in the commercial exploitation of children’s education data.”
The research comes as European governments seek to limit the use of Big Tech in educational settings, with some regions in Denmark and Germany having already banned the use of Google products in schools.
In light of ongoing debates surrounding technology and students’ data, the French data protection authority (CNIL) has been working closely with a number of EdTech projects. Following a successful round that saw innovators in the field of digital health supported by a regulatory sandbox, CNIL is currently in the middle of a similar initiative for EdTech.
Related: French Privacy Regulator Rules Against Use of Google Analytics
As France heads back to school this fall, the digitally-connected nature of the modern learning environment means that the legal and regulatory issues surrounding the use of EdTech are more complex than ever.
Connecting Online and Physical Learning
As in many countries, pandemic-enforced lockdowns accelerated the digitization of education in France.
On the one hand, the way people use online portals and learning management systems (LMS) has changed to reflect a digital-first approach to education. On the other, new tools for remote learning have been normalized and a hybrid approach to the classroom is increasingly possible and popular.
Many projects selected to receive CNIL support exist to help bridge physical and online learning. For example, the skills development platform Daylindo helps companies build and process the educational frameworks implemented through practical training.
Daylindo has been designed to better integrate digital processes into in-person training, ensuring that interfacing with the digital systems necessary for skills tracking and assessment doesn’t inhibit the flow of learning. A mobile app ensures that even when in the field, digital assessment and monitoring can be seamlessly incorporated into skills development.
While Daylindo connects learners, tutors and business managers, in school-age education, another CNIL-supported company is helping bring parents into the fold with a range of digital tools. The Klassly app, built by French EdTech Klassroom, allows students’ families to become more involved in their child’s school life.
Teachers can use the platform to share content with students’ families. Photos, events, updates and messages can easily be broadcast to all parents and carers at once, but the app also offers a structured channel for one-to-one communications and an appointment scheduling feature for arranging in-person meetings.
Securing Learners’ Privacy
Of course, CNIL’s primary interest in EdTech is in ensuring that the field unfolds in a way that is compliant with European Union privacy law. As such, it is also supporting innovation in the field of data management that has applications far beyond education.
For example, sandbox participant Astrachain offers a cloud solution for sensitive data that recognizes institutions’ growing reliance on cloud service providers and externally-managed servers.
The company’s flagship product, SPLiT, divides data into small, encrypted chunks before distributing it over multiple omnicloud servers. By using blockchain-based cryptography and reducing organizations’ dependence on a single cloud host, the approach guarantees the strongest data protection, ensuring that even cloud providers can’t read sensitive data.
Still a young startup, Astrachain has stated its intention to provide its solution to the health and education sectors, and will benefit from CNIL’s advice with regard to ensuring compliance with data protection legislation, primarily the EU-wide General Data Protection Regulation (GDPR).
CNIL’s involvement will likely help to establish Astrachain solutions as compliant with GDPR — solutions that are badly needed in light of the current incommensurability between GDPR and the U.S. CLOUD Act.
Since 2018, the CLOUD Act has authorized American law enforcement agencies to seize data in Europe if it’s hosted on American services such as AWS, Microsoft Azure and Google Cloud. For EU organizations that use such cloud providers, this poses a challenge, as U.S. law enforcement requests aren’t necessarily in line with GDPR requirements.
Considering the growth of digital-first education, including hybrid and remote learning environments, issues around data protection are of increasing concern to educational institutions.
As the CNIL sandbox recognizes, for educators to make the most of digital technology, they will also need tools that ensure strong data protection and create a safe learning environment for all.
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.