By: Sam Cortez
Updated: 05 May, 2026
As technology becomes increasingly prominent in the classroom and at home, adults and children alike find themselves frequently engaged in their devices. A 2021 report by Common Sense Media found that among children ages 8-12, 57% own a tablet and 43% own a smartphone.
Children are becoming more involved with technology at a younger age than ever. While there are many upsides to technology — such as connectedness, educational opportunities, and entertainment — it’s important to be aware of the risks as well. In today’s society, it's essential for educators to address the importance of protecting student privacy.
The Storage Networking Industry Association defines data privacy as an area of data protection that concerns the proper handling of sensitive data including personal data. Understanding and implementing data privacy practices can help protect individuals from the harmful consequences of data breaches and exploitation.
Websites and apps collect personally identifiable information from their users such as their name, location, birthday, occupation, address, payment methods, and more. Often, users are asked for this information when signing up for a new account, taking online quizzes, shopping online, playing games, and using apps.
It may seem harmless, but providing websites with personal information can leave individuals vulnerable for cyberattacks and identity theft. Additionally, the data collected can be used to exploit children through online advertising.
With even the best of intentions, parents and educators can put children’s information at risk. Many websites and applications intended for educational purposes collect sensitive data from underage users.
The Human Rights Watch, a worldwide advocacy group, performed an analysis on educational apps and websites regarding data collection and student privacy for 164 different educational apps and websites across 49 countries.
The results indicated that almost 90% of the educational apps and websites surveyed had features designed to collect information for the purpose of sharing it with advertising companies. This is an alarming statistic that emphasizes the risks children are exposed to when using technology.
While legislators and school officials are taking steps to protect student data privacy and security in education institutions, online privacy continues to be a struggle. According to the K12 Security Information Exchange’s 2022 Annual Report, there have been 1,331 publicly disclosed cyber incidents affecting U.S. school districts since 2016.
A reported 33% of these incidents were student data breaches. If these are the numbers for data breaches in education, just imagine how much greater the risk becomes when children use social media applications on their own personal devices.
Educators and parents will not always be able to fully prevent children’s personal information from being exposed, but they can encourage students to understand and respond appropriately to those risks.
However, before teachers begin building lessons, they should spend some time familiarizing themselves with the legal frameworks that govern student data: FERPA, COPPA, and CIPA. Reviewing these laws helps educators avoid unintentional missteps and provides context in which to ground classroom discussion.
Educators who teach digital privacy are already thinking about how students interact with the internet, but students aren't the only ones whose actions matter.
Teachers need to ensure legal compliance, and that starts by having a working understanding of student privacy laws can help with recognizing the boundaries of what should and shouldn’t be shared.
FERPA, which stands for the Family Educational Rights and Privacy Act, gives parents access to student records and grants the right to request corrections if the information is inaccurate or misleading. F
It also protects student data by limiting how school officials can use and share that data. Educators must have a legitimate reason to access children's education records, and sharing that information without written parental consent is only allowed under very specific exceptions.
In practice, this means educators need to be thoughtful about how they handle student data, especially when using digital platforms. For instance, emailing a student’s report card to the wrong parent, even by mistake, would be a clear violation of FERPA. On the other hand, using a secure school platform to review student medicals records, like 504s, is allowed because it directly supports the student’s education and falls within the educator’s professional responsibilities.
Students, especially younger children, require special privacy protections because they cannot fully weigh the risks and benefits of data collection.
COPPA is a federal law that protects the privacy of children under 13 by restricting how websites and online services collect their personally identifiable information. While it's aimed at tech companies, the impact on schools and districts is real, especially when teachers use apps or platforms that collect student data in the background.
Most educational tools ask schools to grant permission on behalf of parents, which is allowed under COPPA if the tool is being used solely for classroom purposes. But that doesn’t mean every app is compliant, and it doesn’t guarantee that it will protect student data. If a tool is tracking browsing behavior or serving targeted ads, it’s not just a student privacy concern. It could be a legal one.
COPPA has pushed many schools to provide more support and training for educators on student data collection. The more clearly teachers understand what personal information a platform collects and why, the more confidently they can evaluate whether a tool aligns with student privacy expectations in the classroom.
CIPA was passed to help school districts and libraries keep students safe online by requiring any institution receiving federal internet funding to use filters that block harmful content and to adopt policies around responsible internet use. While much of the technical setup falls to IT departments, enforcement largely falls to the classroom teachers.
Understanding CIPA gives teachers background knowledge to turn digital interactions into educational opportunities.
When a student encounters a blocked site, that moment can open up a conversation about why filters are in place. Yes, they block inappropriate content, but they also reduce exposure to passive demographic data collection like trackers, pop-ups, and embedded advertising that collect student information.
Teaching students how filters work can lead directly into discussions about behavioral targeting or why certain ads follow them from one site to the next. A blocked site becomes a prompt for students to think critically about how their sensitive data is being collected and by whom. Pairing these discussions with shared vocabulary and space for student research encourages awareness outside the classroom, where filters don’t exist.
While federal laws like FERPA, COPPA, and CIPA form the foundation for protecting student data, there are also state student privacy laws that go even further. These state laws often add legal requirements around how student information is collected, shared, and stored especially when third-party vendors are involved.
These protections typically apply not only to schools but to all educational institutions responsible for student data privacy—including school districts, charter networks, and in some cases, state education departments. Many of these rules were influenced by guidance from the Department of Education and advocacy by national organizations like the Data Quality Campaign focused on protecting student privacy.
From geometry to chemistry, academic concepts across the board require repeated, explicit teaching of vocabulary terms to support student mastery. This same concept applies when teaching students about key terms in student data privacy. Whether you start out with a lesson introducing all of these, or you give each concept its own activity, here are a few vocabulary terms that educators should introduce to students:
Cookies: Cookies are small files of information that are passed from a website to a personal computer. This is often done without the user’s knowledge or consent. Stored cookies are intended to remember information like logins and preferences for the future, but the saved data can leave personal information vulnerable for breaches.
Behavioral Targeting: Behavioral targeting is an advertising technique that uses data and information about a user to create ads relevant to their interests.
According to Common Sense Media, “Behavioral profiling is particularly problematic for kids because it happens at a unique time of development — when both their brains and identities are developing and forming.”
Retargeting: Retargeting is an advertising technique that uses stored data (cookies) to identify a product or service that a user has looked at in the past. For example, if an underage user put a toy in an online shopping cart but did intend to complete the purchase (and may have misunderstood the purpose altogether), that child could be retargeted for that item.
An ad for a specific product may appear months later, guiding the child’s opinion about their wants and needs.
Biometrics: Biometrics is the process of identifying physical and behavioral characteristics. This is the technology behind features like facial recognition, digital fingerprints, digital signatures, and voice recognition.
The collection of biometric data allows for a more complete and accurate database of identity, which is why it’s crucial for youth to be cautious about who they share biometric data with.
Machine Learning: Machine Learning is a branch of artificial intelligence that collects data to use for algorithms and decision making. The data collected over time contributes to the improvement of a machine or software’s decision-making process.
Digital Citizenship: Digital citizenship is the responsible use of technology to learn, create, and participate. Anyone who uses the internet is a digital citizen.
Digital Footprint: A digital footprint is the impact that your comprehensive online activity (anything that you’ve ever posted online) leaves on you. This is one of the most important concepts for students to understand, emphasizing that once something is put online it is very hard to remove.
A study conducted by Data Reportal reveals that Internet users between the ages of 16-64 spend an average of 6 hours and 37 minutes online each day. That’s over one third of the day spent scrolling, gaming, shopping, and browsing.
With so much time spent online, people are constantly being exposed to a plethora of information on varying topics. To prepare students to stay safe and informed while online, it’s important to teach them the difference between reliable information and misinformation.
A dangerous example of this phenomenon is the mental health content shared on TikTok. There is an influx of “mental health influencers” providing advice on the mobile app, but research has revealed that around 84% of mental health videos on TikTok are misleading.
Helping students understand how to differentiate quality information from misinformation can save them from potential harm when exposed to misinformation online. Educators should teach them to think critically about the source of information. Here are a few things to keep in mind:
Analyze the source’s credibility (i.e., is the content shared from Psychology Today or a Reddit thread?)
Consider the potential bias of the author
Always be cautious when content contains advertisements and affiliate links
Beware of clickbait titles
Additionally, the date and location of a source’s publication may impact its relevance to students. Teach these concepts and actively practice evaluating online information to ensure students are equipped with the skills to think critically for themselves.
Hands-on learning is the most effective and relevant way for students to master concepts. Data privacy lends itself perfectly to hands-on, research-driven projects. Assigning a digital research project allows students to learn about data privacy while also practicing data privacy.
Teachers can assign students a topic from the key terms listed in this article and instruct them to research and investigate that term. Students can put together a research paper or a digital presentation such as Google Slides or PowerPoint and present their findings to the class.
They could also do the same type of research project, focusing instead on the data privacy of a particular app. For example, a student may focus on investigating how Snapchat collects users’ data and what that data is used for.
Along the way, students will be judging the quality of online sources, practicing online safety, and building digital literacy skills. The presentations will also open classroom discussions that lead to meaningful conversations and memory retention.
Students learn best when they are engaged in content and find it relatable. Educators should take the complex concept of data privacy and find relevant, real-world ways to help students digest complicated terms. Here are a few examples of activities that students may find relevant.
Digital Footprint: Find a local news article about a person who lost their job, college acceptance, or scholarship due to something posted online. Review it in class to show a real-world example of a digital footprint’s impact.
Misinformation: Find or write an article that is blatantly false. This can even become a cross-curricular activity if you tie it into what students are currently learning about. Students will enjoy thinking critically as they move through the content and identify misinformation.
Behavioral Targeting & Retargeting: Ask students to keep a journal of online advertisements they encounter over the span of a week. Ask them to consider why they think they are seeing these ads and what type of advertising technique it may be. Students can share and discuss their answers in class.
Data privacy is extremely important and should not be an afterthought for educators. It is important to plan for explicit teaching time and well-thought lessons to educate students on data privacy.
Educators can create their own resources or use one of the many pre-made lessons available online. Here are a few high-quality websites that provide free resources for teaching data privacy.
With so much time spent online, everyone has to do their share in safeguarding student data privacy. Students should understand when and how their sensitive information is being used. Luckily, online resources and innovative teaching practices make it easy for educators to equip students with the knowledge and critical thinking skills required to stay safe online.
Try Monitor in your district for 30 days at no cost. You'll learn which online safety categories are most prominent and we'll alert you to at-risk students who need timely intervention.
Talk to an expert or book a demo. Our cyber safety experts are waiting to help.
Sign up for our newsletter to get all the latest product information.
Subscribe to our newsletter
We use cookies and similar technologies to make our website work, to understand how it is used, and, with your permission, to personalise content and show you relevant advertising on other platforms. Some of these technologies are provided by our partners. Essential cookies are always on, because the site cannot function without them. Everything else stays off until you choose to turn it on. You can accept all, reject all non-essential cookies, or set your own preferences, and you can change your choice at any time. For more detail, see our Cookie Policy and Privacy Notice.
In the US? You also have the right to opt out of the sale or sharing of your personal information and to limit the use of your sensitive personal information. Manage these under "Your US privacy choices".
While some cookies are necessary to make our website and services function properly, consent for all non-essential cookies has been automatically declined. You can change your preferences at any time. To find out more about the cookies we use, see our Cookie Policy and Privacy Notice.
Choose which cookies and technologies you are comfortable with. Essential cookies keep the site secure and working, so they are always on. You can switch the other categories on or off, then save your choices. You can return here at any time to change them. See our full list of cookies.
These cookies and technologies are needed for the site to work safely and reliably. They support core functions such as security, network management, bot and fraud protection, and remembering your privacy choices. The site cannot run without them, so they cannot be switched off.
Providers: Cloudflare, HubSpot
We use a set of cookies that are optional for the website to function. They are usually only set in response to information provided to the website to personalize and optimize your experience as well as remember your chat history.
Providers: HubSpot
These help us understand how visitors find and use our website, including which pages are viewed and how people navigate and interact with them, so we can improve it. Some of this involves recording how pages are used. We do not use this information to advertise to you.
Providers: Google, Hotjar, HubSpot, Microsoft.
These let us measure how our campaigns perform and show you relevant advertising on third-party platforms, such as search engines and social media. They involve sharing limited information with advertising partners, who may combine it with data they already hold. For US visitors, turning this category on allows the "sale" and "sharing" of personal information for cross-context behavioral advertising, as those terms are defined under US state privacy laws.
Providers: Google, HubSpot, LinkedIn, Microsoft, Reddit.
If you are a resident of a US state with a comprehensive privacy law (such as California, Colorado, Connecticut, Texas, Virginia and others), you have additional rights over how your personal information is used. You can exercise the choices below without affecting your access to our website.
When our advertising and marketing technologies are active, we may sell or share your personal information for cross-context behavioral advertising. To opt out, switch off the Advertising and Marketing category above, or use the toggle here.
Where we process sensitive personal information, such as precise geolocation, you can ask us to limit its use to what is necessary to provide our services and other purposes permitted by law.
We recognize browser-based opt-out preference signals. If your browser or device sends a Global Privacy Control signal, we will treat it as a valid request to opt out of the sale and sharing of your personal information for that browser or device.
We do not knowingly sell or share the personal information of consumers under 16, and we do not use it for targeted advertising, without the consent required by law. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
Changed your mind?
You can withdraw or update your consent at any time using the "Cookie settings" link in our website footer.