EdLawConnect Blog

The study illuminates the nearly universal presence of third-party ad trackers and online surveillance software embedded in educational agency websites. According to the study, approximately 90% of state departments of education and all but one of the 159 large school districts analyzed employed Google Analytics services to gather website user data for targeted advertising. School district websites surveyed also deployed tools from approximately 40 other ad tracking services, including Facebook and Twitter.

Another concern highlighted by the study is a lack of clear and appropriate website privacy policies. Only 19% of the school districts studied had privacy policies published on their websites. And even when policies were published, most were incomplete or misleading. For example, the privacy policy on one school district website asserted that the website would not place “cookies” on users’ devices. But the same school district website used tools from Google Analytics and other ad tracking services that do, in fact, deploy cookies.

The study also points out a widespread failure to adopt the “https” secure browsing protocols on school district websites. Such protocols help protect website users from viruses, third-party snooping, and hijacking. Fewer than half of the school district websites analyzed in the study consistently supported secure browsing.

Nothing in the study indicates any of the agencies were intentionally misleading website users about these privacy and security issues. Instead, the study’s author suggested that — given limited budgets, staff, and resources — school district IT departments and policy makers might simply be unaware of or unable to address the privacy and security issues “under the hood” of their websites.

If you need assistance navigating the complicated intersection of education and technology, our experienced attorneys are eager to help.