Senators Go After Ed Tech on Student Data Usage

Some of the biggest names in ed tech received word this week from a team of Democratic senators to hand over details on their data collection practices. The request from U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA) and Richard Blumenthal (D-CT) expressed concern that the amount of data and how it was being managed could "put students, parents and educational institutions at risk" of having their personal information "stolen, collected or sold without their permission or knowledge."

The letter was sent to 55 education technology organizations, including nonprofits, and data broker companies that compile and sell student lists. Among those who received the letter were Google and Facebook, along with major assessment companies (ACT, CollegeBoard and Kaplan among them), learning management system firms (including Blackboard, D2L, Instructure, Moodle and Sakai), curriculum publishers and distributors (Barnes & Noble Education, Cengage, Macmillan, McGraw-Hill, Pearson, VitalSource and Wiley) and more specialized operators (Civitas Learning, Curriculum Associates, Edmodo, Quizlet, Smart Sparrow and Turnitin).

The letter requested a list of responses, among them:

  • A list of the software and other offerings produced since the founding of the respective organization;
  • The count of schools and students (with their age ranges) that have used the products;
  • The type of data collected, how long it's retained, what opt-out or revision options are available and how the data is monetized;
  • What would happen to the data were the company merged, acquired, closed or dissolved;
  • Other sources of student data the company uses and where it comes from;
  • How students are categorized by their data and what those "labels" or "categories" are;
  • How students actively approve of the terms of service or licensing for use of the product;
  • Whether a breach or some other kind of unauthorized access has occurred involving the data; and
  • How the company is complying with privacy regulations contained in FERPA and COPPA.

The letters arrived on the tail of a major hack of Slate, an open source admissions and advancement platform, and a 2018 public service announcement from the Federal Bureau of Investigation warning that malicious use of data collected by ed tech could result in "social engineering, bullying, tracking, identity theft, or other means for targeting children."

The letter to data brokers specifically referenced research by Fordham University on how data brokers were making compilations of "sensitive" student data available for sale based on GPA, ethnicity, religion and affluence, among other highly targeted categories.

"From academic performance data and web histories, to location data and other personally identifiable information such as date of birth or address, it is imperative that we take steps to ensure students' data is being secured and protected. Parents, students, and educational institutions deserve to have more control over their data," the letter stated.

Links to full text of the letters (one for education technology companies and one for data brokers) are available here.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • open laptop in a college classroom with holographic AI icons like a brain and data charts rising from the screen

    4 Ways Universities Are Using Google AI Tools for Learning and Administration

    In a recent blog post, Google shared an array of education customer stories, showcasing ways institutions are using AI tools like Gemini and NotebookLM to transform both learning and administrative tasks.

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Launches Stand-Alone AI App

    Meta Platforms has introduced a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • three main icons—a cloud, a user profile, and a padlock—connected by circuit lines on a blue abstract background

    Report: Identity Has Become a Critical Security Perimeter for Cloud Services

    A new threat landscape report points to new cloud vulnerabilities. According to the 2025 Global Threat Landscape Report from Fortinet, while misconfigured cloud storage buckets were once a prime vector for cybersecurity exploits, other cloud missteps are gaining focus.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.