Not everyone who watched the pandemic-induced proliferation of technology in education did so with a sense of relief that learning could continue despite physical barriers. Not everyone was pleased that it might usher in the digitisation of a sometimes stubbornly analogue sector. 

In fact, many teachers and academics have found the ad-hoc implementation of edtech worrying. And some have had serious misgivings.

Dr Velislava Hillman, visiting fellow at the London School of Economics, believes there are underlying risks associated with edtech adoption. “Educational institutions are considered to be safe spaces for children but, like other safe spaces such as sports clubs or churches, we’ve seen there can be risks - and this can happen right under the noses of parents, authorities, policymakers,” she says. 

“I wanted to see if these technologies and, in essence, the private businesses behind them, are coming into this safe space and increasing the risk of harm to children.”

Hillman is well placed to raise these concerns, having spent several years investigating edtech and looking at whether more stringent regulation of the market is required.

In her latest work, she talked to more than 150 people over two years - from school leaders, parent groups and data privacy officers to edtech providers, regulators and policymakers - to try to understand how the market is evolving.

The results were published earlier this year in a working paper and the executive summary offers a neat summation of some of the concerns she uncovered.

“Who decides what edtech products will be adopted in schools? What benchmark is used to make such decisions? Who assesses what edtech vendors deliver against their claims? Are there any criteria used to recognise when an edtech product fails, and who decides what those are? Who is held responsible if or when edtech products fail?”

Edtech: avoiding the path of social media

These are questions without any clear answers because, Hillman says, “there are no unified standards or benchmarking across the sector” and the “threshold to enter the educational space is pretty low” - not least because there is little appetite among regulators to get involved.

“The assumption is that the edtech market is pretty young and you don’t want to stifle innovation,” she notes.“The argument was that a young market should not be held back by regulatory regimes.”

Hillman disagrees: “We don’t want to sit and wait for what happened with social media to happen in education; we should pre-empt some of the risks or at least work to minimise the risks.”

• Covid: The edtech project that trained 10,000 teachers
• Edtech: How schools can build on edtech gains during Covid
• DfE support: End of edtech help for schools “a step backwards”

Her reference to social media relates to the fact that, in return for access to platforms, we hand over data about ourselves that is then used for targeted advertising or to entice us to click on content that might be of interest - with social media companies making lots of money as a result.

Hillman acknowledges that edtech companies operate differently - and may have more well-meaning aims than some social media - but she stresses that they are still businesses.

“The edtech sector, by its very nature, is a business stream like any other. This leads to the question: as businesses, what are edtech companies’ motivations in the education sector? Even if companies are motivated by improving educational processes, any such goal must also make business sense; make money.”

Hoovering up data

This is where she believes the “safe space” issue comes to the fore: these companies are entering classrooms to engage with children’s learning, potentially shape pedagogical practice and gather up vast amounts of data - and students aren’t usually having any say in the process.

“You’ve got technologies and platforms that children and students are not able to have any real choice over. They are told, for example, ‘You will have to submit your assignment [on this platform]’; there is no alternative,” Hillman says.

“But you don’t know where that [information] goes, now or in the future, or how and at what point in the future this information and data, and your actions in school, may be used.”

“We don’t want to sit and wait for what happened with social media to happen in education”

The extent of this issue was laid bare in a major Human Rights Watch (HRW) study, published at the end of May, which - after reviewing 164 popular edtech products used around the world and often endorsed by governments, including in the UK - found that 146 of them put “at risk or directly violated children’s privacy and other children’s rights, for purposes unrelated to their education”.

Specifically, it said: “Many edtech products endorsed by governments and used by children to continue learning during Covid-19 school closures were found to harvest children’s data unnecessarily and disproportionately, for purposes unrelated to their education.”

HRW said this data included:

• Who they are.
• Where they are.
• What they do in the classroom.
• Who their family and friends are.
• What kind of device their families could afford for them to use.

Hye Jung Han, children’s rights and technology researcher and advocate at HRW, says it was clear from the research that edtech was being given too much power and insight into the lives of children.

“Children shouldn’t be compelled to give up their privacy and other rights in order to learn,” she says. “Governments should urgently adopt and enforce modern child data protection laws.”

Children should be safe in school, whether that's in person or online. But few governments checked whether the EdTech they rapidly endorsed or procured for schools were safe for children to use. Many built their own EdTech products that risked or infringed on children's rights.

— Hye Jung Han (@techchildrights) May 25, 2022

Hillman says the report “shows a lot more needs to be done” around how we understand the operations of edtech companies.

Sorting the wheat from the chaff

Of course, this does not mean that all edtech products are nefarious and Hillman acknowledges that many products are operated with “good intentions” and bring benefits to the market.

It should also be noted that some firms are transparent about when, how and why they use data, and are very clear on the business model behind the product.

The worry for Hillman and others is that there is not enough regulation to ensure that every company behaves in this way - it is still largely a choice. Hillman says that in no other area of education are things so laissez-faire.

“Unlicensed bus drivers will never drive the school bus; why should unlicensed edtech products mediate educational processes?” she writes in her paper. “Behind ‘licensing’ lies agreed-upon rules, conditions, terms, standards, methods and expectations. For the bus driver or the school nurse, those are relatively known.

“But what are they for an edtech product that teachers already use to track students’ learning progress? Or for an application that diagnoses a child’s mental health? Or for a platform that makes career recommendations?”

These were concerns shared by many in the education sector. 

Tom Campbell is the interim chief executive at E-ACT, a trust made up of 28 schools. He says that he has concerns about edtech firms offering heavily discounted subscription rates in order to entice schools because what’s really of interest to them is the data they are gathering.

“The subscription is almost a discounted charging mechanism because, while you’re using the product, they reserve the right to then monetise the data they can gather from users of the product,” he tells Tes.

He gives the example of information about what a child chooses to buy for lunch or a book they rent from the library being used to build a vast profile database that could then be sold to other firms for marketing purposes.

“So, just as health companies use data to sell you insurance, in this space, we’re in danger of, before our eyes, edtech companies commercialising the data they have, based on the decisions a child has been making all day,” he adds.

Concerns across the sector

James Browning, chief information officer at Academies Enterprise Trust, one of the biggest multi-academy trusts, adds that, as the scope of what edtech products claim to do grows, the lack of standards can make ascertaining the value, quality and safety of a product difficult for those tasked with overseeing how technology is being used in a school or across a trust.

“Unlicensed bus drivers will never drive the school bus; why should unlicensed edtech products mediate educational processes?”

Some of this requires regulation on how things are advertised rather than specific regulation on standards. 

“With every company keen to put their own slant on how their edtech will positively impact your school, it certainly is tough,” he tells Tes.

“A walk around any edtech show will bring this to life, with claims ranging from improving pupil engagement, to saving teachers time, to really bold claims like increasing children’s reading ages.

“While no doubt rooted in good intentions, the vast majority of these are self-awarded and unregulated claims.”

It is a view that is being acknowledged by the Department for Education, as demonstrated in a recent report it published, titled Future opportunities for education technology in England, which noted that a workshop delegate had outlined many of the same concerns as those described above.

“There is a real range of intentions with a lot of edtech companies - they’re private industries and they want to make money,” the delegate said. 

“The fact that it is an unregulated industry makes it a jungle that schools and colleges are having to try to negotiate as best they can without an enormous amount of clear support.”

What’s more, the report noted comments from another participant, who said schools feel they are being “bombarded” by edtech companies that want to “sell them their products” - and schools struggle to discern the good from the bad.

“Workshop participants noted that teachers are already under-resourced and do not have time to assess and quality assure different products,” the paper’s authors wrote.

The problem with existing standards

It should be noted that edtech firms do have some regulations they have to comply with. Most notably, the General Data Protection Regulation (GDRP) sets out, among other things, that companies must gather only relevant data, that they must process it securely and that they must not share it unnecessarily. There are hefty fines for anyone who falls foul of these rules.

How closely is compliance being checked, though?

Hillman says there are vendors that simply state they are “fully compliant with GDPR” in their terms and conditions without that actually being the case.

For example, a data privacy officer (DPO) she interviewed for her research said many providers have “wild terms and conditions” and “wacky interpretations of the GDPR, some picking and choosing as to which articles of the GDPR they fancy complying with”.

Another said some businesses “don’t even bother saying anything at all about data protection - they just put ‘in accordance with GDPR’ at the end of every line of the contract and think that suffices”.

“Teachers are already under-resourced and do not have time to assess and quality assure different products”

This mirrors many elements of the HRW study, which found that many edtech firms were using data far beyond the scope of education purposes.

Those in the schools sector fear that separating those who are compliant from those who are not is a very difficult task. 

Cathie Paine, chief executive of REAch2 Trust, the largest primary-only multi-academy trust, says this is something she finds deeply concerning. “You hear horror stories of technology products collecting data and the schools had no idea this was happening,” she notes.

Not only this but also many terms and conditions that companies provide on their site, covering the regulatory adherence, are incredibly long, often running to 10,000 words in thick legalese, which, in reality, would be tough for a non-data protection professional to wade through.

“There is more regulation coming into the sector now, particularly with GDPR requirements coming into place, which is making things better,” says Paine.

“But there is still a widespread lack of knowledge at school level in fully understanding their GDPR responsibilities and what their edtech products are doing here.”

The Information Commissioner’s Office (ICO) tried to assist by introducing the Children’s Code, which came into force in 2020. The code requires companies to adhere to 15 standards relating to how their products are used, with children’s data privacy in mind.

A spokesperson for the ICO told Tes that a big reason for introducing the new code was because it was “aware of concerns raised about edtech, and the complex relationship that exists between edtech providers and schools”, and the ICO hopes it will alleviate some of those issues.

Taking the burden off schools

However, Hillman argues that all this does is create more work for schools by forcing them to check that “any edtech product or service complies with the code”.

Furthermore, she notes that the Children’s Code only covers a small number of the issues that the rise in edtech use is creating: “It’s only a minimal baseline; we still don’t know what cybersecurity controls companies adhere to, their ethical conduct, whether their products make pedagogic sense and so on,” she says.

What all this amounts to is that the onus for regulating the edtech industry is being put on to schools, which are time-poor and largely not experts in the issues involved. Hillman says it needs, instead, to be much more top-down. 

“A common, accountable and transparent agreement must be developed across the sector,” she writes in her report, adding that minimum standards and benchmarking must be introduced.

This would focus on the specific operational elements of edtech companies that schools are struggling to monitor themselves.

“This could be a kitemark that looks at data privacy and cybersecurity; the technical aspects [of the product]. Is there a contact point or help desk that is answered? Who they are, where they are based - that would be a benchmark across a relatively easy-to-define number of features,” she adds.

That’s a big idea and one that immediately throws up questions: who would form the group to do this work? Who would agree the parameters? How would approvals be processed? What would be the cost to apply, and so on?

If these concerns were addressed, though, more regulation is something that many in the edtech sector would welcome. 

Caroline Wright, director general of the British Educational Suppliers Association, says that these concerns are difficult to overcome, however.

“If you ask any government to do something, will they do all the homework before they jump to saying, ‘Here’s the standard’? And will it be actually the right one or what’s needed?” she says.

“That’s where there would be quite a lot of concern…who are the right people deciding on what would be appropriate and who does the oversight?

Oversight would be tricky but worth a try

It would be “about making sure there is the right skill set within a government department” to run something like this, Wright says. After all, it was only two years ago that the ICO upbraided the DfE following an audit that found that “data protection was not being prioritised” and this had “severely impacted” the department’s ability to comply with the UK’s data protection laws.

Meanwhile, Ed Fairfield, vice-chair of the edtech association NAACE, says that agreeing on who would oversee any benchmarking or standard setting would require a lot of work.

“The minute you get oversight, you bring in big question marks because who says that that overseer knows what they’re doing? What qualifies them to say what to do or not?”

But this doesn’t mean the idea is a non-starter. If satisfactory answers to these questions could be found, it would have merit, says Fairfield.

The concept of oversight “has got legs because if schools buy the wrong technology or use the wrong supplier then they’re going down the wrong path”, he says. “So anything which reduces the chance of that is definitely a good thing.”

Checklists and badges of honour

Fairfield agrees with Hillman that any attempt to introduce standards and benchmarking would work best by looking at the specific elements of a product or company rather than pedagogical claims or outcomes, as these would be simpler to measure.

“There are definable, measurable tick-box characteristics that, absolutely, it would work on because you’ve either got it or you haven’t,” he says.

“If we can come up with, say, 10 measurable things so a supplier has that independent badge of honour [that says], ‘I do this, I do that, I’ve got that, I commit to doing this,’ then it’s another area for a school to tick off and not have to worry about.”

Ty Goddard, chair of EdtechUK, is also on board, saying that the data side of edtech tools is now a “key issue for schools, companies and parents”. Establishing such standards, as more and more services are rolled out, would mean there is confidence in how they work and who these firms are.

“Edtech tools are being increasingly adopted, used and trialled successfully across education and homes,” he says.

“Transparency and accountability over the use of data is an important issue [and] there’s a need to understand more about how to protect data, and that includes edtech companies, schools and the DfE.”

Ultimately, Wright concurs, saying that the idea of standards or regulations that firms have to comply with would be “absolutely fine from an industry view”. “Quality companies” would be “really relaxed and actually welcome that kind of thing” to help them stand out, she adds.

“Transparency and accountability over the use of data is an important issue”

But what about start-ups and smaller companies - would finding time for benchmarks be something they could factor in or would it act as a barrier to innovation?

Dora Palfi, co-founder and chief executive of ImagiLabs - a firm based in Sweden that aims to encourage girls to get into coding and has appeared at the Bett trade show - thinks not, saying she could see it helping start-ups to gain more traction in the market.

“As a young company, our attention is split across a wide range of priorities and we know very well that what gets measured gets done, which is why I am so intrigued by the idea to have standards against which companies can measure their performance in these areas,” she tells Tes.

“A well-established standard will allow companies to communicate the work they have done to ensure privacy and safety, and will allow educators, school leaders, as well as parents, to quickly evaluate whether a product meets their expectation in these dimensions.”

David Williams, head of product for ClassCharts (owned by Tes, which also owns Tes Magazine), agrees and says that this should be something being pushed by commercial providers. 

“Any responsible company should want to ensure they are protecting the interests of their customers,” he says. “We want to drive this movement to hold the sector accountable and believe it is in all our best interests to do so.”

Meanwhile, James Grant, co-founder of MyTutor also welcomed the idea: “Having an industry benchmark, or some type of kitemark of quality for edtech products and firms, would be very welcome. 

“Anything that helps give schools assurance on quality - and to provide reassurance that they are dealing with reputable organisations with robust systems and controls in place - can only be a positive move.”

A welcome idea

From the schools’ side, Browning believes this would certainly give schools and MATs more confidence about the credentials of the firms pitching their wares, adding that “in stark contrast to the world of medical technology, there is a gap here and filling it would be very welcome”.

Campbell, too, is open to the idea of greater control in the edtech space.

“We need a government regulator or a third party to come into the space to help us know what’s appropriate, what’s not, who are safe bets and who are not,” he says.

“And to help us navigate through without adding to the bureaucratic burden, without adding to the legal risks that we carry around safeguarding and health and safety - because we are drowning in liability as it is - so I think we need help here.”

Will that help be forthcoming?

The ICO did not comment directly on what it thought about the idea of specific edtech regulation or benchmarking, although it did say it is looking to do what it can in this area already.

“We are working with the departments responsible for education across the UK to raise awareness of data protection responsibilities in schools, to educate children on their data rights, and to support edtech providers to comply with their data protection and privacy requirements,” it says.

Attempts to ask the All-Party Parliamentary Group on Education Technology if this was an area it would consider looking into went unanswered.

Meanwhile, the DfE says it is already giving advice to the schools sector on procuring technology, referring to its work to develop “a core set of digital, data and technology standards”, such as on networking, broadband and cabling.

“The standards are also for technology suppliers to understand schools’ needs and how they might develop their tools and services in line with those needs,” a spokesperson added.

“Further support for schools on software, hardware and devices will be released over the course of this year and into 2023.”

That’s not quite the same thing, though, and Hillman says it underlines the fact that the sector remains a long way from realising the kind of oversight that she - and, it seems, edtech companies and schools alike - believe is needed.