Publications

The Privacy Program is supported by the Common Sense Research Program, led by a team of experts in privacy law, that periodically publish research reports on the state of privacy and security that are designed to shed light on critical issues for child and student learning and digital citizenship.

2019 State of EdTech Privacy Report2019 State of EdTech Privacy Report The 2019 State of EdTech Privacy Report represents the culmination of our research over the past four years in evaluating hundreds of education technology-related applications and services. The report includes findings from evaluations of 150 privacy policies from the most popular edtech applications and services in 2019, as determined by interviews with teachers, schools, and districts as well as total App Store downloads during the past 12 months.

2019 Privacy Risks HarmsPrivacy Risks and Harms The Privacy Risks and Harms report identifies the challenges and potential pitfalls students face online, from third-party advertisements to location tracking. It draws from the library of Common Sense privacy evaluations and other resources to identify ways for parents and educators to choose the products that best protect our youngest consumers from privacy intrusions that could have long-term implications.

2019 EdTech Security Survey report cover image2019 EdTech Security Survey: The 2019 EdTech Security Survey is part of a semi-annual examination of security practices of education technology-related online services using our security assessment tools. Our findings in early 2019 indicate no meaningful improvements in the percentage of services that either support or require encryption or that implement HTTP strict transport security (HSTS) headers.

2018 EdTech Security Survey report cover image2018 State of EdTech Security Survey: The 2018 State of EdTech Security Survey represents a yearly examination of security practices of education technology-related online services using our security assessment. Our overall findings in 2018 indicate a significant increase in the percentage of services that both support and require encryption. In addition, our findings indicate that there was a modest decrease in the percentage of services that support encryption, but do not require encryption. However, there was no significant change in the percentage of services that implement HSTS.

2018 State of EdTech Privacy Report2018 State of EdTech Privacy Report: The 2018 State of EdTech Privacy Report represents the culmination of our research over the past three years and evaluation of hundreds of education technology-related applications and services. Our overall findings are illustrative of current trends in the edtech industry including widespread lack of transparency and inconsistent privacy and security practices. The key findings illustrate better, worse, and unclear privacy and security practices of 100 popular edtech applications and services that were evaluated in the following areas: encryption, effective policy dates, selling data, third-party marketing, traditional advertising, behavioral advertising, ad tracking, third-party tracking, profiling, and the onward transfer of data to third parties.

Information Security PrimerInformation Security Primer: The Information Security Primer details how to set-up a security testing environment for Web-based and mobile apps, and also covers basic testing scenarios, how to test responsibly, and how to disclose responsibly if and when testing uncovers issues. The information security primer can be used by anyone interested in evaluating privacy and basic information security. Vendors can use these tools to evaluate their privacy and security practices. Districts can use these tools as part of their strategy to build an internal review process. Parents, students, teachers, and privacy advocates can use these tools to ask questions about privacy and security practices and to evaluate tools on their own.