Publications
The Privacy Program is supported by the Common Sense Research Program, led by a team of experts in privacy law, that periodically publish research reports on the state of privacy and security that are designed to shed light on critical issues for child and student learning and digital citizenship.
2024 Human‐AI Productivity: Evaluating Privacy Policies using Artificial Intelligence: The Common Sense Privacy Program was able to increase the number of published evaluations and ratings of privacy policies by developing and deploying machine learning models using natural language processing to augment and support our expert human privacy-policy reviewers. The Privacy Program's hybrid Human and Artificial Intelligence (“Human-AI”) approach is able to capture high-quality annotated privacy policies by privacy reviewers. The integration of AI into our evaluation process has improved the productivity of our privacy reviewers, allowing them to complete privacy evaluations more quickly than without AI while maintaining the same or higher level of accuracy. In this paper, we examine the Privacy Program's deployment and integration of AI and attempt to quantify the cost savings and benefits to our orga nization and the privacy evaluation process.
2023 Privacy Program Evaluation Framework: The Privacy Program Evaluation Framework comprises a series of questions used to rate and compare products on multiple dimensions of privacy, safety, security, and compliance, incorporating criteria based on legal, societal, educational, and child development best practices.
2023 State of Kids' Privacy: Who is monetizing our data? A general lack of transparency leads to a confusing landscape. Our latest research report takes a deep dive into whether popular apps and platforms disclose if (and how) they sell and share personal data. The California Consumer Privacy Act (CCPA) became law in the state of California in 2020, but in the last year, the California Privacy Rights Act (CPRA) expanded the definition of selling data to include any practice by which apps or platforms track user behavior and then share that information for advertising purposes.
Privacy of Virtual Reality: Our Future in the Metaverse and Beyond In this report, our privacy team reviewed the most popular headsets on the market to better understand how they protect—or don't protect—privacy. They looked at privacy policies, data collection, security practices, privacy settings, and advertising and marketing uses. The result? Our team cannot recommend kids' use of a single VR headset we reviewed. Every single device in one way or another puts kids' and families' personal privacy or safety at serious risk.
2021 State of Kids' Privacy The Common Sense 2021 State of Kids' Privacy Report provides a comprehensive look at the privacy practices of hundreds of technology-related applications and services intended for kids and students.
Privacy of Streaming Apps and Devices We reviewed the privacy protections in the top 10 streaming apps, as well as the top five streaming devices, that include programming directed at kids and families and found that most apps and devices are using practices that are putting consumers' privacy at risk -- especially that of kids.
2019 State of EdTech Privacy Report The 2019 State of EdTech Privacy Report represents the culmination of our research over the past four years in evaluating hundreds of education technology-related applications and services. The report includes findings from evaluations of 150 privacy policies from the most popular edtech applications and services in 2019, as determined by interviews with teachers, schools, and districts as well as total App Store downloads during the past 12 months.
Privacy Risks and Harms The Privacy Risks and Harms report identifies the challenges and potential pitfalls students face online, from third-party advertisements to location tracking. It draws from the library of Common Sense privacy evaluations and other resources to identify ways for parents and educators to choose the products that best protect our youngest consumers from privacy intrusions that could have long-term implications.
2019 EdTech Security Survey: The 2019 EdTech Security Survey is part of a semi-annual examination of security practices of education technology-related online services using our security assessment tools. Our findings in early 2019 indicate no meaningful improvements in the percentage of services that either support or require encryption or that implement HTTP strict transport security (HSTS) headers.
2018 State of EdTech Security Survey: The 2018 State of EdTech Security Survey represents a yearly examination of security practices of education technology-related online services using our security assessment. Our overall findings in 2018 indicate a significant increase in the percentage of services that both support and require encryption. In addition, our findings indicate that there was a modest decrease in the percentage of services that support encryption, but do not require encryption. However, there was no significant change in the percentage of services that implement HSTS.
2018 State of EdTech Privacy Report: The 2018 State of EdTech Privacy Report represents the culmination of our research over the past three years and evaluation of hundreds of education technology-related applications and services. Our overall findings are illustrative of current trends in the edtech industry including widespread lack of transparency and inconsistent privacy and security practices. The key findings illustrate better, worse, and unclear privacy and security practices of 100 popular edtech applications and services that were evaluated in the following areas: encryption, effective policy dates, selling data, third-party marketing, traditional advertising, behavioral advertising, ad tracking, third-party tracking, profiling, and the onward transfer of data to third parties.
Information Security Primer: The Information Security Primer details how to set-up a security testing environment for Web-based and mobile apps, and also covers basic testing scenarios, how to test responsibly, and how to disclose responsibly if and when testing uncovers issues. The information security primer can be used by anyone interested in evaluating privacy and basic information security. Vendors can use these tools to evaluate their privacy and security practices. Districts can use these tools as part of their strategy to build an internal review process. Parents, students, teachers, and privacy advocates can use these tools to ask questions about privacy and security practices and to evaluate tools on their own.