The report tracked 164 educational apps and websites from these countries, including some from India, between March 2020 and November 2021.
The international non-governmental organisation’s analysis of the apps found that of the 164 apps and websites, as many as 146, or 89% engaged in some behavior which put at risk the safety, privacy and confidentiality of children using these platforms for education.
In India, HRW analysed apps such as Diksha, which is an initiative of the National Council of Educational Research and Training (NCERT) and is run and managed by the Ministry of Education, the e-Pathshala app, which is also managed by the NCERT , as well as privately run Khan Academy, Smart Q, and Top Parent.
These apps, the analysis showed, indulged in practices such as collecting Android identity of devices, using fingerprinting to identify the device, collecting precise location data, and installing software development kits (SDK) which were not necessary for the functioning of the app but collected information for advertising.
The education ministry and Smart Q did not respond to ET’s queries.
Discover the stories of your interest
Google, whose SDK is used by ed-tech companies across the world, said it would investigate the specific claims and take appropriate action if there were any privacy violations.
“We have long prioritized creating a safer and more accessible online learning experience for kids and teens, which has been especially relevant during the pandemic. Across our platforms, we require developers and customers to abide by data and privacy protections. We prohibit any personal or remarketing ads aimed at minors’ accounts,” a Google spokesperson said. “We are investigating the specific report claims and will take appropriate action if we find policy violations.”
In its response, Khan Academy said that it used Facebook Pixels only to “connect with parents, teachers and other caring grownups” and “not for commercial advertising”.
“Additionally, Khan Academy does not use SDK’s for advertising or marketing purposes. Khan Academy was founded as a 501(c)(3) nonprofit organization in 2008 so that a for-profit motive would not interfere with our educational mission,” the company said in a statement.
HRW’s analysis found that government-run app Diksha collected information such as the device’s precise location data, including the date and time of their current location and their last known location.
“Diksha also granted access to its students’ location data to Google, through the two SDKs—Google Firebase Analytics and Google Crashlytics—embedded in the app. Through dynamic analysis, Human Rights Watch observed Diksha collecting and transmitting children’s AAID to Google. It appears that Diksha shares children’s personal data with Google for advertising purposes,” HRW said in the report.
Similarly, an analysis of Khan Academy and Smart Q found that these apps had within their apps SDKs that were not necessary or crucial to the functioning, but collected data and transmitted it to third-party advertising technology firms.
HRW also said that these apps did not allow the users, mostly children, the option to deny their data being shared with a third party.
“While some SDKs provide core functionality that is needed for an app to work or to improve its technical performance, others are designed for advertising—to track users’ actions within the app, guess at their preferences, and display the most persuasive ad at the most persuasive time. Still other SDKs provide tracking services that are designed to secretly collect data about the user that can later be compiled and sold,” HRW said in the report.