Human Rights Watch notes child rights violations due to surveillance into private lives outside school hours
BY Sumudu ChamaraThe peak of the Covid-19 pandemic was an era when the world adopted new technologies and adapted to new living conditions. Many aspects of life, including movement, education, and work changed significantly, resulting in the increased prevalence of concepts such as working from home and online learning. Online education, or education through various education technology products, was a hot topic in Sri Lanka too.However, according to the international human rights monitor Human Rights Watch (HRW), there is a dark side to education technology products, and that for the most part, governments are to blame.In a statement issued last Tuesday (12), HRW said that the overwhelming majority of education technology products, endorsed by 49 governments of the world’s most populous countries and analysed by the HRW, appear to have surveilled or had the capacity to surveil children in ways that risked or infringed their rights. It made this statement after reviewing technical evidence and easy-to-view privacy profiles for 163 education technology products that were recommended for children’s learning during the Covid-19 pandemic.“Of the 163 products that were reviewed, 145 (89%) surveilled or had the capacity to surveil children outside school hours and deep into their private lives. Many products were found to harvest information about children such as who they are, where they are, what they do in the classroom, who their family and friends are, and what kind of device their families could afford for them to use for online learning,” the statement read.These conclusions were reached based on the findings of a recent study titled “How Dare They Peep into My Private Life?: Children’s Rights Violations by Governments that Endorsed Online Learning during the Covid-19 Pandemic”.Collecting data about childrenBased on the study findings, the HRW said that these governmental endorsements of the majority of these online learning platforms put at risk or directly violated children’s privacy and other children’s rights, for purposes unrelated to their education.It observed: “The Covid-19 pandemic upended the lives and learning of children around the world. Most countries pivoted to some form of online learning, replacing physical classrooms with education technology websites and apps. This helped fill urgent gaps in delivering some form of education to many children. But, in their rush to connect children to virtual classrooms, only a few governments checked whether the education technology that they were rapidly endorsing or procuring for schools were safe for children. As a result, children whose families were able to afford access to the internet and connected devices, or who made hard sacrifices in order to do so, were exposed to the privacy practices of the education technology products that they were told to use or required to use during the Covid-19 pandemic-related school closures.”The study focused mainly on the prevalence and frequency of tracking technologies embedded in each product on a given date, and had found that these products monitored or had the capacity to monitor children, in most cases secretly and without the consent of children or their parents, and in many further cases, harvesting data on who they are, where they are, what they do in the classroom, who their family and friends are, and what kind of device their families could afford for them to use. The HRW had observed 146 education technology products directly sending or granting access to children’s personal data to 199 advertising technology companies. The report noted that some education technology products had targeted children with behavioural advertising: “By using children’s data extracted from educational settings to target them with personalised content and advertisements that follow them across the internet, these companies not only distorted the children’s online experiences, but also risked influencing their opinions and beliefs at a time in their lives when they are at high risk of manipulative interference. Many more education technology products sent children’s data to advertising technology companies that specialise in behavioural advertising or whose algorithms determine what children see online.”Adding that governments bear the ultimate responsibility for failing to protect children’s right to education, the HRW said that with the exception of the Government of Morocco, all governments reviewed in the report endorsed at least one education technology product that risked or undermined children’s rights. While the study had found that most education technology companies did not disclose their surveillance of children through their data, similarly, most governments had not provided notice to students, parents, and teachers when announcing their education technology endorsements.Sri Lanka was among the 164 countries that were reviewed. The report said that Sri Lanka’s “Nenasa” app, which was developed by the Government of Sri Lanka, had been used by approximately 50,000 students. According to the report, Sri Lanka’s Government was among the nine governments that directly built and offered 11 learning apps that may collect android advertising identification from children. The report noted that in doing so, these nine Governments (including Ghana, India, Indonesia, Iran, Iraq, Russia, Saudi Arabia, and Turkey) granted themselves the ability to track an estimated 41.1 million students and teachers purely for advertising and monetisation. In the case of the Nenasa app, the report said that the app may give a third-party company access to a user’s persistent identifiers such as the android advertising identification and camera.It was also noted that while the Nenasa app had privacy policies, the e-Thaksalawa app did not have such policies. Recommendations for govts., tech companies Based on these findings, the HRW put forward a number of recommendations for governments, ministries and departments of education, education technology companies, and advertising technology companies and other third party companies that may receive data from education technology products.Recommending governments to facilitate urgent remedies for children whose data were collected during the pandemic and remain at risk of misuse and exploitation, the HRW said that in this connection, governments should conduct data privacy audits of the education technology endorsed for children’s learning during the pandemic, remove those that fail these audits, and immediately notify and guide affected schools, teachers, parents, and children to prevent the further collection and misuse of children’s data; require education technology companies with failed data privacy audits to identify and immediately delete any children’s data collected during the pandemic; require advertising technology companies to identify and immediately delete any children’s data they received from education technology companies during the pandemic; and prevent the further collection and processing of children’s data by technology companies for the purposes of profiling, behavioural advertising, and other uses unrelated to the purpose of providing education.It further told governments to adopt child-specific data protection laws that address the significant child rights-based impacts of the collection, processing, and use of children’s personal data, and update and strengthen implementation measures to deliver a modern child data protection framework that protects the best interests of the child in complex online environments, where child data protection laws already exist. In addition, it recommended governments to enact and enforce laws ensuring that companies respect children’s rights and are held accountable if they fail to do so. In this regard, it added: “In line with the United Nations (UN) Guiding Principles on Business and Human Rights, such laws should require companies to conduct and publish child rights due diligence processes; provide full transparency in data supply chains, and publicly report on how children’s data are collected and processed, where they are sent, to whom, and for what purpose; provide child-friendly, age-appropriate processes for remedy and redress for children who have experienced infringements on their rights and for such mechanisms to be transparent, independently accountable, and enforceable.”Among other recommendations for governments were: requiring child rights impact assessments in any public procurement processes that provide essential services to children through technology; banning behavioural advertising to children, and not considering commercial interests and behavioural advertising as legitimate grounds of data processing that override a child’s best interests or their fundamental rights; and banning the profiling of children (in exceptional circumstances, governments may lift this restriction when it is in the best interests of the child, and only if appropriate safeguards are provided for by law).The HRW urged education technology companies to provide urgent remedies and redress where children’s rights have been put at risk or infringed through companies’ data practices during the pandemic.To achieve that, it said that such companies should immediately stop collecting and processing children’s data for user profiling, behavioural advertising, or any purpose other than what is strictly necessary and relevant for the provision of education, and to apply child flags to any data shared with third parties, to ensure that adequate notice is provided to all companies in the technology stack that they are receiving children’s personal data, and thus oblige them to apply enhanced protections in their processing of this data.Recommendations read: “Stop sharing children’s data for purposes that are unnecessary and disproportionate to the provision of their education, and in instances where children’s data are disclosed to a third party for a legitimate purpose, in line with child rights principles and data protection laws, enter into explicit contracts with third-party data processors, and apply strict limits to their processing, use, and retention of the data that they receive. Identify children’s personal data ingested during the pandemic, and take measures to ensure that these data are no longer processed, shared, retained, or used for commercial or other purposes that are not strictly related to the provision of children’s education.” In addition, it was recommended that companies with education technology products designed for use by children stop collecting specific categories of children’s data that heightens risks to children’s rights, including their precise location data and advertising identifiers.Recommendations for companies included: “Undertake child rights due diligence to identify, prevent, and mitigate companies’ negative impact on children’s rights, including across their business relationships and global operations, and publish the outcomes of this due diligence process; respect and promote children’s rights in the development, operation, distribution, and marketing of education technology products and services; ensure that children’s data are collected, processed, used, protected, and deleted in line with child data protection principles and applicable laws; provide privacy policies that are written in clear, child-friendly and age-appropriate language – these should be separate from legal and contractual terms for guardians and educators; provide children and their caregivers with child-friendly mechanisms to report and seek remedies for rights’ abuses when they occur – remedies should involve prompt, consistent, transparent, and the impartial investigation of alleged abuses, and should effectively end ongoing infringements of rights.”While promoting and facilitating education through various education technology products are still steps Sri Lanka has not paid adequate attention to, they have become more prevalent than ever before. It is important to understand that going ahead with such products requires upgrading them, and that upgrading should certainly involve developing them in ways that protect children’s rights and ensure their safety.