The EdTech industry has witnessed remarkable growth in recent years, offering innovative ways for students to access education. However, this expansion raises concerns about data privacy, especially regarding minors. In this article, we explore the challenges and implications of data privacy in the EdTech industry, with a specific focus on minors’ data.


Data Collection in EdTech

Data plays a central role in the EdTech industry. Platforms gather extensive data, including student performance, engagement metrics, and personal information such as names, ages, and email addresses. This data helps tailor educational content and enhance learning experiences, but it also sparks concerns about its usage, storage, and protection.


Challenges in Data Privacy

1. Data Security Risks

Data breaches and cybersecurity threats are ever-present risks in the EdTech industry. When minors’ data is involved, the potential consequences are more severe, necessitating robust measures to protect sensitive information from malicious actors.

2. Misuse of Data

The misuse of student data, such as profiling for marketing purposes, poses a significant concern. This could lead to privacy violations and unwanted intrusions into students’ lives.

EdTech companies may also be tempted to monetize the data they collect, which could result in conflicts of interest between profit motives and student well-being.


Implications for Minors’ Data

1. Vulnerability

Minors are a particularly vulnerable group in terms of data privacy. Their limited understanding of the implications of sharing personal information online exposes them to potential exploitation and misuse.

2. Long-term Consequences

Data collected during a minor’s education can have long-term implications. Mishandled data, whether inaccurate or sensitive, could affect a student’s future educational and professional opportunities.

3. Psychological Harm

The misuse of minors’ data, especially in cases where it is used for targeted advertising or behavioral profiling, can lead to psychological harm. This includes feelings of intrusion, anxiety, and a

Protecting Minors’ Data

1. Clear Policies and Consent

Educational institutions and EdTech companies must establish clear data privacy policies and obtain proper consent. In the case of children, it is often argued that consent should be taken from parents or guardians when collecting minors’ data. These policies should specify what data is collected, its purpose, and the security measures in place.

2. Secure Data Storage

Robust cybersecurity measures are essential to protect minors’ data from breaches. Encryption, regular security audits, and employee training are crucial for data security.

3. Compliance with Regulations:

Companies should comply with relevant data protection regulations, such as the Children’s Online Privacy Protection Act (COPPA) in the United States or the General Data Protection Regulation (GDPR) in the European Union.

They should also keep themselves updated about changes in data privacy laws and ensure ongoing compliance.

The DPDP Act, 2023

The Digital Personal Data Protection Act, 2023 (DPDP Act) has also taken progressive measures to protect minors’ data. Section 9 provides certain special measures for children’s data.

It lays down a requirement to obtain verifiable consent from the parent or the lawful guardian before processing a child’s data. It also places restrictions on processing activities that are likely to cause detriment to a child. Moreover, it prohibits tracking, behavioural monitoring, and targeted advertising to children.

It is important to note that the DPDP Act envisages penalties up to Rs. 250 crores for non-compliance.


The EdTech industry holds enormous promise for the future of education but must navigate the complex landscape of data privacy, particularly for minors. Without adequate safeguards, data misuse, discrimination, and long-term consequences pose risks to young learners. By implementing clear policies, secure data storage, and regulatory frameworks, the EdTech industry can balance innovation with the protection of minors’ data privacy. As the industry continues to evolve, prioritizing the well-being of its youngest users is essential.

Major Privacy Updates of the Week

Meta Using Features to Lure Children to Instagram and Facebook: Claims Nearly 3 dozen U.S. States

Meta was sued by more than three dozen states on Tuesday for knowingly using features on Instagram and Facebook to hook children to its platforms, even as the company said its social media sites were safe for young people.

Colorado and Tennessee led a joint lawsuit filed by 33 states in the U.S. District Court for the Northern District Court of California, saying Meta — which owns Facebook, Instagram, WhatsApp and Messenger — violated consumer protection laws by unfairly ensnaring children and deceiving users about the safety of its platforms. The District of Columbia and eight other states filed separate lawsuits on Tuesday against Meta with most of the same claims.


New York Can Resume Family DNA Searches for Crime Suspects: Court Rules

The New York Court of Appeals ruled that the state can resume using familial DNA searches in criminal cases. The ruling reversed a lower court decision from last year that blocked the practice.

Familial DNA searches allow law enforcement to search DNA databases to find relatives of people who left genetic material at a crime scene. The technique has helped solve crimes but has also raised privacy concerns.

The majority opinion, written by Chief Judge Rowan D. Wilson, said that the state’s rulemaking process for the searches was legal. Wilson also said that regulations intended to protect privacy have resulted in very few search results provided to law enforcement.


Identity Management Platform Okta Experiences Data Breach

On October 20, 2023, Okta, an identity management platform, experienced a data breach. The breach involved an attacker using a stolen credential to access Okta’s support case management system. The attacker was able to view files uploaded by Okta customers using valid session tokens from recent support cases.

Okta confirmed that “certain Okta customers” were affected. The breach also marked the second breach for Okta in as many years. In March 2022, Okta confirmed that Lapsus$ threat actors compromised the account of a customer support engineer who worked for a third-party provider and then used that account to steal customer data.

Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users.


Data Breach at Flagstar Bank Affects Data of 800,000 People

Flagstar Bank, a Michigan-based financial services provider, announced a data breach that affected over 800,000 US customers. The breach was caused by a third-party service provider, Fiserv, which suffered a MOVEit data breach. The Cl0p ransomware operation was responsible for the widespread MOVEit hack.

The breach exposed the personal information of 837,390 customers. The breach of Social Security numbers puts all affected customers at risk of identity theft.

This was the third data breach at Flagstar Bank since March 2021. Flagstar was once one of the largest banks in the United States, with total assets of over $31 billion. New York Community Bank has owned Flagstar since 2022.


Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards

Amazon is rolling out an independent cloud for Europe as it looks to address strict regulations that companies and those in the public sector face in the European Union.

Amazon Web Services said Wednesday that its AWS European Sovereign Cloud, which will be located in and operate out of Europe, will have the same security, availability, and performance as existing AWS regions but will be separate from them. The cloud will let customers keep all metadata they create in the European Union and will have its own billing and usage metering systems.


Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay


Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro