Parents fear app is storing private data in the US on how their children behave as it harvests photos and video footage of thousands of British pupils
- ClassDojo, based in San Francisco, claims to operate in 70 per cent of UK schools
- App shares data with 22 third-party service providers like Facebook and Google
- Teachers do not need to seek parents’ consent before using the app at school
A US company has been using an app to gather and store private data on how thousands of British children behave at school.
Parents fear ClassDojo, based in San Francisco, has harvested photos and videos from as much as 70 per cent of British schools.
The company’s data is stored in the US and shared with 22 third-party service providers including Facebook for ‘optional social sharing’ and Google for ‘analytics’.
Another company using the data is analytics service Datadog which suffered a data breach two years ago, reports The Times.
ClassDojo is a classwork communications app that awards positive and negative dojo points to pupils based on their behaviour
Teachers are reportedly using the app, which awards pupils positive and negative ‘dojo’ points based on their behaviour, as a means of maintaining order in the classroom.
The ‘gamification’ programme is hosted by a team of smiling cartoon monsters who guide pupils through exercises.
Kids receive green dojos for qualities like ‘teamwork and ‘creativity’ and red dojos for qualities like ‘disrespect’.
The ‘gamification’ app collects data including videos and photos which it shares with 22 service providers
Pupil’s scores can be displayed on a screen at the front of the class.
Parents and students are encouraged to create their own ClassDojo accounts which enable them to track their children’s behaviour at school – and view photos and videos of them remotely.
But currently the company’s policies do not appear to require school to ask for parents’ consent if pupils do not have their own ClassDojo accounts even if the app is being used on them.
The US company requires school ask for parental consent before creating accounts for pupils under 13.
ClassDojo’s terms state providers do not ‘generally’ have the right to use beyond what is necessary to assist ClassDojo./
Parents said they had only realised the app was being used in their children’s schools when their children began talking about dojo points.
One mother said her five and seven-year-old children had been asked to vote on whether the school should start using the app.
Lawyers told The Times the app’s existing service would be in breach of data laws come May 25 after the introduction of stricter UK regulation.
Ben Williamson, a lecturer in education at the University of Stirling, said: ‘It’s important for parents to be aware that the company holds detailed behavioural records for their children, as well as photos of their children uploaded from the classroom, and that the education technology industry is no more impervious to privacy breaches than commercial social media, finance or other public services like health.’
Teachers are not required to gain parental consent before using the app in the classroom
A ClassDojo spokeswoman said: ‘ClassDojo is fully compliant with all UK privacy laws, and is certified under the EU-US privacy shield. ClassDojo will be also fully compliant with GDPR when the law goes into effect on May 25.
She said children’s data was automatically deleted 12 months after they stopped using the app.
‘No part of our mission requires the collection of sensitive information, so we don’t collect any. When a teacher sets up a class, we ask for the minimum information necessary to provide the service: a student’s name or nickname and we assign them a cartoon avatar. We don’t ask for or receive any other information [like] gender, no email, no phone number, no home address.
‘We do not sell or rent any information to any third parties. We work with independent security researchers to continually test ClassDojo’s security practices, and those of any third-party partners, including extensive independent audits by world-class cyber-security firms.’
Source: Read Full Article