Whose Data Is It Anyway? Teaching Kids About Digital Privacy in the Classroom
What every principal must understand before their school’s next app adoption
Every morning, when a student walks into school and opens a learning app, checks their attendance on a digital system, or submits an assignment through an ed-tech platform, they are generating data. Data about their identity, their location, their learning pace, their attention patterns, their strengths, and their struggles.
Most students do not know this is happening. Most parents do not know what is collected or where it goes. And most school managements, with honesty, would admit they have not read the data clauses in the terms and conditions of the platforms they have adopted.
This is not a minor administrative oversight. It is a systemic vulnerability โ for students, for institutions, and for the communities schools serve.
This blog is about that vulnerability, and about why teaching data privacy is not just a curriculum matter but a core institutional responsibility.
What Schools Are Currently Doing With Student Data
Let us begin with an honest inventory.
If your school uses a digital attendance system, it is collecting biometric or photographic data on students and staff. If your school uses an ed-tech platform for learning or assessment, that platform is collecting data on every interaction each student has with its interface. If your school has a social media presence and posts images of students, those images are processed by facial recognition algorithms on those platforms. If your school uses a third-party communication app for parent engagement, the conversations and contacts on that app are accessible to the app’s parent company.
None of this is necessarily illegal. But very little of it is explained clearly to students, parents, or even most school administrators. And the absence of explanation creates a situation where consequential decisions are being made about children’s data without their informed participation.
The Information Technology Act and its amendments, including the Personal Data Protection framework under development in India, establish principles of informed consent and data minimisation that schools have an obligation to respect โ even when the platforms they use do not enforce it.
Why Teaching Data Privacy Belongs in Every Classroom
The case for teaching data privacy in schools is not primarily legal. It is civic.
Students who understand that their data has value โ that it is collected, processed, sold, and used to make decisions about them โ are better equipped to make informed choices about what they share, with whom, and under what conditions. They are harder to manipulate. They are more likely to read permissions before accepting them. They are more likely to notice when something about a digital interaction feels wrong.
These are not technical skills. They are life skills. And in an increasingly data-driven society, they are as fundamental as financial literacy or road safety.
For school management, the question is: at what grade level does this begin, and through which subjects?
The National AI Literacy Framework’s foundational level โ targeting Classes 3 through 6 โ includes basic data awareness as a core competency. Students should be able to identify what kinds of information are personal, understand that apps collect data, and practise the habit of pausing before sharing.
At the intermediate level โ Classes 7 through 10 โ the conversation deepens: why is data valuable, who benefits from collecting it, what are the risks of data misuse, and what rights do citizens have under Indian law?
At the advanced level โ Classes 11 and 12 โ students should be able to evaluate the data policies of platforms they use, understand the implications of algorithmic profiling, and engage with policy debates about data governance in India and globally.
Making It Multilingual and Accessible
One of the most important principles in the Ethics and Safety Playbook developed by Shunya Axis Literacy โ and one that school management must internalise โ is that data privacy education must be delivered in the languages students actually think in.
Explaining data privacy in English to a classroom where students are more comfortable in Marathi, Hindi, Tamil, or Telugu is not education. It is the appearance of education. The concepts must be discussable in the student’s first language for genuine understanding to occur.
This requires an investment in translated resources โ not just vocabulary lists, but full explanations, examples, and discussion prompts in regional languages. It also requires empowering teachers to develop vocabulary for these concepts in their own teaching language, rather than relying on English-medium materials.
What Management Must Review Immediately
Beyond curriculum, data privacy has a direct institutional governance dimension.
Every school management committee should, within the next academic term, conduct a brief audit of its digital tool usage. The questions are simple: What data does each tool we use collect from our students? Who owns that data? Where is it stored? What are the data retention policies? What happens to the data if we terminate our contract with the platform?
This audit does not require technical expertise. It requires reading vendor agreements with the right questions in mind โ and in many cases, simply asking the vendor directly.
Schools that cannot answer these questions about their own digital tools are in no position to teach students about data privacy with integrity. The institutional practice must model the curriculum.
The Conversation That Changes the Culture
The most powerful thing a principal can do on this topic is to make data privacy a normal part of the school’s institutional conversation.
In a staff meeting: “Before we adopt this new platform, let us ask about its data policy.”
In a parent communication: “Here is what data our school’s tools collect from your children, and here is how we protect it.”
In a classroom: “When you open this app, what information is it asking you to provide, and why?”
These questions, asked consistently, build a culture of digital awareness. They signal to students that their data matters. They signal to vendors that this institution is an informed partner. And they signal to parents that the school takes its duty of care seriously.
Data privacy is not a technical footnote. It is a fundamental dimension of education for life in a digital world. And it starts with the institution deciding that students’ data is worth protecting.