Schools have handed an entire generation's behavioural, education, and personal data to American technology companies. What began as pragmatic solutions to classroom management and remote learning have become deeply embedded surveillance infrastructure that track, profile, and permanently record children's development from age four onwards.
The Behaviour Modification Panopticon
ClassDojo is a classroom "behaviour management" platform used in roughly one in three American schools and increasingly adopted in primary schools in England, one source indicates it's used in 85% of UK primary schools. Teachers award and deduct "Dojo points" throughout the day for behaviour, speaking out of turn loses a point, sitting quietly gains one, helping a classmate earns two. Children see their scores in real time, often displayed on classroom screens visible to the entire class. Parents receive push notifications like: "Emma lost a point for calling out."
The system creates gamified, constant behavioural surveillance. Every interaction, every small infraction of success, becomes captured data.
ClassDojo's 2014 launch attracted immediate scrutiny from privacy supporters. The New York Times reported concerns from parents and teachers about the platform creating permanent behavioural records of young children, while the Electronic Privacy Information Center warned that constant monitoring could chill children's speech and natural development.
In response, ClassDojo updated its privacy policies. The company now states it deletes student behavioural data after one year unless explicitly saved by parents, does not sell student data to third parties, and prohibits targeted advertising to students. In 2025 ClassDojo earned the Common Sense Privacy Seal, confirming it prohibits data sales, third-party marketing, targeted advertising, third-party tracking, cross app tracking, and commercial profiling.
However, some concerns remain about the pedagogical and psychological impact of the platform itself, regardless of current privacy protections:
Teacher decisions about what constitutes "calling out" versus "participation" or "leadership" versus "bossiness" are inherently subjective. These judgements, rendered as numerical scores, create behavioural profiles from age 4-11 that parents and children may take as objective assessments of character.
The system teaches children they are always being watched and judged, and that behaviour should be modified for points rather than internal moral development. Research on gamification in education has raised concerns about undermining intrinsic motivation.
When points are displayed to the whole class, children experiencing behavioural difficulties (often those with ADHD, Autism, or Trauma) are publicly marked as "bad" students multiple times daily.
Despite improved privacy policies, ClassDojo Inc. owns the platform and can change terms of service any time. The company has received plenty of venture capital investment and exists to generate profit, creating tension with educational goals.
Even with strong privacy policies, questions remain about the lawfulness of processing children's behavioural data in this way:
Is consent freely given when schools make ClassDojo mandatory? Many schools deploy the platform across entire year groups, making participation effectively compulsory.
Is it "necessary" for education? Schools managed behaviour for centuries without digital point systems. Is processing truly necessary, or is it just convenient?
Data minimisation. Does the system need to log every behavioural interaction, creating profiles spanning years of childhood?
Children cannot consent. Parents consent on behalf of four-year-olds for systems that will track them until age eleven. The children themselves have no say.
Google Workspace for Education
Millions of school children use Google Classroom, G-mail, Drive, and Docs daily. Google Workspace for Education (formally G-Suite for Education, then Google Apps for Education) was deployed rapidly during COVID-19 lock downs and has remained deeply embedded in schools today. For many schools, it's now the primary digital infrastructure - free to schools, but giving Google unprecedented access to an entire generation's educational activity.
When students use Google Workspace for Education, the platform can collect:
- Every document created, every edit made, every comment added.
- Search queries within educational context.
- Email content and metadata.
- Usage patterns: time spent on tasks, collaboration patterns, login locations.
- If using Chromebooks or Chrome browser while logged in, it will collect browsing history, bookmarked URLs, and website form entries.
The EFF investigation (2015)
In December 2015, the Electronic Frontier Foundation (EFF) filed a Federal Trade Commission complaint against Google, alleging the company violated the Student Privacy Pledge by collecting and using student data beyond educational purposes.
The EFF's investigation found that when students logged into their educational Google accounts and then used non-educational Google services (YouTube, Google Maps, Google Books, Google Search), Google tracked that activity and associated it with the student's educational account, even though Google knew these were children using accounts created for school purposes.
Additionally, the EFF found that Google's Chrome Sync feature (enabled by default on school Chromebooks) uploaded students' complete browsing history, including activity on non-educational websites, to Google's servers.
Google disputed the allegations, arguing the Chrome Sync was optional and that any data used for product improvement was anonymised. However, the investigation revealed a fundamental issue: the division between "educational" and "non-educational" Google services was largely invisible to students, parents and even teachers. A child researching homework on YouTube or Google Maps was being tracked and potentially served advertisements based on that activity, despite using a school-issued device and account.
While Google has made 'policy' changes since 2015, some issues still remain.
Google Workspace data is stored on Google's servers, many located in the United States and across the world. Post-Brexit, data transfers to the US require additional safeguards under UK GDPR. Many schools in England have not conducted proper Data Transfer Impact Assessments to verify transfers are lawful.
The US Cloud Act and FISA mean that US companies can be compelled to hand over data to US authorities, even if the data belongs to non-US citizens. UK children's educational records could theoretically be accessed by US government agencies.
Google's education suite is free and comprehensive. Schools with limited budgets face pressure to adopt it, even if they have concerns about commercial control over educational infrastructure. This creates a "take it or leave it" situation where meaningful consent is impossible.
Documents, emails, and activity logs stored in Google Workspace can create a permanent educational record. Students transitioning to secondary school or university may find the entire primary school digital footprint follows them.
Microsoft Teams/365 - Different Company, Similar Issues
Microsoft's education offerings raise parallel concerns. Extensive telemetry data collection on educational activities. US-based servers with the same data transfer concerns as Google. They also have a history of aggressive data collection in commercial products, raising questions about education commitments. And "education" tiers still collect usage data that many parents do not understand.
The broader issue is that English schools have outsourced core educational infrastructure to American tech giants, creating dependencies that will be difficult to reverse and privacy implications that compound.
Bio-metric Surveillance
England has become a world leader in normalising bio-metric surveillance of children. While many countries have banned or severely restricted school bio-metrics, England embraced the technology.
Big Brother Watch's research found that by 2012-2013 approximately 40% of UK secondary schools were using biometric systems, with an estimated 866,000 school children finger printed that year alone. By 2014, reports suggested at least 40% of the UK school population had been finger printed or registered for palm vein or facial recognition systems. The Association of School and College Leaders estimated about 30% of secondaries were using finger print systems by 2011.
The most common technology is fingerprint scanning, used primarily for cashless catering (aka lunch payments) and library book borrowing. The system captures a child's fingerprint, converts it to a numerical template, and uses this to identify the child at payment or checkout points.
Facial recognition was trailed in several English schools for attendance monitoring and speeding up dinner queues. In 2021, North Ayrshire schools in Scotland implemented facial recognition for school meals, which was discontinued after plenty of controversy was created.
Iris scanning is also used in some schools for similar purposes as fingerprints.
Newer technology being adopted as an alternative to fingerprints is palm vein recognition, marketed as more hygienic and accurate.
Schools defend biometric systems with practical arguments like: "Speeds up lunch queues so children have more time to eat", "it prevents children from losing library cards", or "it's more hygienic than cards or cash" and "children prefer it - it feels more modern and effortless." These are genuine conveniences, but conveniences are not the same as necessity, and the convenience comes at a cost.
It's an opportunity for tech giants intermingled with public officials to create databases of children's physical biometric data. Unlike password's or PINs, biometric data cannot be changed if it's compromised. A child whose fingerprint template is stolen or leaked cannot get a new fingerprint.
It creates function creep. Systems initially introduced for library books expanded to payments, then attendance tracking, then to building access control. Once infrastructure exists, new uses are easily added without revisiting whether they're appropriate.
The normalisation of surveillance continues. When children are fingerprinted for fish fingers from age five, adult biometric ID systems seem natural and unremarkable. This habituation to biometric surveillance may be the mist compelling long term impact.
It introduces vendor control. Schools don't often fully understand the systems they purchase. Big Brother Watch found some schools couldn't confirm where biometric data was stored or what happened to it when children left school.
Protection of Freedoms Act 2012
England does have legal protects in the Protection of Freedoms Act 2012 which requires written parental consent before processing children's biometric data in schools. However, problems still remain. The law requires consent but doesn't require schools to explain the risks, data security measures, retention policies, or what happens if systems are breached.
Schools often present biometric systems as standard, with alternatives (PINs, cards) made deliberately inconvenient. The knock on affect is for parents to feel pressure to consent in order for their children not to be stigmatised. While schools must offer alternatives, there's no requirement that alternatives be genuinely equivalent in convenience and dignity.
The Department for Education keeps no record of how many schools use biometric systems or whether consent procedures are followed.
Big Brother Watch and Defend Digital Me findings
Research by civil liberties organisations has documented serious issues:
- In 2013, Big Brother Watch found that 39% of schools using biometric systems had not obtained parental consent as required by law.
- Some schools couldn't confirm where biometric data was stored or how long it would be retained.
- Vendors often had unclear data retention policies
- Schools were unaware of what happened to data when children left
- Data breaches have occurred, with biometric data stolen or exposed.
Defend Digital Me's 2022 report "The State of Biometrics" documented facial recognition system introduced in 2020 for cashless catering, including emotion detection technologies tested experimentally in some settings. The report called for a ban on biometrics in UK educational settings, noting that fingerprint and facial recognition for routine tasks like buying lunch or buying library books is neither necessary nor proportionate.
Beyond immediate privacy risks, biometric surveillance in schools represents a shift in how children experience institutional power and bodily autonomy.
Previous generations attended school without providing permanent biological samples. They weren't required to submit their physical bodies to identification systems in order to eat lunch or borrow books. The current generation experiences this as normal, which means they'll accept it as normal in workplaces, shops, transport systems, and public spaces as adults.
Preparing children for a biometric surveillance society may be the most concerning outcome of all.
Sources:
- Natasha Singer, "Privacy Concerns for ClassDojo and Other Tracking Apps for Schoolchildren," New York Times, November 16, 2014
- "ClassDojo Earns Common Sense Privacy Seal for Excellence in Student Data Protection," PR Newswire, April 21, 2025
- Electronic Frontier Foundation, "Google Deceptively Tracks Students' Internet Browsing, EFF Says in FTC Complaint," December 1, 2015, www.eff.org/press/releases/google-deceptively-tracks-students-internet-browsing-eff-says-complaint-federal-trade
- Electronic Frontier Foundation, "Google's Student Tracking Isn't Limited to Chrome Sync," December 8, 2015, www.eff.org/deeplinks/2015/12/googles-student-tracking-isnt-limited-chrome-sync
- Big Brother Watch, "Biometrics in Schools: The extent of Biometrics in English secondary schools," 2014
- Big Brother Watch, "The State of Surveillance in 2018"
- Defend Digital Me, "The State of Biometrics 2022," defenddigitalme.org/research/state-biometrics-2022
- Wikipedia, "Biometrics in schools,"