Feeling Supported FOBISIA Safeguarding Conference 2026

89.3% of Australian educational apps begin transmitting data the moment they are opened, well before any meaningful consent has been given, that finding needs to land heavily with our schools. Not because schools are careless, but because the system they are operating within has quietly shifted underneath them. What we used to call "edtech" has become a complex data ecosystem, and most schools are still treating it as a set of tools rather than a set of risks.

When 83.6% of those same apps are also sending persistent identifiers, quietly linking a child's behaviour across every session and across other apps, we are no longer talking about harmless classroom utilities. We are talking about infrastructure with the capacity to build long-term behavioural profiles on our children. The UNSW team also found that only around one in four privacy policies actually matched what the apps were doing in practice, which is a significant gap between what parents are told and what is really happening.

Parents will hear these numbers and feel concern. Schools need to hear them and recognise something harder to sit with, which is exposure. Many of these apps have been drawn from state Department of Education recommendation lists, and that creates a false sense of safety. The quiet assumption has been that if an app is on a list it must be fine, and the honest answer is that this assumption no longer holds.

What this research reveals is the gap between policy and proof. Schools have policies that say student data must be protected, consent must be obtained, and third-party sharing must be limited, but they rarely have visibility into whether any of that is actually happening at the application level, in real time, at scale. That is where the real risk sits, not in intention, because the intention of our educators is almost always good, but in the blind spots nobody has yet been given the tools to see.