EdTech in India: Worst Practices

Introduction

India’s educational system is the largest in the world, with over 250 million students, 50% of whom attend publicly administered schools.

The autonomy given by the Indian Constitution to the 28 states and 8 union territories means that the right to education is implemented quite differently in each one, respecting culture, language, and other local specificities. Educational policies are suggested at the national level by various autonomous agencies and states can implement them in the way that best suits their context.

Although, the government of India has been developing programmes for the digitisation of education for a while, for example the ePathshala Portal launched in 2015, before covid most formal education was still implemented in person.

Yet education technologies (EdTech) were already heavily used in after-school tutoring, which is very popular in India to supplement school programs and prepare students for entrance exams. Companies such as Byju's, founded in 2011, and UpGrad, founded in 2015, have been hugely popular. Byju's at one point even reached a $22bn valuation. In 2015, 25% of students in India would take private tutoring according to the National Sample Survey Office (NSSO).

Covid-19

Because of the COVID-19 pandemic, 1.5 million Indian schools were closed in March 2020 and 247 million children enrolled in elementary and secondary schools' access to education was imperiled.

Investment in EdTech in the country grew dramatically. As of 2021 the market size is about $700-800 million and should become $30 billion in the next 10 years.

However, only 25% of children had access to digital devices before the pandemic, only 55% of Indian people have an Internet connection and 84% use data to connect to the Internet.

In July 2020, a survey of all Indian states revealed that national and state strategies have varied widely in trying to provide education to all children.

India’s Worst Practices

Use of Facial Recognition in Education

Facial recognition has spread rapidly across India, and the classroom is no exception.

There have been two primary initiatives using facial recogntion in the education environment in India.

Facial recognition for access

The Central Board of Secondary Education (CBSE) have started using facial recognition technology to provide students with access to their academic documents for classes 10 and 12. At the time of writing this report, this repository of student's face data still doesn't have a privacy policy and is hosted on DigiLocker who's privacy policy failed to mention processing, sharing, or storing biometric information.

In a response to Right to Information (RTI) requests submitted by the Internet Freedom Foundation (IFF), CBSE said that “they were not using facial recognition technology instead they were using face matching technology.” In a response to a follow up request by IFF, the institution stated that its facial recognition system does not have a privacy policy because it is a “simple face matching process.” The distinction is nonsensical, a system that matches faces is a facial recognition system.

Yet we were unable to find any information on what steps the state authorities have taken to regulate and protect the processing the sensitive biometric data of students.

The system uses photographs that students submitted to the CBSE for their board certificates, but it's not clear whether CBSE ever asked or explained to families that those photographs may one day be repurposed in this way. These photos aren't really optional, as without them you can't take India's important central exams.

Even worse, source told MediaNama that "the system has just been launched, and the department will rectify any errors along the way" and “Everyone’s using facial recognition technology these days, right?". These quotes are deeply deeply worrying, and suggest a concerning indifference to the sensitivity of processing and storing the biometric information of children.

Facial recognition in class

In July 2019, Delhi became the first city to have CCTV cameras at public schools. The monitoring permitted parents to see their children inside classrooms for the first time in the country’s history. Regarding privacy concerns, at the time, Chief Minister Arvind Kejriwal said that "students do not come to schools for private work. They come to study, to learn discipline and to get mentored."

Following this announcement, the IFF filed a Right to Information request with the Education Department of the Government of NCT of Delhi to learn about the deployment of facial recognition technology in these CCTV cameras. Many schools answered the request by confirming that this technology was being used.

One response specified that the facial recognition was for the 'safety and security of students' without any further elaboration. Another said that facial recognition was helpful for 'theft, criminal activity, any mishap, tracing...'.

It is unclear, yet again, if parents, students, and teachers were consulted in the implementation of privacy invasive technology in their classrooms. Nor is it clear how the cameras will operate. Anushka Jain from the Internet Freedom Foundation told The Hindu BusinessLine:

"We don't know how long they're going to keep the data obtained for, how it’s going to be processed, who has access to it… if they are using it for security purposes, or is it being shared with the police? And if it's being shared with the police, whether any action has been taken based on facial recognition data?".

The lack of transparency around the installation of these cameras make assessing their use and operation extremely difficult for privacy experts and even more so for parents.

To begin with, facial recognition has persistently been shown to perform worse when recognising children, and black and brown people. It is vital that schools understand the potential consequences for their students if they are persistently misrecognised by facial recognition. This is particularly relevant especially if that facial recognition is being used for 'security' purposes.

However, what is most important is that privacy invasive technology - like facial recognition – should not be in classrooms for any purpose. Facial recognition in classrooms has already been banned or halted in disparate jurisdictions around the world, from China to Sweden because of how invasive it is.

Use of Personal Devices

Another trend has been Indian states adopting hardware and software already used in the personal sphere to deliver education. For example, the adoption of parents’ and children’s own devices and software, such as WhatsApp, to receive school assignments.

This is concerning for several reasons.

Firstly, the lack of transparency regarding what data is shared with the companies used. Even encrypted services, such as Whatsapp, involve sharing metadata about who someone is talking to, how often, etc. That means, potentially, asking students and parents to share a huge amount of data with a third party without any additional restrictions on how that third party can use that data regardless of how sensitive it might be.

Secondly, the lack of a formal public procurement procedure that would allow to vet the companies chosen and if correctly implemented would also ensure they compliant with data protection standards, as well as the lack negotiated data sharing agreement between the school and the company in question pose further risks for student's respect and protection of their human rights, including their right to privacy and access to an education.

Thirdly, this development raises further concerns regarding impering the right of childrent to have access to an education. Asking people to use personal devices assumes that they have a personal device, and everything else that device needs to fulfill the function, such as internet. As of 2021 just 43.5% of India's population had access to their own smartphone. It is vital that students and parents who do not have access to a smartphone do not lose out, including on informal connections and information from their teachers.

Regulation or the lack of it

Many of the problems discussed above are exacerbated by the lack of specific legisation to regulate various aspects of the process of acquiring and deploying education technology in schools.

India does not have a specific legislation for public procurement, relying instead on administrative rules, and sector-specific manuals that provide guidance. The lack of legislation on the subject brings legal uncertainty, opacity and a paucity of uniform standards for public procurement.

The current rules dispense with formal mechanisms for purchases up to a certain price. This can be hugely problematic, particularly in EdUcation where many technologies are offered to schools for 'free'. Despite not generating a financial costs for public entities, these technologies can still irreparably violate children’s privacy, data protection and other fundamental rights.

There is also no comprehensive data protection legislation, instead data protection regulation is fragmented, which can make it difficult to pick out the relevant legal requirements, interrogate whether they are respected in the process, and worse make it hard for students and their parents in this particular instance to defend their rights.

Similarly, there is no federal regulation or safeguards for facial recognition in India. That means there is little in the way of protection for those being surveilled using the technology.

In all these vital areas India's legal environment is concerningly laissez-faire, creating significant gaps and as a result opportunties for dubious entities to exploit children's data and surveil them in school putting their rights at risk. Privacy invasive technologies are introduced in schools without appropriate legal framework to regulate their deployment and without any safeguards to protect children against unlawful or abusive uses of such tools.

Conclusion

While education technology can offer important solutions to ensure children's access to an education, including by reaching remote areas or providing people with access to information they wouldn't have access before, all the examples presented above draw a different picture. One where surveillance technologies are introduced in schools not to educate children but to put them under constant surveillance that may follow and impact them throughout their life time. Ultimately, students shouldn’t have to trade their right to privacy in order to have access to an education. India's uptake of privacy intrusive technologies, and lack of comprehensive legal protections mean that EdTech has become a new frontier for exploitation.

It is vital that India takes urgent steps to:

• Ensure that EdTech is rolled out to strengthen students' access to an education and not to surveil them;
• Ban the use of facial recognition technologies in schools;
• Introduce appropriate legislation that regulates the procurement of EdTech technologies, their deployment, and use, including a strong data protection framework;
• Conduct human rights impact assessments, including data protection impact assessments before and during the deployment of any EdTech in schools;
• Ensure that EdTech does not result in discrimination and/or exclusion of any children from education; and
• Introduce safeguards to ensure children are being protected in school, including an independent body to monitor and enforce standards of EdTech in schools.