The publication of the resolution comes two days after investigation reports were issued by privacy commissioners in Alberta and Ontario into a massive privacy breach involving EdTech used in schools.
As Canada marks National Child Day, privacy authorities from across the country have issued a joint resolution to help ensure that privacy rights and the best interests of children are paramount in the development, procurement, and deployment of educational technologies (EdTech). The resolution was unanimously adopted at the annual meeting of Canada’s information and privacy regulators in Banff, Alberta, on October 8, 2025, hosted by the Information and Privacy Commissioner of Alberta.
Educational technologies have become deeply embedded in the way that education is delivered. They are now a central feature of Canadian classrooms particularly since their adoption increased exponentially during the COVID-19 pandemic.
EdTech includes technologies that support curriculum delivery, content engagement, attendance, and testing and assessment of students in elementary, secondary and post-secondary institutions.
However, they can also introduce new risks to privacy — especially for children and young people who have no choice but to use educational platforms that collect and use their personal information in the classroom. Such risks include significant data breaches, student profiling, biometric surveillance, and manipulative design.
The joint resolution affirms that the right to education and the right to privacy are fundamental and interdependent rights. It calls on governments to assume their responsibility for ensuring student privacy when assessing or authorizing EdTech; education institutions to protect privacy throughout the procurement process; and vendors to design privacy-protective tools that take the best interests of children into account.
Taking children’s best interests into account when procuring, designing or implementing EdTech means, among other things:
- Embedding privacy by design into products and services;
- Following data-minimization principles;
- Ensuring that safeguards are proportionate to the sensitivity of collected information;
- Avoiding design practices that would influence, manipulate or coerce users into making decisions that go against their privacy interests;
- Building in appropriate access controls and encryption;
- Establishing privacy settings to their most protective level by default;
- Prioritizing privacy protection when selecting educational technologies; and
- Funding and implementing digital education and privacy training and digital literacy skill development.
“This joint resolution, passed in early October, follows strong statements in previous years on this topic made by myself and my privacy colleagues across the country,” said Diane McLeod, Alberta Information and Privacy Commissioner. “It also supports one of the key goals of my office. My business plan states that one of my highest priorities is to identify, facilitate and support opportunities to enhance access and privacy education and protections for children and youth. The importance of this goal is highlighted by the investigation reports issued earlier this week by my office and the Office of the Information and Privacy Commissioner of Ontario into the massive PowerSchool privacy breach involving schools in both provinces, as well as educational bodies around the world. More than 700,000 individuals in Alberta were affected by this breach, including students, staff and parents/guardians. Our investigation reports made critical recommendations to reduce privacy risks and ensure privacy is enhanced and protected as schools continue to utilize EdTech, which also provides many benefits to students and schools. Similarly, this resolution calls on governments, schools, school boards, administrators, post-secondary institutions, and EdTech vendors to take actions that will help all parties effectively navigate the risks for a safe, secure and responsible digital education experience.”
Quick facts
- Canada’s privacy authorities include federal, provincial and territorial information and privacy commissioners and ombuds responsible for privacy law oversight.
- National Child Day is celebrated in Canada and many countries around the world on November 20 to acknowledge the importance of children’s rights. It commemorates the day in 1989 when children’s human rights were recognized in the United Nations Convention on the Rights of the Child.
Through the OIPC, the Information and Privacy Commissioner of Alberta performs the responsibilities set out in Alberta’s access to information and privacy laws, the Access to Information Act, the Protection of Privacy Act, the Freedom of Information and Protection of Privacy Act during the transition period, the Health Information Act, and the Personal Information Protection Act. The Commissioner operates independently of government.
Related links
- Resolution: Protecting the privacy of children and youth in the classroom through responsible educational technologies
- Provincial and territorial collaboration
For more information, contact:
Elaine Schiman
Communications Manager
Office of the Information and Privacy Commissioner of Alberta
communications@oipc.ab.ca
Mobile: (587) 983-8766
www.oipc.ab.ca