The question of privacy in virtual classrooms

Student working at home having a video conference with colleagues

The world has been moving online and education is no exception. The COVID-19 pandemic greatly accelerated the need for, and adaptation of, online learning technologies, with virtual classrooms becoming the new norm.

Yan Shvartzshnaider
Yan Shvartzshnaider

Yan Shvartzshnaider, assistant professor in the Department of Electrical Engineering and Computer Science at York University’s Lassonde School of Engineering, has been investigating the privacy and security risks that have accompanied the adoption of virtual classrooms.

Shvartzshnaider, like many other faculty members, was instructing in a standard lecture hall prior to the pandemic. After the pandemic hit in March 2020, he was forced to move his lectures online. This abrupt shift prompted him and his colleagues to examine the privacy implications of remote educational platforms.

The authors discuss the new threat model and the results of this investigation in the paper titled “Virtual Classrooms and Real Harms: Remote Learning at U.S. Universities,” which is to appear as part of the proceedings of The Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021).

“In an emergency situation our norms and privacy expectation change. We started using technologies like Zoom without fully considering all the privacy risks because we wanted to ensure our students finished their courses and studies,” said Shvartzshnaider. “The question now is what to do going forward and how can we avoid a ‘tyranny of the norm’ situation where these technologies are accepted everywhere but we haven’t spent the time to address their surrounding issues.”

Shvartzshnaider and his colleagues analyzed different universities’ data protection addenda, platforms’ privacy policies and more than 100 U.S. state educational privacy laws, in addition to performing a security analysis of the software to understand the information handling practices involving 23 different popular platforms.

“Many of these technologies were not designed with an educational context in mind. These platforms collect and share a lot of data and, despite being compliant with existing regulations, they could violate privacy norms and expectations,” said Shvartzshnaider. “As universities adopt these technologies it is important that they consider privacy and other potential harms when they use them to replicate the traditional lecture hall experience.”

The paper outlines several recommendations for mitigating potential harms from the use of virtual classrooms.

The authors encourage administrators to proactively seek feedback from instructors about their concerns and expectations about the major platforms the universities adopt. The universities should use this feedback to negotiate terms with platforms that address their specific needs. It is also vital for regulators and universities to collaborate to battle noncompliance and establish appropriate incentives for the platforms that would address potential harms.

Shvartzshnaider sees strong parallels with Canadian educational institutes where many of these platforms are also heavily used. He plans to examine the Canadian privacy regulation and other information governing institutions in his future work.

The full paper, “Virtual Classrooms and Real Harms: Remote Learning at U.S. Universities,” by Cohney Shaanan, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider and Madelyn Sanfilippo, is available at

About Yan Shvartzshnaider

Shvartzshnaider joined the Department of Electrical Engineering and Computer Science at York University’s Lassonde School of Engineering in 2021. He has since established the Privacy Rhythm Research Lab, where together with his team they focus on usable privacy, sociotechnical systems, contextual integrity and information technology policy. He was also the recent co-recipient of the Lee Dirks Award from iConference 2021.