Communications Litigation Today was a Warren News publication.
'Shocked and Alarmed'

Educational Platform Surveilled Students' iPad Activity Without Parents' Consent: Suit

K-12 educational platform Securly “knowingly and willfully surveilled” student activity on their school-issued devices and collected their geolocation data without proper consent, alleged a privacy class action Wednesday (docket 0:24-cv-02159) in U.S. District Court for Minnesota in St. Paul.

Nicole Hunter filed the lawsuit on behalf of her minor child S.M., alleging that Securly, in conjunction with the St. Paul Public Schools (SPPS) district, “operated its surveillance software without notifying parents or students that it was surveilling students both at school and at home, regardless of the nature of the activity occurring on students’ school-issued devices.” The actions violated the students’ privacy rights, it said.

S.M. was given an Apple iPad from SPPS for distance learning at school and personal use at home and on campus, said the complaint. At all times, S.M. used the tablet for personal searches, accessing social media and for educational searches, the complaint said. Hunter and S.M. were unaware that Securly software was surveilling her activities until Hunter received an automated email summarizing the middle school student’s activities, with an offer to view more if Hunter signed up for a Securly account, it said. The email was delivered to Hunter after the defendant “had already been engaged in surveillance of S.M.,” it alleged.

Unbeknownst to S.M. and Hunter, SPPS installed Securly software on the iPad, which, “among other things, tracked S.M.’s geolocation, keystrokes and web searches, websites visited, and videos watched,” the complaint alleged. Hunter was never provided with "any disclosure, before surveillance began, that her minor child’s location, personal communications, and searches were being tracked and intercepted by Defendant, or that S.M.’s video-viewing habits would be shared with third parties," it said.

Hunter was “shocked and alarmed” when she learned the defendant had “intercepted and disclosed this information to third parties without her or her child’s knowledge or written or verbal consent,” said the complaint. Hunter received no prior notice, nor was she given an opportunity to consent or decline to the surveillance on behalf of S.M. until she received her child’s activity report, it said.

Students and parents weren’t made aware of Securly’s presence on their devices until a Sept. 16, 2022, email notified parents, said the complaint. An email a week later from SPPS said the Sept. 16 email “was not supposed to go live” before the school district communicated with families first, it said. “Evidently, the first notification that Securly software was surveilling S.M. and all Saint Paul Public School students’ school-issued device activity was sent in error,” it said. “Worse,” it said, SPPS has used Securely "for a few years” as its “content filtering tool that helps the district keep students safe on the internet when using their iPads at school and at home.”

Securly’s software uses AI to “to monitor emails, documents and social media messages to look for clues into a student’s well-being,” said the complaint, citing company documentation. It does so by analyzing the content and context of a message, “rather than just keywords” and relies on “enhanced” page and screen scans of the student’s activity, it said. In turn, the software “provides visibility into online activity via emailed or downloaded reports and sends notifications for flagged content … whether students are working at school or at home” to parents and school administrators, it said. “No student activity goes unchecked,” says the documentation.

In addition to monitoring student activity, Securely is a “location tracker, collecting location data from elementary, middle, and secondary school students via their school-issued devices, in violation of Minnesota state law,” the complaint said. “Under the guise of student safety,” Securly “vortexes significant amounts of private, student educational data, including online sites visited, videos watched, and search terms entered by students,” it said.

Securly sends parents their children's device activities in the form of “teaser” emails encouraging them to download its mobile app to sign up for paid versions of its software, alleged the complaint. The teaser emails reveal to parents “snippets of their child’s web search history, in-app usage (including messages sent and received), and videos viewed -- with the suggestion that parents can see more information by acquiring additional Securly products,” it said.

The teaser emails aren’t limited to educational information, the complaint said. Unbeknownst to students, the emails contain “school-related searches and personal internet activities that occurred while at home or at other locations outside of school, often containing harmless, but sometimes very embarrassing, online activities by the children,” alleged the complaint. “Most concerning,” it said, Securly “repurposes this type of sensitive information to promote its mobile app.”

The plaintiff suffered emotional harm by way of annoyance, invasion of privacy by way of disclosure of private facts, invasion of privacy by intrusion upon seclusion, and through nondisclosure of required information, alleged the complaint. She asserts violation of the Minnesota Government Data Practices Act and the federal Electronic Communications Privacy, Computer Fraud and Abuse and Wiretap Acts. She seeks awards of statutory damages, prejudgment interest and attorneys’ fees, plus injunctive relief. Securly didn't comment.