AI in Language Education · Principle I: Safe
Guideline 2: Safeguard data security
& digital safety of all participants
& digital safety of all participants
Education providers have a duty of care to ensure privacy and data security for everyone involved in language teaching and learning.
1
Types of data AI tools collect
Voice recordings
Writing samples
Cookies & identifiers
Device information
Behavioural metrics
Engagement data
Prompts & uploads
Metadata
Intentional data
Data provided when registering or logging in — usernames, emails, profile details shared directly with the platform.
Incidental data
Data collected passively through cookies, device tracking, engagement patterns — often without the user's active awareness.
2
Key data risks in educational AI
RISK AREAS
What teachers need to watch for
Hard-to-erase data: Prompts, voice samples and metadata may be retained in ways that are difficult or impossible to delete (Zhu & Wang, 2025).
Profiling risks: Even anonymised data can reveal association with minoritised linguistic groups, learning differences, or religious and political affiliations.
Data mining: Educational data may be repurposed for unauthorised model training, commercial use, or surveillance beyond the classroom.
Biased profiling: Learner profiles built from uneven linguistic proficiency data can exacerbate bias and lead to flawed assessment outcomes.
3
Protecting vulnerable learners
Who is most at risk
Underage learners, migrants, refugees, asylum seekers, and linguistic minorities face the greatest risks from data mishandling.
Protective strategies
Use only trusted applications; minimise personally identifiable information in prompts; avoid sharing identifiable student work.
Data security practices
Check retention policies; verify deletion options; report suspected breaches promptly through institutional channels.
Vet tools carefully
Ensure data collection aligns with pedagogical needs. Ask: does this tool collect more data than our learning goals require?
Did you know?
In some countries, platforms like FOBIZZ allow teachers to create safe learning spaces without personal accounts or identifiable data, designed to comply with strict data protection regulations. Is there a similar alternative in your context?
Did you know? — ChatGPT opt-out
Go to chat.openai.com → Settings → Data Controls → toggle off "Improve the model for everyone." This prevents conversation data from being used to train OpenAI models. Similar opt-out settings exist on other platforms, though labels and scope vary.
4
Competence checklist
COMPETENCE 5
Evaluate data protection compliance
- Does my school have a published digital tools & data privacy policy?
- Who can I consult if unsure whether a tool is appropriate?
COMPETENCE 6
Identify types of data collected
- Does the tool require login? What data does it collect?
- How long does the tool store data? Can I delete it?
COMPETENCE 7
Assess proportionality of data collection
- Does this tool collect more data than our learning needs require?
- Could the same outcomes be achieved with less intrusive tools?
COMPETENCE 8
Raise awareness about data privacy risks
- How do I explain data risks to learners in practical terms?
- Have I discussed profiling or automated feedback implications?
COMPETENCE 9
Identify vulnerable learners at risk
- Are there learners whose data could put them at greater risk?
- How do I adapt AI use to protect their rights and identities?
COMPETENCE 10
Advocate for transparency policies
- Is there a space to raise data concerns in my institution?
- Can I initiate a discussion about responsible AI use in my school?
