European EdTech: Protecting Student Data

The Silent Data Crisis in European Schools

Across Europe, millions of children use educational technology every school day. They log into learning platforms, complete assignments, watch instructional videos, take quizzes, and interact with AI tutoring tools. Every click, every answer, every pause, and every mistake generates data — data that reveals not just academic performance but learning patterns, attention spans, behavioral tendencies, and developmental trajectories.

Much of this data flows to US-based companies. Google Workspace for Education, Microsoft 365 Education, and platforms like Kahoot (Norwegian-founded but US-headquartered), Khan Academy, and ClassDojo are deeply embedded in European school systems. These tools were often adopted rapidly during the COVID-19 pandemic, when schools needed digital solutions immediately and had little time to evaluate privacy implications. Years later, many of these tools remain entrenched, processing sensitive data about minors under legal frameworks far weaker than what European law requires.

Why Student Data Deserves Special Protection

Children’s data is not just another category of personal information. It is data about people who cannot consent meaningfully, who are still developing, and whose digital records will follow them for decades. A profile built from a child’s educational data — their strengths, weaknesses, behavioral patterns, learning difficulties — could influence future educational opportunities, employment prospects, and insurance assessments in ways we cannot fully predict.

GDPR recognizes this vulnerability explicitly. Article 8 sets specific conditions for processing children’s data, and Recital 38 states that children “merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned.” Several EU member states have set the age of digital consent at 16, meaning that for younger children, parental consent is required for data processing that goes beyond what is necessary for providing the educational service.

The problem with US edtech is not that it fails to provide useful educational tools. It often does. The problem is that these tools operate under a legal framework — FERPA and COPPA in the United States — that provides substantially weaker protections than GDPR, particularly for data use beyond the immediate educational context.

European EdTech Alternatives

Moodle

Headquarters: Perth, Australia (but with deep European roots and EU hosting options) Type: Open-source learning management system Used by: Universities, schools, and organizations worldwide

Moodle is the world’s most widely used open-source learning management system, and its deployment in European education is extensive. Because Moodle is open source, schools and institutions can host it on their own European servers or with EU-based hosting providers, ensuring complete data sovereignty. No data leaves the institution’s control.

Key capabilities:

• Course management with assignments, quizzes, forums, and multimedia
• Gradebook and competency-based tracking
• Plugin ecosystem with over 2,000 community-developed extensions
• SCORM and LTI compliance for interoperability
• Complete self-hosting control over data location and access

Many European universities and school districts run Moodle instances on local infrastructure, making it one of the most GDPR-aligned educational platforms available.

itslearning

Headquarters: Bergen, Norway Type: Cloud-based learning management system Used by: Schools and districts across Scandinavia, Germany, France, UK

itslearning is a European-built LMS designed specifically for primary and secondary education. The platform provides lesson planning, assignment distribution, assessment tools, communication features, and learning analytics — all hosted on European infrastructure and built with GDPR compliance as a core design principle rather than an add-on.

Key capabilities:

• Curriculum-aligned course design tools
• Assessment and rubric-based grading
• Parent communication portals
• Integration with national education systems
• Learning path and competency tracking

itslearning’s advantage is that it understands European educational contexts natively. The platform integrates with national curricula and educational standards across multiple European countries.

Anton

Headquarters: Berlin, Germany Type: Free learning app for schools Used by: Schools across German-speaking countries and expanding

Anton is a free educational app covering subjects from mathematics and language to science and music for students from primary school through secondary education. Developed in Berlin, Anton is explicitly designed for the European educational context, with GDPR compliance built into its architecture. The app is free for teachers and students, funded through optional premium features and institutional licenses rather than advertising or data monetization.

Key capabilities:

• Curriculum-aligned content for multiple subjects and grade levels
• Interactive exercises with immediate feedback
• Teacher dashboard for monitoring student progress
• Works offline on tablets and phones
• No advertising, no data selling

Practical Steps for Schools and Parents

The transition to European edtech does not need to happen overnight, but it should happen deliberately:

• Audit current tools: Schools should inventory every digital tool students use and assess where data is processed and under what jurisdiction
• Prioritize the core platform: The LMS is the most data-intensive tool. Migrating to Moodle or itslearning addresses the largest data flow
• Ask vendors the right questions: Where is student data stored? Under what jurisdiction? Who has access? Is the data used for any purpose beyond providing the educational service?
• Involve data protection officers: European schools are required to consider data protection when adopting new tools. The DPO should be part of procurement decisions
• Advocate as parents: Parents have the right to ask schools what data is collected about their children and where it is processed

The Bottom Line

Children do not get to choose what educational technology their school uses. That decision is made by administrators, teachers, and policymakers, and it carries long-term consequences for student privacy. European edtech alternatives like Moodle, itslearning, and Anton demonstrate that schools do not need to hand student data to US corporations to provide effective digital learning. These platforms are built for European educational systems, governed by European data protection law, and designed around the principle that student data exists to serve education, not to fuel commercial data ecosystems. Every European school has the right and the responsibility to make that choice deliberately.