"It's not approved, but many, like myself, ignore the rule": Investigating the Landscape and Consequences of Unsanctioned Technology Use in Educational Institutes

TL;DR

This study investigates the landscape and consequences of unsanctioned technology use in K–12 and higher education, addressing privacy, security, and regulatory risks. Through sequential surveys of $n=375$ educators listing $1,373$ unsanctioned apps (yielding $494$ unique) and $n=21$ administrators, it reveals widespread use driven by pedagogical utility and convenience, with minimal policy awareness and enforcement. The findings show notable privacy and security incidents, data leakage risks, and regulatory concerns, alongside governance and cultural factors that sustain unsanctioned adoption. The authors propose privacy-oriented governance, educator engagement through privacy champions, and critical app evaluation as practical steps to reduce risk while preserving educational effectiveness. Overall, the work highlights the need for updated policies, better awareness, and collaborative approaches to align educational technology use with privacy, security, and regulatory requirements.

Abstract

Educators regularly use unsanctioned technologies (apps not formally approved by their institutions) for teaching, grading, and other academic tasks. While these tools often support instructional needs, they raise significant privacy, security, and regulatory compliance concerns. Despite its importance, understanding the adoptions and risks from the perspective of educators, who serve as de facto decision makers behind unsanctioned technology use, is largely understudied in existing literature.To address this gap, we conducted two surveys: one with 375 educators who listed 1,373 unsanctioned apps, and another with 21 administrators who either often help educators to set up educational technologies (EdTechs) or observe their security or privacy incidents. Our study identified 494 unique applications used by educators, primarily for pedagogical utility (n=213) and functional convenience (n=155), and the associated risks were often ignored. In fact, despite security and privacy concerns, many educators continued using the same apps (n = 62), citing a lack of alternatives or heavy dependence as barriers to discontinuation. We also found that fewer than a third of educators were aware of any institutional policy on unsanctioned technology use (K12: 30.3%, HEI: 24.8%), and 22 knowingly violated such policies. While 107 received formal warnings, only 33 adjusted their behavior. Finally, we conclude by discussing the implications of our findings and future recommendations to minimize the risks.