By Katarina Guder, PhD Candidate, University of Canterbury
It is 3 months ago that EdTechNZ launched its Privacy Pledge in August 2025, as a way for members to signal a commitment to privacy and as a stepping stone towards the Safer Technologies for Schools (ST4S) certification. If you are still on the fence, and this is in the important but not urgent category, here is some food for thought.
Globally, the conversation is shifting. Regulators, schools, and parents are asking harder questions about how student data is collected, stored, and used. For New Zealand firms, the Privacy Pledge is an opportunity to show leadership — to build confidence with schools and whānau, and to align with international standards before the pressure of regulation makes it mandatory.
A tightening regulatory environment
Across the world, governments are tightening the rules. Denmark has already banned Google Workspace and Chromebooks in schools, the UK has rolled out its Children’s Code and Online Safety Act, and the EU AI Act is classifying many education-related AI systems as high risk. These developments are not abstract—they directly shape the operating environment for EdTech providers. Closer to home, in Australia, it isn’t just social media that is being viewed critically – there are increasing requirements for schools to consider ST4S assessments in their EdTech decision making.
Here in Aotearoa, the Children’s Privacy Project, spearheaded by the Privacy Commissioner, has made it clear: we need stronger, more transparent protections for tamariki and rangatahi. The project has prioritised guidance for the education sector, which is expected in the new year, which reflects the same growing urgency at home as we see internationally.
In this context, New Zealand’s Privacy Pledge is more than a symbolic gesture. It is a proactive move that positions local firms ahead of the curve, showing schools and whānau that trust and transparency are built into the DNA of “Made in NZ” solutions.
The increasingly digitised education system needs stronger data practices for both security and ethical reasons. But arguably, the technology can just as easily be the solution rather than the problem.
Privacy by Design
By embedding privacy into design, EdTech companies can position themselves as trusted partners to schools, whānau, and regulators alike. This isn’t just a technical task however. It’s a strategic commitment to transparency, integrity, and long-term trust. These questions can help guide that journey:
- Are your privacy and data management policies clear, accessible, and written in plain language? Clarity builds confidence with both educators and carers.
- Does your product architecture prioritize privacy by design? Techniques like on-device processing, anonymisation, encryption, and data minimisation reduce exposure and enhance safety.
- When collecting data for research or product development, is the purpose specific, the duration limited, and consent explicit? Be clear about the “why,” not just the “what.”
- Does your business model respect user privacy? Moving away from data monetisation opens pathways for ethical models—subscriptions, institutional partnerships, and even open-source collaborations.
- Have you assessed yourself against the ST4S framework, or a privacy impact assessment (PIA) to look at your product through a customer lens? If not, the privacy pledge is a good place to start.
Done well, privacy-first design leads to products that are cleaner, safer, and more future-proof. It also leads to more considered and targeted use of data.
So why not get on the front foot?
A privacy-first approach isn’t just the right thing to do— trust in EdTech matters, and may well be what sets you apart from competitors
Across sectors, companies like Apple and DuckDuckGo have built entire brands around privacy, proving that ethics can drive market share. Designing for privacy often results in better, more focused products that serve users, not advertisers
The intentional design also builds trust – your privacy policy, your secure infrastructure and your user controls will reassure schools and their stakeholders, who will be increasingly wary of opaque data practices. Your investors will also take note as privacy is becoming a marker of quality and sustainability.
And lastly, future proofing your service offering for privacy now, will avoid the cost of complex rework and suboptimal retrofitting, when regulation and customer expectations change.
New Zealand’s EdTech sector is perfectly placed to lead here. With our world-class education values, nimble innovation culture, and deep commitment to children’s wellbeing, we can build tools that are not only effective—but also deeply ethical.
If it’s made in New Zealand, let it stand for something. Privacy-first EdTech isn’t just a regulatory hedge. It’s a hallmark of innovation and integrity, a mark of quality, and—most importantly—a promise to our kids.
About the Author
Katarina Guder is a PhD candidate at the University of Canterbury, specialising in digital innovation in schools and children’s privacy. A former technology executive and LSE graduate with global experience in digital transformation, she now bridges policy, research, and practice to advocate for ethical, future-ready EdTech. Katarina is passionate about ensuring that digital solutions are trusted, transparent, and built with tamariki in mind. Katarina has two pre-teen children and lives in Christchurch.
Sources
- EdTechNZ: The Aotearoa EdTech Data Privacy Pledge – Your gateway to ST4S
- Tech New Zealand: The Aotearoa EdTech Data Privacy Pledge Has Launched!
