March 2025
Tiffany Kwok
Christelle Tessono
This project has been funded by the Office of the Privacy Commissioner of Canada (OPC); the views expressed herein are those of the author(s) and do not necessarily reflect those of the OPC.
BOLD IDEA: As generative AI tools become commonplace for children and teenagers, so must governments, school administrators, and technologists introduce new practical privacy policy interventions.
Chatbots as digital companions, AI-driven teaching tools, and content-generation tools are all examples of how generative AI (genAI) is transforming how young people learn, connect, and express themselves.
However, the rapid rise of genAI use has exposed youth to unprecedented privacy risks. Unlike adults, children and teenagers often trust technology— and now AI systems—without fully understanding how they work, making young people more vulnerable to data collection, manipulation, and exploitation.
From unauthorized data collection and profiling to the spread of deepfake child sexual abuse material (CSAM) to AI-generated cyberbullying, genAI is already amplifying the risks youth face online. Policymakers, technologists, educators, and parents must act now to implement concrete safeguards and mitigate harm.
This report examines the unique privacy risks children and teenagers face when using genAI tools, particularly in educational and social media settings. Using a mixed-method research approach, including a literature review, expert interviews, and case studies, the report assesses existing policy frameworks, identifies gaps in protections, and recommends best practices for policymakers, technologists, educators, and parents to mitigate risks and enhance youth privacy.
By embedding youth privacy protections into AI design, governance, and educational policies today, we can ensure that the next generation experiences the benefits of AI without compromising their safety, security, or autonomy.
The growing use of generative AI tools follows a decades-old trend in digitization, whereby an increasing number of activities are mediated through digital platforms.
According to the Organisation for Economic Cooperation and Development (OECD), generative AI can be defined as AI models that “create new content in response to prompts, based on their training data.”5 GenAI applications can be used to generate text, code, images, audio, and video. There are an increasing number of companies that are developing or adopting generative AI tools in their products. These technological developments can be experienced across multiple sectors, for example in healthcare (e.g. patient case notes, clinical diagnostics, etc.), in the banking sector (e.g. as client-facing chatbots), in the financial sector (e.g. as virtual assistants for market research), and in education (e.g. for curriculum development and student assessment). However, for the purposes of this report, we will focus on genAI tools that are directly present in everyday lives of Canadian children and teenagers through K-12 education as well as on social media platforms.
In recent years, digitization has led to the use of big data analytics to optimize student performance at school.6 Technology is usually adopted for the following purposes: information search (e.g. digital libraries), school management (e.g. communications with parents, teachers, and students), and teacher educational tools (e.g. quizzes, automated proctoring, or grading). Right now, the use of genAI in schools is growing. An increasing number of companies have developed technologies for learning purposes, or are now adopting genAI applications as a part of their existing products. Generative AI companies are also adapting their technologies to operate in educational contexts.
In terms of uses of genAI in social media, we know it is currently being to train and serve as chatbots,7 to create content on platforms (video, images, text, audio, etc.), as well as to train algorithms from metadata and other types of user-generated content. Another related context that we believe is important to note, but are not within scope of this report, is in video game development.8 Furthermore, generative AI tools are increasingly being used in the provision of mental health support such as crisis help-lines.9 Companies will develop chatbots using the transcripts from help-line phone calls to train their systems.
Table 1: A non-exhaustive list of popular uses of generative AI in education and on social media platforms
| Application | Name | Utility for school boards and educators | Utility for youth | Risks to youth |
|---|---|---|---|---|
| Conversational Chatbot / Companion AI | -Character.AI -Replika -Snapchat’s My AI -Meta AI | Teacher’s assistant | Emotional support on social media | Develop strong emotional bonds Receive false, problematic, harmful or misleading information Sensitive and personal information is used by malicious actors against youth |
| Image, audio and video generation and editing | -Dall-E -Stable Diffusion -Adobe -Google’s Veo 2 -Canva -Suno | Create visual and auditory content for pedagogical purposes | Visual and audio content for assignments Create memes and humorous content for social media | Pictures, video and audio from the youth could be edited to (un)intentionally harm them CSAM (child sexual abuse material) developed by malicious actors Media developed could be unrepresentative and perpetuate harmful biases |
| Translation | -HeyGen | Translate to promote accessibility and comprehension | Support reading comprehension, translation to native language etc. | Poor and inaccurate translation of concepts may further marginalize youth, which may lead to poor academic performances and sense of belonging |
| Text editor, text generation | -Grammarly -OpenAI’s ChatGPT -Microsoft Copilot -Google’s Gemini | Curriculum development, automated grading, assessment development | Essay drafting and editing, coding development, editing, problem solving, summarize text, support reading comprehension | Inability to apply and understand academic integrity norms Overreliance on tools may lead to undeveloped critical thinking and writing skills |
| Academic assessment, Teaching Assistant, AI-based tutoring | -Quizlet -Khanmigo -Brisk -SchoolAI -Quizizz | Develop grading rubrics, create quizzes, tests, exams and other assessment methods | Practice quizzes, tests, exams and other assessment methods | Assessments and AI-based tutoring may not accurately grasp students’ learning style and needs |
| Literature scanning, academic search engines | -Perplexity -R3-Elicit | Find and analyze scholarship as well as primary and secondary sources | Find and analyze scholarship as well as primary and secondary sources | Degradation of reading comprehension and research skills |
| Learning management system | -Google Classroom -Canvas* | Organize learning materials and student-teacher communications in a central platform | Access learning materials and student-teacher communications in a central platform | Sensitive and personal information may be exposed due to cyber attack |
| *The above learning management system examples have integrated features (E.g. Google Workspace for Education has Gemini) | ||||
Recognizing privacy harms specific to children and teenagers is vital as genAI tools continue to become more widely used. Virtual learning environments currently being adopted in education feature information technology infrastructures that enable continuous data collection—which include, but are not limited to, student records, grades, geolocation, browsing habits, and personal information.10 In the absence of technical and policy guardrails preventing how data is collected and subsequently used, student information can be sold to a third-party and used for purposes that schools, teachers, and students did not consent to or are unaware of.11 Even if anonymized, student data collected by genAI tech providers can be re-identified and used for other purposes (malicious or commercial) by a third-party or the provider themselves as re-identification techniques have increasingly become more sophisticated.12 For instance, a study conducted by Na et al. (2018) showed that a machine-learning algorithm was able to re-identify approximately 80 percent of children and 95 percent of adults based on de-identified physical activity data.13 This indicates the ease with which sensitive data can be exposed to advertisers, governments, and strangers.14
In recent years, a growing number of institutions have experienced data breaches from cybersecurity attacks. For instance, the Toronto District School Board uses PowerSchool, a cloud-based program to store student and staff information. In January 2024, PowerSchool was hacked, which led to sensitive personal data from 1985 to 2024 to be compromised, including medical information, home addresses, health card numbers, student names, and dates of birth among others.15 GenAI technology providers are not immune to this problem. Other cases indicate that the risks are present, such as Character.ai’s data breach of usernames, voices, and chats due to internal error,16 and now defunct educational technology company AllHere’s mismanagement of sensitive student data, as called out by a whistleblower.17
The adoption of digital technologies in the classroom undermines traditional norms of intellectual privacy and safety.18 Prior to digital technology adoption, classroom discussions, assignments, performance indicators, and other relevant metrics, didn’t leave the classroom or the school. Students were free to discuss without concern that what they contribute to the classroom would not be used in other contexts. Now, the classroom extends to wherever the student accesses it, with their laptop, tablet, and even smartphone. Digital technologies are constantly tracking their performance, as well as having access to information outside the classroom such as their geolocation and lifestyle habits (e.g. extracurricular interests, nutrition, browsing history, etc). The large amounts of data collected about students enables unprecedented forms of surveillance. As illustrated in Figure 1, through the adoption of digital technology in the classroom, data flows between not only students and their teachers, but also between the educational technology platforms, providing data to third parties, and potential adversarial actors looking to use data in harmful ways. This raises a range of risks to the individual—from having their data sold to marketers for targeted advertising,19 to having data ”profiles” created that have the potential to follow students into adulthood, despite changing privacy preferences.
Figure 1: This model depicts data flows between students, instructors, schools, platforms, third parties, and adversarial actors. This model was developed by Cohney et al. (2021).20
Moreover, social media platforms have a wide range of privacy implications that may affect the children and youth who use them.21 With the growing adoption of genAI, the risks of privacy violation and data breaches increase. For instance, platforms such as Snapchat have launched conversational chatbots that act as companions to their users. The information that is disclosed by youth through these conversations can be used by platforms for a variety of undisclosed purposes.22 For example, although there are mechanisms in place to “collect consent,” the process by which it is collected is often unclear, so user data is not collected via informed consent. Further, we do not know whether this data is de-identified and anonymized.
Other types of harms beyond privacy are also important to mention. For instance, researchers have raised concerns about the degradation of pedagogical conditions. This concern builds on the decades-long digitization of education, whereby a teacher’s autonomy is compromised through the displacement of grading and curriculum delivery onto automated decision-making tools. Furthermore, since a majority of these tools are developed by for-profit technology providers, there is also a concern that pedagogical decisions are being shaped by these corporate interests instead of the public interest.23 In this case, genAI would accelerate this trend due to the technology’s advanced capabilities.
Experts we spoke with raised concerns that genAI is eroding educational norms and values such as academic integrity, attribution, and originality. Other concerns include the degradation of critical thinking skills of students due to heavy reliance on generative AI tools to interpret texts.24 Regarding its application in school settings for skills identification and career counselling, there are concerns that students won’t be adequately evaluated, which could be detrimental to their professional development.
Beyond AI’s impact on learning and academic performance, experts also raised concerns about the hyper-personalization of education afforded by genAI tools. Hyper-personalization refers to the set of technical approaches that analyze student learning patterns and capabilities to develop exercises and interfaces that ensure better engagement and performance outcomes. Specifically, experts argued that these technologies will facilitate the isolation of youth and increase challenges in developing strong social bonds with their peers. This could render youth even more vulnerable to phishing and catfishing scams as well.
Finally, and this is an issue that predates genAI tools, there are risks of ingrained biases and potentially discriminatory outputs, as genAI tools may not capture all lived realities, and histories of marginalization due to an overrepresentation of dominant Western epistemologies. For instance, this may look like adopting derogatory language such as slurs, creating contested socio-political framings (e.g. not recognizing a particular Indigenous nation), or assuming gendered representations of work (e.g. only presenting men as doctors) to name a few examples.25 Moreover, “hallucinations”, the term for chatbot responses that contain false or misleading information, are also significant problems with genAI technologies.26 This may lead to not only misunderstanding issues and academic material, but may also expose students to harmful practices (e.g. if a user asks about nutritional or health advice for instance and gets a non-standard answer or advice).
On social media platforms, genAI can harm youth when bad actors use it to create child sexual abuse material (CSAM) deepfakes of minors. There are growing cases nationally and internationally, where bad actors will use tools like open-source image platform Stable Diffusion to create this harmful imagery.27 It is also important to note that both youth (e.g. classmates, teammates, peers, etc), as well as malicious adult actors, can engage in this harmful behaviour.
There has also been an increase in the popularity and use of conversational chatbots. Examples of companies include Character.AI and Replika. These tools are often designed to optimize engagement, and as a result may lead to users developing deep emotional connections that open the door to a variety of mental health challenges. For instance, in October 2024, a 14-year-old American tragically died by suicide after developing an intense emotional attachment with a companion AI.28
1
Nomisha Kurian, “‘No, Alexa, No!’: Designing Child-Safe AI and Protecting Children from the Risks of the ‘Empathy Gap’ in Large Language Models,” Learning, Media, and Technology (2024): 1-14, doi:10.1080/17439884.2024.2367052.
2
Sara M. Grimes, Alissa N. Antle, Valerie Steeves, and Natalie Coulter, “Responsible AI and Children: Insights, Implications, and Best Practices,” CIFAR, April 2024, https://cifar.ca/wp-content/uploads/2024/04/CIFAR-Responsible-AI-and-Children-EN_Final.pdf. As defined in this CIFAR report, dark patterns refer to “elements that draw on behavioural science, user data, and predictive algorithms to manipulate users into doing things they don’t want to do.”
3
Yena Lee, “Thorn and All Tech Is Human Forge Generative AI Principles with AI Leaders to Enact Strong Child Safety Commitments,” Thorn, July 16, 2024, https://www.thorn.org/blog/generative-ai-principles/.
4
Siladitya Ray, “Samsung Bans ChatGPT Among Employees After Sensitive Code Leak,” Forbes, May 2, 2023, https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/; James Vincent. “Apple Restricts Employees from Using ChatGPT over Fear of Data Leaks,” The Verge, May 19, 2023, https://www.theverge.com/2023/5/19/23729619/apple-bans-chatgpt-openai-fears-data-leak; Catherine Thorbecke, “Don’t Tell Anything to a Chatbot You Want to Keep Private,” CNN Business, April 6, 2023, https://www.cnn.com/2023/04/06/tech/chatgpt-ai-privacy-concerns/index.html.
5
“AI Language Models: Technological, Socio-Economic and Policy Considerations,” OECD Digital Economy Papers, vol. 352, April 13, 2023, https://doi.org/10.1787/13d38f92-en.
6
Elana Zeide and Helen Nissenbaum, “Learner Privacy in MOOCs and Virtual Education,” Theory and Research in Education 16, no. 3 (2018): 280–307, https://doi.org/10.1177/1477878518815340.
7
Aisha Malik, “Snapchat Taps Google’s Gemini to Power its Chatbot’s Generative AI Features,” TechCrunch, September 24, 2024, https://techcrunch.com/2024/09/24/snapchat-taps-googles-gemini-to-power-its-chatbots-generative-ai-features/.
8
Bernard Marr, “The Role of Generative AI In Video Game Development,” Forbes, April 18, 2024, https://www.forbes.com/sites/bernardmarr/2024/04/18/the-role-of-generative-ai-in-video-game-development/; Rebecca Cairns, “‘Video Games Are in for Quite a Trip’: How Generative AI Could Radically Reshape Gaming,” CNN, October 23, 2023, https://www.cnn.com/world/generative-ai-video-games-spc-intl-hnk/index.html.
9
John Hendel, “Crisis Text Line Ends Data-Sharing Relationship with for-Profit Spinoff,” POLITICO, January 31, 2022, https://www.politico.com/news/2022/01/31/crisis-text-line-ends-data-sharing-00004001.
10
Elana Zeide, “The Structural Consequences of Big Data-Driven Education,” Big Data 5, no. 2 (2017), https://papers.ssrn.com/abstract=2991794; Anjali A. Nambiar, “Securing Student Data in the Age of Generative AI: A Tool for Data Privacy Enhancement in K12 Schools,” MIT Responsible AI for Social Empowerment and Education, 2024, https://raise.mit.edu/wp-content/uploads/2024/06/Securing-Student-Data-in-the-Age-of-Generative-AI_MIT-RAISE.pdf.
11
Elana Zeide and Helen Nissenbaum, “Learner Privacy in MOOCs and Virtual Education,” Theory and Research in Education 16, no. 3 (2018): 280–307, https://doi.org/10.1177/1477878518815340.
12
Boris Lubarsky, “Re-Identification of ‘Anonymized’ Data,” Georgetown Law Technology Review, April 2017, https://georgetownlawtechreview.org/re-identification-of-anonymized-data/GLTR-04-2017/.
13
Liangyuan Na, Cong Yang, Chi-Cheng Lo, et al., “Feasibility of Reidentifying Individuals in Large National Physical Activity Data Sets From Which Protected Health Information Has Been Removed With Use of Machine Learning,” JAMA Network Open 1, no. 8, (2018), https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2719130.
14
Karl Manheim and Lyric Kaplan, “Artificial Intelligence: Risks to Privacy and Democracy,” Yale Journal of Law and Technology 106, no. 21 (2019), https://yjolt.org/sites/default/files/21_yale_j.l._tech._106_0.pdf.
15
Laura Sebben, “PowerSchool Data Breach: Toronto Public School Students from 1985 to 2024 Impacted,” CTV News, January 20, 2025, https://www.ctvnews.ca/toronto/article/powerschool-data-breach-toronto-public-school-students-from-1985-to-2024-impacted/.
16
“Sharing More About the Recent Incident,” character.ai, December 17, 2024, https://blog.character.ai/sharing-more-about-the-recent-incident/.
17
Mark Keierleber, “Whistleblower: L.A. Schools’ Chatbot Misused Student Data as Tech Co. Crumbled,” The 74 Million, July 1, 2024. https://www.the74million.org/article/whistleblower-l-a-schools-chatbot-misused-student-data-as-tech-co-crumbled/.
18
Elana Zeide, “The Structural Consequences of Big Data-Driven Education,” Big Data 5 no. 2 (2017), https://papers.ssrn.com/abstract=2991794.
19
Kathryn C. Montgomery, Jeff Chester and Tijana Milosevic, “Ensuring Young People’s Digital Privacy as a Fundamental Right,” in International Handbook of Media Literacy Education (Routledge, 2017); “Privacy Considerations for Generative AI,” University of Illinois Urbana-Champaign, https://cybersecurity.illinois.edu/policies-governance/privacy-considerations-for-generative-ai/.
20
Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider and Madelyn Sanfilippo, “Virtual Classrooms and Real Harms: Remote Learning at U.S. Universities,” in Proceedings of the Seventeenth USENIX Conference on Usable Privacy and Security (2021): 653–73.
21
Nicholas D. Santer, Adriana Manago, Allison Starks, and Stephanie M. Reich, “Early Adolescents’ Perspectives on Digital Privacy,” Works in Progress, June 29, 2021, https://wip.mitpress.mit.edu/pub/early-adolescents-perspectives-on-digital-privacy/release/1.
22
Canada, Communications Security Establishment, “Why You Should Never Give Your Personal Information to AI,” Get Cyber Safe, December 6, 2024, https://www.getcybersafe.gc.ca/en/blogs/why-you-should-never-give-your-personal-information-ai; Mozilla Foundation, “How to Protect Your Privacy from ChatGPT and Other AI Chatbots,” *Privacy Not Included, July 18, 2024, https://foundation.mozilla.org/en/privacynotincluded/articles/how-to-protect-your-privacy-from-chatgpt-and-other-ai-chatbots/; Jennifer King and Caroline Meinhardt, Rethinking Privacy in the AI Era: Policy Provocations for a Data-Centric World, Stanford University: Human-Centered Artificial Intelligence, February 2024, https://hai.stanford.edu/sites/default/files/2024-02/White-Paper-Rethinking-Privacy-AI-Era.pdf.
23
Elana Zeide, “The Structural Consequences of Big Data-Driven Education.” Big Data 5, no. 2 (2017), https://papers.ssrn.com/abstract=2991794.
24
Michael Gerlich, “AI Tools in Society: Impacts on Cognitive Offloading and the Future of Critical Thinking.” Societies 15, no.1 (2025): 6, https://doi.org/10.3390/soc15010006.
25
Emily M. Bender, Timnit Gebru, Angelina McMillan-Major and Shmargaret Shmitchell, “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?” in Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (2021): 610–23, https://doi.org/10.1145/3442188.3445922.
26
Ziwei Ji, Nayeon Lee, Rita Frieske, Tiezheng Yu, Dan Su, Yan Xu, Etsuko Ishii, Ye Jin Bang, Andrea Madotto, and Pascale Fung, “Survey of Hallucination in Natural Language Generation,” ACM Computing Surveys 55, no. 12 (2023): 248:1-248:38. https://doi.org/10.1145/3571730.
27
Angus Crawford and Tony Smith, “Illegal Trade in AI Child Sex Abuse Images Exposed,” BBC News, June 27, 2023, https://www.bbc.com/news/uk-65932372.
28
Henry Fraser, “Deaths Linked to Chatbots Show We Must Urgently Revisit What Counts as ‘High-Risk’ AI,” The Conversation, October 31, 2024, http://theconversation.com/deaths-linked-to-chatbots-show-we-must-urgently-revisit-what-counts-as-high-risk-ai-242289
29
“PIPEDA Requirements in Brief,” Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/; Personal Information Protection and Electronic Documents Act, SC 2000, c 5.
30
“The Privacy Act in Brief,” Office of the Privacy Commissioner of Canada, Privacy Act, RSC 1985, c P-21,” https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-privacy-act/pa_brief/.
31
“PIPEDA Requirements in Brief,” Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/; Personal Information Protection and Electronic Documents Act, SC 2000, c 5.
32
Bill C-27, An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts, 1st Sess, 44th Parl, 2022.
33
“About the OPC,” Office of the Privacy Commissioner of Canada, April 8, 2024, https://www.priv.gc.ca/en/about-the-opc/.
34
“PIPEDA Fair Information Principles,” Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/.
35
Bill 194, Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024, 1st Sess, 43rd Parl, Ontario, 2024.
36
Act respecting the protection of personal information in the private sector, P-39.1, Quebec, 2024.
37
“Considerations for Using AI Tools in K-12 Schools,” Ministry of Education and Child Care, https://www2.gov.bc.ca/assets/gov/education/administration/kindergarten-to-grade-12/ai-in-education/considerations-for-using-ai-tools-in-k-12-schools.pdf.
38
“L’utilisation pédagogique, éthique et légale de l’intelligence artificielle générative – Guide destiné au personnel enseignant – 2024-2025,” Ministère de l’Éducation Quebec, https://cdn-contenu.quebec.ca/cdn-contenu/education/Numerique/Guide-utilisation-pedagogique-ethique-legale-IA-personnel-enseignant.pdf.
39
“Recommended Approaches to Generative Artificial Intelligence,” Government of New Brunswick, 2024, https://plhub.nbed.ca/wp-content/uploads/sites/10/2024/02/Recommended-Approaches-to-Generative-AI.pdf.
40
“WCDSB AI Guidelines,” WCDSB, https://innovate.wcdsb.ca/ai/.
41
“Artificial Intelligence at the OCSB,” OCSB, August 23, 2024, https://www.ocsb.ca/why-ocsb/humane-use-of-technology/artificial-intelligence-at-the-ocsb/.
42
Cheng-chi (Kirin) Chang, 2024, “When AI Remembers Too Much: Reinventing the Right to Be Forgotten for the Generative Age,” 19 Washington Journal of Law, Technology & Arts 22 (2024), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4868555.
43
Generative AI: The Data Protection Implications, CEDPO AI Working Group, October 16, 2023, https://cedpo.eu/wp-content/uploads/generative-ai-the-data-protection-implications-16-10-2023.pdf.
44
“Intelligenza artificiale: il Garante blocca ChatGPT. Raccolta illecita di dati personali. Assenza di sistemi per la verifica dell’età dei minori,” Garante per la Protezione dei Dati Personali, (March 31, 2023), https://www.garanteprivacy.it:443/home/docweb/-/docweb-display/docweb/9870847; Elvira Pollina and Alvise Armellini, “Italy fines OpenAI over ChatGPT privacy rules breach,” Reuters, December 20, 2024, https://www.reuters.com/technology/italy-fines-openai-15-million-euros-over-privacy-rules-breach-2024-12-20/.
45
Mindy Nunez Duffourc, Sara Gerke and Konrad Kollnig, “Privacy of Personal Data in the Generative AI Data Lifecycle,” JIPEL 13, no. 2 (2024), https://jipel.law.nyu.edu/privacy-of-personal-data-in-the-generative-ai-data-lifecycle/; Tara Deschamps. “Can You Opt Out of Letting Meta’s AI Chatbot Use Your Data? It’s Not So Simple.” Global News, June 14, 2024, https://globalnews.ca/news/10566594/meta-ai-opt-out-data-explainer/.
46
“Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR,” European Data Protection Board, October 8, 2024, https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202401_legitimateinterest_en.pdf.
47
Regulation (EU) 2016/679 (General Data Protection Regulation), Art. 8.
48
Regulation (EU) 2024/1689 (Artificial Intelligence Act), Art. 5.
49
Regulation (EU) 2022/2065 (Digital Services Act); European Commission: Directorate-General for Communications Networks, Content and Technology; The Digital Services Act (DSA) Explained: Measures to Protect Children and Young People Online. Publications Office of the European Union, (2023), https://data.europa.eu/doi/10.2759/576008.
50
Steve Wood, Impact of Regulation on Children’s Digital Lives, Digital Futures for Children Centre, LSE and 5Rights Foundation, 2024, https://eprints.lse.ac.uk/123522/1/Impact_of_regulation_on_children_DFC_Research_report_May_2024.pdf.
51
“Student Data Privacy,” California IT in Education, https://www.cite.org/stuprivacy.
52
“An Overview of the California Student Data Privacy Agreement,” CITE, https://www.capousd.org/subsites/Purchasing/documents/Doing-Business/Vendor-Required-Forms-and-Registration/California-Student-Data-Privacy-Agreement.pdf.
53
Regulation (EU) 2016/679 (General Data Protection Regulation), Art. 5.
54
Regulation (EU) 2016/679 (General Data Protection Regulation), Recital 38.
55
56
Regulation (EU) 2016/679 (General Data Protection Regulation), Art. 12.
57
58
Regulation (EU) 2022/2065 (Digital Services Act), Art. 25.
59
Ibid.
60
Elvira Pollina and Alvise Armellini, “Italy fines OpenAI over ChatGPT privacy rules breach,” Reuters, December 20, 2024, https://www.reuters.com/technology/italy-fines-openai-15-million-euros-over-privacy-rules-breach-2024-12-20/.
61
“Industry’s Role in Promoting Kids’ Online Health, Safety, and Privacy: Recommended Practices for Industry,” National Telecommunications and Information Administration, November 7, 2024, https://www.ntia.gov/report/2024/kids-online-health-and-safety/online-health-and-safety-for-children-and-youth/taskforce-guidance/recommended-practices-for-industry.
62
“Joint Statement on a Common International Approach to Age Assurance,” Office of the Privacy Commissioner of Canada, September 19, 2024, https://www.priv.gc.ca/en/opc-news/speeches-and-statements/2024/js-dc_20240919/.
63
“Code Standards.” ICO, December 2, 2024, https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/age-appropriate-design-a-code-of-practice-for-online-services/code-standards/; “How Does the Right to Be Informed Apply to Children?” ICO, December 4, 2024, https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/children-and-the-uk-gdpr/how-does-the-right-to-be-informed-apply-to-children/.
64
“Child-Friendly Privacy Notices,” DPE Knowledge Bank, April 16, 2021, https://dataprotection.education/freebies/child-friendly-privacy-notices.
65
Safer Technologies 4 Schools, https://st4s.edu.au/.
66
Privacy by Design, Information and Privacy Commissioner of Ontario, January 2018, https://www.ipc.on.ca/sites/default/files/legacy/2018/01/pbd-1.pdf.
67
Jaemarie Solyst, Ellia Yang, Shixian Xie, Jessica Hammer, Amy Ogan and Motahhare Eslami, “Children’s Overtrust and Shifting Perspectives of Generative AI,” arXiv, June 29, 2024, https://doi.org/10.48550/arXiv.2404.14511; Giovanni Vespoli, Benedetta Taddei, Enrico Imbimbo, Lisa De Luca and Annalaura Nocentini, “The Concept of Privacy in the Digital World According to Teenagers,” Journal of Public Health (2024), doi.org/10.1007/s10389-024-02242-x.
68
Jasmine Irwin, Alannah Dharamshi and Noah Zon, Children’s Privacy in the Age of Artificial Intelligence. Canadian Standards Association, 2021, https://www.csagroup.org/article/research/childrens-privacy-in-the-age-of-artificial-intelligence/.
69
Dominique Kelly and Jacquelyn Burkell, “Identifying and Responding to Privacy Dark Patterns,” FIMS Publications 385 (2024), https://ir.lib.uwo.ca/context/fimspub/article/1392/viewcontent/Final_Report_Identifying_and_Responding_to_Privacy_Dark_Patterns.pdf.
70
“Please Note: Using AI Chatbot May Lead to Data Leaks,” Autoriteit Persoonsgegevens, August 6, 2024, https://www.autoriteitpersoonsgegevens.nl/actueel/let-op-gebruik-ai-chatbot-kan-leiden-tot-datalekken; “OVIC Finds Department Responsible for Breaches of Privacy Through Use of ChatGPT,” Office of the Victorian Information Commissioner, September 24, 2024, https://ovic.vic.gov.au/mediarelease/ovic-finds-department-responsible-for-breaches-of-privacy-through-use-of-chatgpt/.
71
“Sharing More About the Recent Incident,” character.ai, December 17, 2024, https://blog.character.ai/sharing-more-about-the-recent-incident/.
72
Tony Bradley, “How GenAI Is Becoming A Prime Target For Cyberattacks,” Forbes, October 10, 2024, https://www.forbes.com/sites/tonybradley/2024/10/10/how-genai-is-becoming-a-prime-target-for-cyberattacks/.
73
Matt Sutton and Damian Ruck, “Indirect Prompt Injection: Generative AI’s Greatest Security Flaw,” Centre for Emerging Technology and Security, November 1, 2024, https://cetas.turing.ac.uk/publications/indirect-prompt-injection-generative-ais-greatest-security-flaw; Artificial Intelligence: Generative AI Training, Development, and Deployment Considerations. U.S. Government Accountability Office, October 22, 2024, https://www.gao.gov/assets/gao-25-107651.pdf.
74
Antonio Emanuele Cinà, Kathrin Grosse, Sebastiano Vascon, Ambra Demontis, Battista Biggio, Fabio Roli and Marcello Pelillo, “Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions,” International Journal of Machine Learning and Cybernetics (2024), doi.org/10.1007/s13042-024-02363-5.
75
David Cohen, “Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor,” JFrog (blog), February 27, 2024, https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/.
76
Generative AI: The Data Protection Implications, CEDPO AI Working Group, October 16, 2023, https://cedpo.eu/wp-content/uploads/generative-ai-the-data-protection-implications-16-10-2023.pdf; T. Maheshwaran, “Privacy-preserving Computing: Balancing Privacy in the Digital Age,” in Exploring the Frontiers of Artificial Intelligence and Machine Learning Technologies (2024), doi.org/10.59646/efaimltC10/133; Jordan Wilson and Katharina Koerner, hosts, “Ep: 90: How to tackle AI privacy and governance,” Everyday AI (podcast), August 29, 2023, https://www.youreverydayai.com/how-to-tackle-ai-privacy-and-governance/.
77
Claudio Novelli, Federico Casolari, Philipp Hacker, Giorgio Spedicato and Luciano Floridi, “Generative AI in EU Law: Liability, Privacy, Intellectual Property, and Cybersecurity,” arXiv, March 15, 2024, https://doi.org/10.48550/arXiv.2401.07348.
78
Susan Hao, Piyush Kumar, Sarah Laszlo, Shivani Poddar, Bhaktipriya Radharapu and Renee Shelby, “Safety and Fairness for Content Moderation in Generative Models,” arXiv, June 9, 2023, https://doi.org/10.48550/arXiv.2306.06135; “Principles for Responsible, Trustworthy and Privacy-Protective Generative AI Technologies,” Office of the Privacy Commissioner of Canada, December 7, 2023, https://www.priv.gc.ca/en/privacy-topics/technology/artificial-intelligence/gd_principles_ai/.
79
Susan Hao, Piyush Kumar, Sarah Laszlo, Shivani Poddar, Bhaktipriya Radharapu, and Renee Shelby, “Safety and Fairness for Content Moderation in Generative Models,” arXiv, June 9, 2023, https://doi.org/10.48550/arXiv.2306.06135.
80
Generative AI: The Data Protection Implications, CEDPO AI Working Group, October 16, 2023, https://cedpo.eu/wp-content/uploads/generative-ai-the-data-protection-implications-16-10-2023.pdf; Guidance for Small Custodians on the Use of Artificial Intelligence, Office of the Information and Privacy Commissioner of Alberta, November 2023, https://oipc.ab.ca/wp-content/uploads/2023/12/Guidance-for-Small-Custodians-on-the-use-of-Artificial-Intelligence-November-2023.pdf; Generative AI and the EUDPR: First EDPS Orientations for Ensuring Data Protection Compliance When Using Generative AI Systems, European Data Protection Supervisor, June 2024, https://www.edps.europa.eu/system/files/2024-06/24-06-03_genai_orientations_en.pdf
81
The OCSB’s grading scale for new technologies consists of 1) approved technologies, 2) approved with risk, and 3) not approved. The YRDSB’s method uses a colour grading method to grade new technologies, and publishes a list of Green: approved technologies, Purple: use with considerations/educator guidelines provided, Yellow: use with considerations/educator guidelines provided and parent/guardian consent, and Red: not available/approved.
82
Anjali A. Nambiar, “Securing Student Data in the Age of Generative AI: A Tool for Data Privacy Enhancement in K12 Schools,” MIT Responsible AI for Social Empowerment and Education, 2024, https://raise.mit.edu/wp-content/uploads/2024/06/Securing-Student-Data-in-the-Age-of-Generative-AI_MIT-RAISE.pdf.
83
Philippe Lorenz, Karine Perset and Jamie Berryhill, “Initial Policy Considerations for Generative Artificial Intelligence,” OECD Artificial Intelligence Papers, No. 1., OECD Publishing, 2023, https://www.oecd-ilibrary.org/science-and-technology/initial-policy-considerations-for-generative-artificial-intelligence_fae2d1e6-en.
84
“Empowering Students with AI Literacy,” CRAFT, https://craft.stanford.edu/; The Dais’ Digital Literacy Toolkit is set to release March 2025 on dais.ca.
85
“AI at the OCSB,” Ottawa Catholic School Board, https://www.ocsb.ca/why-ocsb/humane-use-of-technology/artificial-intelligence-at-the-ocsb/.
86
“AI Guidance for Schools Toolkit,” TeachAI, https://www.teachai.org/toolkit.
87
Delaney Ruston, “5-Step Plan To Help Kids and Teens with AI Companion Chatbots,” Screenagers, https://www.screenagersmovie.com/blog/5-step-plan-ai-chatbots; “Teaching Digital Citizenship,” Cyber Civics, https://www.cybercivics.com