ClassDojo, a popular app that teachers use to track students’ behavior and to reward or reprimand them accordingly, made the news recently because of student privacy issues. The program, like dozens of others in the $7.9 billion educational technology industry, gathers a trove a data often on very young kids’ behaviors and habits.

This particular app does not sell or share the data it collects, and shortly after the app appeared in the New York Times, the company changed its policy so that the information in its system is automatically deleted after a year. But such protocol is the exception among its peers, whose vague or nonexistent privacy policies—which were documented in a recent study by the Center on Law and Information Policy (CLIP) at Fordham School of Law—can attach labels to students that may follow them for years.

At this point, the worries are largely speculative, as data collection practices are a fairly new phenomenon. But the fears of data gathering and sharing seem to point to something more basic: the resulting power dynamic. Who has access to information about whom? Who is being watched, who is vulnerable, and who can profit from others’ vulnerability?

Most commonly, privacy advocates worry that kids’ information will be sold for commercial purposes. Services like scholarships.com—a website that tells students which scholarships they may be eligible for based on the personal information they share—have received attention for selling the often sensitive data they’ve collected, including information on students’ sexual orientations, to third parties eager to market to that demographic.

But the concern when it comes to data brokering is not relegated to the commercial realm. As discussed in a New York Times op-ed, data brokers have been known to sell demographic and personal information—such as the kind collected by some educational technology—to property managers, lenders, insurance companies, and employers who could potentially discriminate against a particular group.

Not all data collectors have ulterior motives. Schools and parents simply need policies that help them figure out whom to trust, explained CLIP’s Joel Reidenberg, a law professor at Fordham, in the Boston Globe.

“There are companies out there with very laudable goals about what they are trying to accomplish for improving education, and then there are companies whose practices and goals are first and foremost their financial gain,” he said.

Recently, some states and districts have begun to establish privacy policies to prevent the release or exploitation of student data. (The 1974 federal law that aims to protect student data, the Family Educational Rights and Privacy Act, was not written for the digital age.)

A new California law is the widest reaching: It prohibits the sale or commercial use of any student information, from web searches to biographical information.

Throughout the country, approximately 30 other bills focusing on different risks attached to student data have been passed this year. Some states now prohibit school districts from even gathering certain sensitive information, such as students’ religious beliefs or medical data. Others have new transparency measures that disclose the nature of the data that districts and private companies collect. School districts themselves can create their own policies instating automatic data deletion—or parental notification or consent.

But parents and ed-tech advocates may wonder: Is the relinquishing of some privacy an appropriate price to pay for enhanced digital learning? After all, student data can be hugely beneficial—for teachers who want to tailor lessons to their students’ individual needs and for districts that may use the information to find out which resources and services a campus could use.

Most of these efforts are not intended to curb the collection of information. In most cases, privacy advocates simply want to ensure that the appropriate protections are in place so schools and students can comfortably and safely take full advantage of the wealth of technological resources out there.

After the California law passed, James Steyer, CEO and founder of Common Sense Media, a major advocate of the law, told the New York Times, “You can’t have an education technology revolution without strong privacy protections for students. Parents, teachers and kids can now feel confident that students’ personal information can be used only for educational achievement.”

Others say transparency is the solution. That’s the idea behind MyData, the federal government initiative that will give students and parents access to all the data that is collected about them through the years, from test scores to financial aid information.

Although educators and families are grappling with important questions about appropriate privacy protection, efforts like this aim to empower students without stopping the services that help them.