Privacy by Design: Why Student Personal Data Should Be Minimal—or Even Zero

In today’s digital classrooms, student data has become a valuable commodity. Many learning platforms collect extensive personal information—email addresses, dates of birth, gender, and more—often far beyond what is needed for learning. At the same time, these platforms are increasingly designed as part of broader digital ecosystems. While this enables integration and convenience, it can also introduce complexity and unintended consequences—particularly when student data is shared, synchronised, or expanded across multiple systems without full visibility.

When we designed MyComputerBrain, we chose to step back and return to first principles:

What data is actually required to design an effective learning platform—and what is not?

From a teacher’s perspective, any learning platform used in the classroom must make it possible to deliver specified course content, track student progress, see who has completed activities, identify who is stuck and needs support, and understand how individual students are performing. This requires a mechanism to attribute learning events to specific students and present that information clearly to the teacher.

This leads to a simple but powerful follow-up question:

Can a learning platform support meaningful content delivery, progress tracking, and learning outcomes without relying on student personal data?

To explore this idea, it is worth challenging some long-standing assumptions. Many data fields have become “standard” in education platforms—but standard does not mean necessary.

Let’s take a closer look at the most commonly collected pieces of student data.

📧 Email Addresses

Many platforms use student email addresses as a unique identifier—but this reflects an assumption rather than a requirement.

A learning platform does need a way to uniquely identify students in order to attribute progress and track learning activity. However, that identifier does not need to be personal, nor does it need to enable direct communication.

In a school context, teachers are the primary point of contact, and communication is already managed through established school channels. There is typically no need for a learning platform to introduce an additional direct line to students.

Using email addresses as identifiers creates an unnecessary communication pathway, opening the door to unsolicited contact or notifications and increasing the risk surface in the event of a data breach.

🎂 Date of Birth (DOB)

Dates of birth are often collected for age verification—but in a school context, this step has already been completed: Teachers enrol students into activities and courses and ensure that all content is suitable for the students’ level of development. From the platform’s perspective, storing DOB adds no meaningful value. It simply introduces highly sensitive personal data without a clear purpose.

⚧️ Gender

Gender is another commonly requested field—but in most educational contexts, it serves no meaningful purpose. The vast majority of courses are not gender-specific, and learning outcomes do not depend on gender identity. Collecting this information adds no educational value and instead introduces unnecessary personal profiling. Unless there is a clear and explicit need—which is rare—there is no justification for a learning platform to collect gender data.

We Only Collect What Is Truly Necessary

We believe that powerful digital learning tools should not come at the cost of student privacy. That’s why privacy is not an afterthought in our platform—it’s built into its very foundation.

MyComputerBrain is designed to function effectively without requiring sensitive personal data. We deliberately do not collect:

Student email addresses
Dates of birth
Gender information

By minimising data collection, we simplify compliance for us, schools, and align with best practices in student data protection.

Designed for Classrooms, Not Data Harvesting

Teachers need visibility into student progress—but that does not require personal data.

In MyComputerBrain, student accounts are designed to support classroom use, not to create digital identities. Names are optional and exist purely to help teachers manage their classes. Teachers can leave them blank or use nicknames or aliases, and students can participate fully without revealing personal information.

This allows teachers to run engaging, trackable learning experiences while maintaining a high standard of privacy.

How It Works in Practice

Our privacy-first philosophy is not just theoretical—it directly shapes how MyComputerBrain is designed and used.

Student accounts are intentionally minimal. At a technical level, there are no database fields for email addresses, dates of birth, or gender. Instead, each student is represented by a system-generated identifier that allows learning activity to be tracked without relying on personal data.

Here’s how it works:

👩‍🏫 Teachers create anonymous student accounts in the shop

🆔 Each account is identified by a system-generated ID (not personal data)

⏳ Accounts automatically expire after a time period set by the teacher

🔒 Students cannot change their names or passwords

🎯 Teachers retain full control over student account names, passwords, access and lifecycle

This design ensures that students can participate without providing personal data, that accounts remain temporary rather than becoming permanent digital identities, and that access is tightly controlled within the classroom context.

In other words, students can fully engage with the platform without ever needing to “exist” as identifiable users in a system.

Reducing Risk for Schools

Every piece of personal data stored is a potential liability. By not collecting sensitive identifiers, we reduce both the volume of data at risk and the potential impact of any breach. This enables schools to adopt MyComputerBrain with confidence, knowing they are taking a proactive approach to protecting their students.

This is especially important in an era of increasing regulatory requirements and heightened awareness of digital safety.

A Future-Proof Approach to Student Privacy

Privacy expectations are only going to increase. By adopting a minimal data philosophy, MyComputerBrain is already aligned with modern privacy principles such as data minimisation and purpose limitation, while also meeting the growing expectations of schools, departments, and parents around the protection of student data.

No Direct Student Contact—By Design

A key consequence of our privacy-first approach is:

We cannot contact students directly.

Because MyComputerBrain does not collect student email addresses or personal contact details, we cannot contact students through the platform. They will not receive emails from us, and there is no channel for unsolicited communication—because no such channel exists.

This is not a limitation—it’s a deliberate safeguard.

Teachers Remain the Primary Point of Contact

Students are at the centre of the learning experience, but communication remains firmly in the hands of the teacher. By design, MyComputerBrain does not establish direct communication channels with students. Instead, all communication flows through the teacher, who remains the sole point of contact for their class.

If a student encounters an issue with one of our courses that the teacher cannot resolve, the teacher raises a support request with us. We respond directly to the teacher, who then communicates the outcome back to the student.

This ensures that all interactions stay within the trusted classroom environment, with no external touchpoints that bypass school oversight. As a result, parents and schools can be confident that communication is appropriate, controlled, and aligned with established school practices.

Why We Deliberately Avoid SSO Integration

Many platforms promote Single Sign-On (SSO) as a convenience feature—but it often comes with hidden privacy trade-offs.

When a student logs in an SSO-enabled platform using their school email address, a significant amount of personal data can be automatically shared with the platform. This can include the unique student identifier, email address, name, gender and other profile information—frequently without the student, teacher, or parents being aware of the extent of this data exchange.

At MyComputerBrain, we have made a conscious decision not to support SSO.

Why? Because convenience should not come at the expense of student privacy.

By avoiding SSO, we eliminate automatic data sharing between school systems and our platform, ensure that only the minimum necessary data is used, and give schools full confidence that student information is not being silently transferred or expanded.

This approach aligns with our core philosophy:

If the data is not essential for learning, we don’t want it.

🎯 The Bottom Line

MyComputerBrain demonstrates that you don’t need to collect personal data to deliver powerful, engaging digital learning.

Instead, we focus on what really matters: