Free AI Tools Are Not Free When Student Data Is the Price

Jun 11 / Tiffany Stryck and Haley Boone

A teacher finds a free AI grading assistant, tries it over the weekend, and starts using it on Monday. A student downloads a free AI tutoring extension from the browser store. A department head shares a free AI lesson planning tool in a staff email. None of these go through IT. None have vendor contracts. None have been evaluated for data privacy compliance.

This is not a hypothetical scenario. It is what the CoSN 2025 State of EdTech District Leadership report describes as the dominant pattern in how free AI tools enter schools, and it names the consequence directly: 'free tools that are downloaded in an ad hoc manner put district data at risk.'1  Understanding why that risk is real, and what it looks like in practice, is the first step toward managing it. 

Why Free AI Tools Are Different from Free Edtech

Schools have always used free software. Free does not automatically mean risky. The question is what the tool does with the data it collects, and that question is more complicated for AI tools than for most of the free edtech that preceded them.

Traditional free edtech typically collects structured data: account information, login records, usage statistics. AI tools collect unstructured input. When a teacher pastes a student's essay into a free AI feedback tool, or a student types a question into a free chatbot, the content of that interaction is potentially retained, analyzed, and in some cases used to improve the underlying model. The Future of Privacy Forum's guidance on vetting AI tools in schools identifies this as the question most district reviews miss: will student-generated content be used to train or improve the AI model?2 

The version of a tool matters here. Products designed specifically for school use, such as ChatGPT Edu, typically include contractual commitments not to train on student data. The free consumer versions of the same tools often do not offer those commitments. As Melissa Loble, chief academic officer at Instructure, the company behind the Canvas LMS, told Axios: 'If AI tools are used outside our system, the data may not be protected under the school's policies.'3 That gap is precisely what free, unapproved tools exploit.

What Shadow AI Actually Looks Like

The term 'shadow AI' refers to AI tools in active use by students and staff that have not gone through any district approval process. According to the CoSN 2025 report, 43% of districts still lack formal policies or guidance for AI use at all.1 In those districts, there is no official channel for approving tools, which means every tool in use is effectively shadow AI.

Shadow AI takes several forms. Free browser extensions are among the most common and least visible: they can collect keystrokes, access session data, and process whatever appears on screen, including student work, gradebooks, and communications, without any record in district systems. Free chatbots accessed through personal accounts do not generate the logs and audit trails that district-licensed tools produce. Free mobile apps downloaded to student devices may operate entirely outside school networks and filtering systems.

Each of these creates exposure that is difficult to quantify and nearly impossible to remediate after the fact. If a breach occurs involving an unapproved tool, the district may not know what data was involved, how long it was held, or whether it was shared with third parties, because there was never a vendor agreement that required disclosure.

The Legal Exposure Is Not Hypothetical

FERPA requires that student education records be protected and that any third party with access to those records operate under a legitimate educational interest with appropriate data handling obligations. A free consumer AI tool that a teacher uses to process student work without a signed Data Processing Agreement is not operating under those obligations. That is a FERPA exposure, regardless of the vendor's intentions.

The 2025 COPPA amendments add another layer: for students under 13, vendors are now required to obtain separate consent for any third-party data sharing. A free tool with no school contract is almost certainly not obtaining that consent.2 The legal responsibility for ensuring compliance rests with the district. 'I didn't know the teacher was using it' is not a defense that has held up well in federal enforcement actions.

Chalkbeat's reporting on AI and student privacy found that many teachers experimenting with free AI tools are doing so without guidance and without awareness of these obligations, not out of negligence but because their districts have not equipped them with the training or the approved alternatives they need.4 

What Districts Should Do Instead

The CoSN report documents one meaningful response already underway: 59% of districts now use an approved apps list, up from 42% in 2023.1 That shift reflects an understanding that the answer to shadow AI is not prohibition but substitution: give teachers and students approved tools that meet their needs, so there is less incentive to reach for unapproved ones.

Three things make that substitution work in practice. First, the approved list needs to be maintained and accessible, not buried in a policy document. Teachers cannot use tools they don't know are approved. Second, free tools need to go through the same vetting as paid ones: data collection practices, model training policies, and signed agreements before any student data touches the platform. Third, teachers need enough guidance to understand why the approval process exists, not just that it does. A teacher who understands the data risk is a far more effective gatekeeper than a filter.

Free tools will keep arriving faster than any vetting process can keep up with. The districts that manage this well are not the ones that block everything. They are the ones that have built enough infrastructure and trust that teachers bring new tools to IT before deploying them, because they understand what is at stake when they don't.