New Delhi, February 27: The increasing use of artificial intelligence (AI) in schools has sparked a significant debate. This discussion now extends beyond merely making education easier and more effective; it has raised concerns about children’s safety and their rights. The potential misuse of student data is emerging as a serious global issue.
A coalition of several UN departments, including UNICEF, UNESCO, and the Office of the UN High Commissioner for Human Rights, has issued a joint statement. This statement emphasizes the need for safeguarding children’s data collected through AI systems, tools, and platforms.
In 2025, a major data breach lawsuit was filed against PowerSchool, a leading edtech company based in Texas, USA. The company is accused of leaking sensitive information of over 60 million students and 10 million teachers, including personal details like Social Security numbers. PowerSchool operates as a student information system.
A pilot study conducted in India has also revealed alarming statistics. Indian educational institutions faced over 200,000 cyberattacks and nearly 400,000 data breach incidents within just nine months.
This global and national context is crucial for understanding the recent partnership between Pratham and Anthropic. Pratham is a non-governmental organization active in the education sector, while Anthropic is a US-based AI company that develops artificial intelligence systems.
Under this partnership, Anthropic’s large language model, “Claude,” gains access to information necessary for generating feedback related to children’s handwritten responses and their academic progress.
In February 2026, the Pratham-Anthropic partnership announced its first product, the “Anytime Testing Machine (ATM).” Powered by Anthropic’s Claude, the ATM creates curriculum-aligned tests, digitizes students’ handwritten answers, and applies rubric-based grading while providing bilingual (Hindi-English) personalized feedback. However, there may be risks associated with the assessment model in light of India’s DPDPA Act.
Section 9(1) of the DPDPA Act mandates that data fiduciaries must obtain verifiable consent from parents or legal guardians before processing any personal data of a child (defined as any individual under 18 years of age).
The draft DPDPA Rules, 2025 (Rule 10) provide further guidance on mechanisms for obtaining such consent, including OTP-based parental consent and integration with government-issued IDs.
However, in cases where the ATM utilizes children’s data, parents may not fully understand that their child’s handwritten work is being photographed, uploaded to a cloud-based AI system, processed by a US company’s servers, and analyzed by a large language model.
–
Leave a Comment