Laptops and electronic devices are becoming more commonplace in the classroom, but digital safety practices are still absent and may put children’s information at risk, according to a new report.

The Electronic Frontier Foundation, a digital rights advocacy group, released its “Spying on Students” report Thursday, in which the organization revealed that education technology companies are doing little to ensure the privacy of students.

Read: Can Children Toys Spy on You? Consumer Watchdogs File Lawsuit

The EFF took two years worth of data and research on the expanding presence of technology in the classroom and surveyed a number of parents to learn more about the transparency of new tech initiatives in classrooms.

It found one in three students use school-issued devices for schoolwork—with more than half of those devices being Chromebooks—and more than 30 million students, teachers and administrators are using Google’s G Suite for Education.

While the prevalence of technology in the classroom is largely a good thing, many of the initiatives lack transparency and fail to disclose privacy practices.

According to EFF’s survey of parents, 57 percent received no written disclosure about the school’s policies about tech or student data. Twenty-three percent of parents said they didn’t know if they received any disclosure, meaning 80 percent of parents are essentially in the dark about how schools are handling technology.

The EFF also asked a number of school districts about privacy policies for student devices. Of the 152 districts surveyed, 77 percent hosted a privacy policy online. Slightly more than half—51 percent—included a specific policy about data retention from the devices. Three in 10 schools mentioned vendor encryption for data, and one in three noted user data was aggregated and stripped of identifying information.

Those numbers suggest there is a lot of information yet to be disclosed to parents and students about what schools are doing with data from devices—and there is essentially no option for opting out from any of the programs.

Read: Millions Of Passwords And Messages Sent Through Smart Toy Leak Online

There are some legal safeguards for students when it comes to data, but the application of those rules are complicated. For example, the Family Educational Rights And Privacy Act (FERPA) requires parental consent before a school can share any student information, but it only applies to schools that receive federal funding, leaving students at private schools exempt of the protection.

FERPA also only goes so far toward protecting data. Education records and personally identifiable information cannot be shared, nor can usage history unless it is anonymized so it can’t be traced to the original user. It also only prevents the sale of data to third parties, but may allow Google or other education technology companies to access the information.

Another law, the Children’s Online Privacy Protection Act (COPPA) also requires schools get written consent from parents before it collects or shares data from students, but only applies to those under 13 years of age. Junior high and high school students are not protected under COPPA.

The education technology industry has also taken some steps to self-regulate its data privacy practices but those efforts are woefully inadequate, often failing to define important terms like “personally identifiable information” or “school service provider” that make all the difference in what can be disclosed and who can access it.

The EFF concludes tighter legislation is needed at both the state and federal level in order to “close loopholes and give school districts the structure and resources necessary to provide transparency and choice to students and their families.”