In December 2024, the US PowerSchool data breach quietly reset the baseline for what is at stake when educational data systems fail. PowerSchool is a commercial K–12 Student Information System (SIS) that has sat at the center of school data infrastructure for nearly three decades, storing and managing student enrollment, demographics, grades, attendance, discipline, health information, and more for thousands of school districts. It serves roughly 16,000 schools and nearly 50 million students across North America, connecting to a wide array of other edtech platforms and analytics tools.
When PowerSchool’s Student Information System was compromised in December 2024, the breach exposed more than 62 million student records and nearly 10 million teacher records, making it the largest known breach of children’s educational data in U.S. history. The compromised data extended far beyond basic identifiers: names, addresses, birthdates, and contact information were exposed alongside Social Security numbers (SSNs), medical conditions, disability accommodations, individualized education plans, disciplinary records, and family income data linked to free and reduced lunch programs. For millions of children and their families, some of the most sensitive educational and personal data, information they never meaningfully consented to provide, and can never revoke, now circulates in underground markets as potential inputs into AI systems.
This failure did not occur in a governance vacuum. Eight months before the breach, the EdTech Law Center issued a prescient warning in litigation filed in May 2024, cautioning that “[b]y collecting vast amounts of data from both students and their families, PowerSchool puts that data at risk.” When the intrusion finally came, the technical root cause was depressingly ordinary: PowerSchool’s system, with administrative access across thousands of districts, lacked mandatory multi‑factor authentication for all accounts. This is what security practitioners would classify as a Category 1 control failure in an industry where multi‑factor authentication has been treated as a baseline requirement for over a decade. In governance terms, this was not just a technical misconfiguration; it was evidence of an edtech business model that had captured children’s data at an unprecedented scale without the commensurate security architecture, regulatory oversight, or enforceable data‑minimization requirements.
If this is what failure looks like in a context with established data protection laws, security standards, and active litigators, we must be clear about what it implies for regions where governance and security architecture are premature, fragmented, or non‑existent.
As AI‑enabled tools are woven into educational systems in Africa and the broader Global South, they are plugging into environments where data protection laws may be nascent or weakly enforced, procurement rarely interrogates security design, and institutions have limited capacity to audit vendors’ technical claims. The potential harm is not hypothetical: once student data is absorbed into AI training pipelines and decision systems, it becomes functionally irretrievable, capable of influencing outcomes in credit scoring, employment screening, insurance underwriting, and future educational analytics for years to come.
This is the context in which the African Institute for AI Policy & Governance (AIPG) launched a survey of African university students about their experiences with “free” AI tools. The goal was to understand what governance and security architecture looks like from the vantage point of young people who are being invited, often encouraged, to integrate AI into their learning, research, and academic trajectories. We wanted to know: when a student in Accra, Nairobi, Lagos, or Cape Town logs into a “free” AI tool, what rights, protections, and risks travel with them into that interface?
A Student’s Path Through “Free” AI
Consider a scenario distilled from patterns in our data: a university student receives access to a “free” AI learning platform through her university or a publicized program. At first, the experience feels transformative, she uses the tool to brainstorm assignments, check understanding, and explore new fields beyond her syllabus. Over the months, AI becomes part of how she plans, writes, and studies, quietly rewiring her expectations of what support is available.
Within a year, however, this ends. Not because she wants to, but because the terms have changed. The “free” tier has expired, or the usage limits have tightened; continued access now requires a subscription denominated in a foreign currency and payable with a card she does not have. Her data costs have climbed, because richer features and multimodal capabilities are data‑hungry; the device she uses struggles under the weight of bandwidth‑intensive interfaces. In effect, her AI‑supported learning journey ends at an infrastructure and governance boundary.
In our survey, this pattern is not an outlier; it is one of several recurring paths through “free” AI.
Who We Heard From
AIPG’s survey gathered responses from 106 university students. Most respondents were enrolled in undergraduate or postgraduate programs, and nearly all reported some level of engagement with AI tools in their academic or personal learning. This is not a nationally representative dataset, but it offers a ground‑level view into how African students are actually encountering AI in their daily academic lives: what they can access, what they understand, and where they feel unprotected.
Finding 1: High AI Use, Low Visibility into “Free” Programs
One of the clearest signals from the survey is that AI use is already widespread. Over 90% of respondents reported using at least one AI tool for learning, assignments, or research. Yet formal “free” student programs, the kinds heavily promoted by major technology companies, have much lower visibility.
Only 42% of respondents knew that student‑specific AI programs or free tiers even exist. In other words, most students are using AI, but many are doing so outside the structures that are supposed to make access more equitable, predictable, and supported. This gap raises basic questions about outreach and equity: if students at public or under‑resourced universities are not aware of these programs, who exactly are they serving?
Finding 2: The Invisible “Free‑to‑Paid” Cliff
Even when students do access “free” AI tools, many lack a clear understanding of the terms and duration of that access. A significant share reported that they did not realize their access was time‑limited or subject to future pricing changes until they encountered usage limits or paywalls.
When asked how they would respond once free access ends, students described a stark set of choices: some planned to downgrade to less capable tools; others anticipated rationing their usage; a notable portion expected to stop using AI altogether. Only a minority said they intended to pay out of pocket to maintain access.
This “free‑to‑paid” cliff is rarely acknowledged in policy narratives that celebrate “AI for all.” Yet it has direct implications for capability and inequality: students with stable income, supportive families, or access to international payment instruments can maintain AI‑supported learning, while others experience AI as a brief window that closes just as they begin to rely on it.
Finding 3: “Free” Does Not Mean Affordable or Usable
For students in the Global South, cost is not only about subscription fees; connectivity, data, and devices are equally important. Our respondents highlighted three recurring barriers that shape whether “free” AI is usable in practice:
- Data costs: A significant share reported that data costs often or always limit how much they can use AI tools, forcing them to ration queries or avoid richer multimodal features.
- Data‑heavy design: Many had already stopped using at least one AI tool because it consumed too much data relative to their budgets.
- Device and bandwidth constraints: Students pointed to device limitations, offline barriers, and slow or unreliable connectivity as persistent obstacles that degrade or block access to AI tools altogether.
In effect, “free” access is conditional on absorbing hidden infrastructure costs and on living in environments where systems have been designed with always‑on broadband and high‑end devices in mind. For many African students, those assumptions do not hold.
Finding 4: The Privacy and Governance Gap
Perhaps the most concerning findings relate to privacy, data governance, and trust. We asked students what they know, and what they have been told, about how their data is collected, stored, and shared when they use AI tools.
The picture that emerges is one of systematic opacity:
- Less than 10% of respondents recall being clearly informed about data collection practices when using AI tools.
- Only 12% believe their data is legally protected in any meaningful way.
- A majority, 63%, do not know where their data goes once it is collected.
This means that most students are using AI tools in a setting where they do not know whether their prompts, documents, or usage patterns are being stored, for how long, for what secondary purposes, or with which third parties they may be shared.
From Edtech Databases to AI Pipelines
The PowerSchool breach illustrates why this opacity matters far beyond any single product or school district. When sensitive educational data is centralized and then compromised, the immediate harms include identity theft, harassment, fraud, and stigmatization. But the longer‑term harm increasingly lies in how that data can be ingested into AI systems: as training data for models, as features in risk‑scoring systems, or as reference points in predictive analytics that students will encounter later in life.
Once student data enters AI training pipelines at scale, it becomes functionally irretrievable. Even if a company deletes raw records from a breached database, the patterns and correlations learned from that data can persist in deployed models that power credit scoring, employment screening, insurance underwriting, educational analytics, and other systems. For PowerSchool’s victims, this means their compromised records may already be embedded in AI systems they will meet again as adults, in contexts that shape access to housing, work, and opportunity.
This is the horizon toward which African students’ data may also be moving, often without their knowledge or consent. The combination of weak local enforcement, cross‑border data flows, and opaque AI supply chains makes it difficult to track where data travels or how it is reused.
Re‑centering Governance and Security Architecture
Against this backdrop, the central question is what governance and security architecture we are willing to accept as the substrate of educational AI.
The PowerSchool case shows that even in high‑income settings with formal data protection laws and mature edtech markets, basic controls like mandatory multi‑factor authentication can be missing from systems that hold the most sensitive student data. In such a world, expanding AI in education without first hardening the underlying infrastructure and tightening regulatory oversight is not innovation; it is risk transfer, from companies and institutions to children, families, and, in the African context, students who already navigate uneven access and limited recourse.
For AIPG, the alarm we are sounding is simple: we must first confront the structural conditions under which these tools are being deployed. That includes asking:
- What data do edtech and AI platforms collect, and is that collection strictly necessary for educational purposes?
- How long is the data kept, and for what secondary uses (including AI training) is it processed?
- What baseline security controls, like multi‑factor authentication, encryption, and access logging, are mandated and enforced?
- What rights do students in Africa and the Global South have to contest, correct, or delete their data, and how realistic is it for them to exercise those rights in practice?
Toward Systems and Policies that Compel Structural Change
Addressing these questions requires moving beyond voluntary guidelines and into the realm of enforceable obligations and institutional capacity. In the coming weeks, AIPG will convene an in‑depth dialogue on these issues: the security architecture and regulatory oversight underpinning educational AI; the realities revealed in our student survey; and the kinds of systems and policies needed to compel structural reform in how edtech platforms and school districts collect, retain, and govern student data. We will explore what it would take to move from opportunistic adoption and fragmented safeguards to an educational AI ecosystem that is built on rights, resilience, and accountability.
We can build governance that recognizes student data as a protected asset not a resource to be mined. AI’s educational benefits need not come at the expense of a generation’s privacy and safety.