Karunn Kandoi, General Manager & Head of India Operations, ApplyBoard India

Karunn Kandoi, heads business operations for ApplyBoard- India and serves on its board along with other public limited Ed-tech companies. Karunn holds a bachelor’s degree in engineering and MBA from the University of Washington. Before beginning his stint with ApplyBoard, Karunn was associated with Extramarks Education India Private Limited as the Director- Whole Time & President Global Business. Karunn founded Shree Eduserve and created the largest brand for learning English in India. Karunn is skilled in creating and expanding businesses, operations management, creating technology-led products and driving growth from them. Throughout his inspiring journey, Karunn has participated in various panels on EdTech organized by the likes of Asian Development Bank, CNBC, News Nation, Education Department of the Govt of Kenya, FICCI-India etc.


Under the influence of the pandemic, the education sector underwent numerous changes. Digital adoption was one of the notable challenges that the segment had to deal with. Since the worldwide pandemic has fueled the pace of technological advancement, the education sector has also been quick to adapt to it. This was crucial at the time not only for the industry’s survival and expansion but also for educational institutions to maintain a competitive advantage in the market. Educators welcomed the new norm of remote learning in order to ensure that a student’s journey was not hampered. Institutions began to rely on EdTech platforms to provide students with high-quality educational experiences.

In this digital age, where devices track so much of our lives, it is critical for all stakeholders in the education system to understand the importance of data, how it is collected, what it is collected for, and what it is used for. In India and globally, stringent data privacy rules such as the Personal Data Protection Bill (PDP) will soon play a significant role in the collection and use of this data.

As India prepares to formulate its first data privacy regulations, it is utilizing the General Data Protection Regulation (GDPR) of the European Union as the model. The GDPR is a strong example of a comprehensive framework that addresses the data privacy management of its citizens. It’s important that Indian corporations know more about the details of both regulations, PDP and GDPR, as they gain precedence.

Growing Demand of Personal Identifiable Information 

There are quite a number of steps that are involved with school applications that require a high level of Personal Identifiable Information to be shared between students, recruitment partners and schools. International students also have to provide proof of various elements of their identity throughout each step of the application process and when applying for study permits or work permits in a new country. With more domestic and international students submitting their information online than ever before, it’s essential for data privacy and protection to be a focus for all stakeholders involved such as schools, recruitment partners, governments, banks, educational testing companies and rental groups. The onus of data protection and privacy should not fall on young students in K-12 or those planning to attend post-secondary institutions. 

Emerging EdTech leaders should take initiative to set standards in student data privacy, data processing and securing personal data. For example, a lot of issues can arise when transferring data to third-party vendors and service providers in the EdTech sector. However, the transferring of data cannot be arbitrary, excessive and unregulated. Privacy principles require that data transfers to third parties and even affiliated group companies should be carried out by following data protection agreements. With digitization dominating the education world, it is crucial to crack down on any omissions, oversights or gaps in current privacy rules and regulations at EdTech companies as soon as possible.

Significance of data protection laws in the EdTech sector

With the growth of EdTech, the problem and obligation of handling the personal data of millions of users involved in the education system continue to arise. The vast amount of sensitive data and the vulnerability has increased the risk of cyber-attacks for EdTech enterprises. The industry has experienced a series of data breaches and cyber security issues. 

It’s more crucial than ever before to address critical areas like ethical issues, data security and privacy in the EdTech sphere. Why? India’s EdTech industry has seen rapid growth; in fact, it is primed to reach $30 billion in ten years according to a report from RBSA Advisors. There has been a strong boom of EdTech startups in India and for the sector to continue to thrive, there is a strong need for data protection especially when it comes to protecting children’s data. Every EdTech company has a significant responsibility to protect its younger users, typically students, from being involved in hackers, scammers or any exploitative cyber activity. 

The Indian Government introduced the Personal Data Protection Bill (PDP) in 2019 which marks the beginning of a process to improve data protection duties and obligations of businesses in India. Since the Bill is yet to be passed by the parliament and is still under consideration, it can be only used as a reference document.  

The bottom line

EdTech platforms should make use of their time now to review their data collection and processes in order to follow international best practices according to the GDPR. Their focus should be to become globally compliant. This is crucial to building a safe and secure digital environment for future generations. All stakeholders involved in the education process including parents, teachers, and educational institutions, should also stay informed of their rights in terms of data privacy and processing as a protective and proactive measure.

Content Disclaimer

Related Articles