Activity 01
Device Audit: App Permissions Review
Students list five apps they use daily and screenshot permission settings for camera, location, and contacts. In pairs, they identify excessive access and brainstorm revocation steps. Pairs present one fix to the class for collective notes.
Identify different types of personal data that can be collected online.
Facilitation TipFor the Device Audit, ask students to bring their phones and guide them to navigate settings step-by-step rather than telling them where permissions are located.
What to look forProvide students with three scenarios describing online data collection. Ask them to identify the type of data collected (PII or inferred), explain one potential use by a company, and suggest one protective measure they could take.
UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson→· · ·
Activity 02
Role-Play: Phishing Dilemmas
Prepare scenario cards with fake emails or pop-ups requesting data. Small groups act out responses, one as victim and others as advisors. Debrief identifies safe choices and red flags through class vote.
Explain how companies might use personal data for advertising or other purposes.
Facilitation TipDuring the Role-Play, assign roles strictly by random draw (e.g., victim, scammer, observer) to prevent students from opting out of challenging perspectives.
What to look forPose the question: 'Is it acceptable for companies to use your browsing history to show you personalized ads, even if you haven't explicitly agreed?' Facilitate a class discussion where students debate the pros and cons, referencing concepts like user profiling and price discrimination.
UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson→· · ·
Activity 03
Settings Scavenger Hunt
Provide checklists for Instagram, Google, and Shopee privacy options. Individually, students navigate accounts, adjust three settings, and log changes. Share screenshots in whole-class gallery walk to compare tips.
Develop strategies to manage and protect their own personal information online.
Facilitation TipIn the Settings Scavenger Hunt, pair students with different devices (Android/iOS) so they compare interfaces and discover platform-specific privacy features.
What to look forShow students screenshots of common app permission requests (e.g., location, contacts, microphone). Ask them to quickly write down whether they would grant each permission and provide a one-sentence justification based on potential data use and privacy risks.
UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson→· · ·
Activity 04
Jigsaw: Protection Pledges
Assign each small group one strategy like password managers or data minimizers. Groups research, create demo posters, then rotate to teach peers. End with personal pledge sheets for home use.
Identify different types of personal data that can be collected online.
Facilitation TipFor the Strategy Jigsaw, assign each group a unique app (e.g., TikTok, WhatsApp) so their recommendations are context-specific and immediately applicable.
What to look forProvide students with three scenarios describing online data collection. Ask them to identify the type of data collected (PII or inferred), explain one potential use by a company, and suggest one protective measure they could take.
UnderstandAnalyzeEvaluateRelationship SkillsSelf-Management
Generate Complete Lesson→A few notes on teaching this unit
Teachers should anchor lessons in students' lived experiences by starting with their current app ecosystems. Avoid technical jargon; instead, frame data collection as a trade they make daily. Research shows that students retain privacy lessons best when they analyze their own data footprints, so prioritize hands-on audits over lectures. Use relatable dilemmas, like whether to grant location access for food delivery, to spark ethical discussions rather than abstract policy debates.
Successful learning looks like students confidently adjusting app permissions, recognizing phishing red flags without prompting, and articulating why multi-layered defenses matter. They should explain data flows from collection to use, and propose specific privacy strategies for common scenarios they face. Peer discussions should reveal nuanced trade-offs between convenience and protection.
Watch Out for These Misconceptions
During Device Audit: App Permissions Review, students may assume that denying all permissions protects their data completely.
During Device Audit, have students test denied permissions by attempting to use the app—most will fail or prompt users to reconsider, demonstrating that trade-offs are unavoidable.
During Role-Play: Phishing Dilemmas, students may think phishing only targets the naive or elderly.
During Role-Play, use real phishing messages students have received (with personal details redacted) to show that anyone can be targeted, and emphasize patterns like urgency and mismatched sender domains.
During Settings Scavenger Hunt, students may believe turning off ad personalization stops all data collection.
During Settings Scavenger Hunt, ask students to check if their 'opt-out' choice is retained after clearing browser data, revealing that some tracking persists despite user actions.
Methods used in this brief