Kids aren't the only ones learning in the classroom. Turns out, tech companies have access to a lot of student data that makes parents and teachers increasingly uncomfortable.

Tech companies spy on students through data collection, and many educational technology firms don't have proper protections in place to ensure privacy, according to a new report from the Electronic Frontier Foundation (EFF).

Laptops, tablets and wearable devices collect information on individual students -- from birth dates to what they look at online.

The EFF investigated 152 tech services currently used in classrooms and found they "were lacking in encryption, data retention and data sharing policies."

"We are hoping by documenting these concerns, we can drive home the point that these are concerns to be taken seriously," EFF researcher Gennie Gebhart told CNNTech.

The organization surveyed over 1,000 people around the country, and while the report is not a comprehensive representation of school systems, it shows that parents, teachers and students are concerned about the state of privacy.

Related: California lawmakers want to mandate internet for kids in juvy

A main concern, the report found, is parents aren't always aware of what apps their kids are using, or what information they collect.

Internet users are already tracked through the news they read, the stuff they buy and the videos they watch. That data is used to create personalized ads that are targeted at each individual user. Parents are concerned that edtech companies might use their kids' emails, personal information or interests in similar ways.

For instance, fitness trackers are used in schools to track kids' PE performance. Educational fitness firm IHT (which isn't mentioned in the EFF report) partners with Adidas and monitors student activity like heart rate and fitness level. Its privacy policy says it makes some personal information available to third-parties "or that help IHT market to customers."

Schools rely too much on "privacy by policy" to protect student information, the report found. While many edtech companies have policies in place to say they won't sell or share data, historically, those policies have failed.

In 2014, 20 million student records from the college and job planning platform ConnectEDU were sold to other companies without first alerting users, violating its own data use policy.

"In security, if you are trusting someone not to break the rules, you're not really defending or protecting anything," said Jessy Irwin, a security educator unaffiliated with the report who advocates for more privacy in the classroom.

There are federal privacy laws that regulate student data, but critics say they haven't evolved with technology. Some states have enacted their own rules about student data. California, Colorado and Connecticut, for instance, prohibit companies from using student data for targeted advertising.

When it comes to using a new website or app, Gebhart said teachers frequently have free rein to use things on the internet. Many parents who responded to the survey said they're not made aware, or have little say, over what schools are using.

"Education is always 10 to 15 years behind technologically," Irwin said. "But we're seeing a lot of businesses get embarrassed by not having solid security practices, and schools are going to have to figure that out, too."