Students enrolled in Massive Open Online Courses (MOOCs) may be subject to mass data collection by private companies. MOOCs are made available through schools and universities, as well as private, for-profit businesses like Coursera and non-profit organizations like edX. These courses can offer additional stimulating material for high school students in advanced placement classes, and even count towards college credit. However, when students enroll and participate in MOOCs, they can also unknowingly surrender a great deal of their private information.
While students enrolled in MOOCs might realize that basic information like their IP address could be available to providers, Khaliah Barnes, Director of the Student Privacy Project at the Electronic Privacy Information Center (EPIC), warns that far more personal data could be compromised.
Many different companies, not solely MOOCs, can collect personal data, according to Barnes. MOOCs themselves can also collect information including a student’s location information and the number of clicks on a page, which would help a company identify preferences and patterns of behavior.
“Companies have unlimited access to sensitive student information. Companies collect biometric information, students’ social media information, location information, health information, disciplinary incidents, sexual orientation, and more,” Barnes said.
Even though participation in MOOCs is usually voluntary, participants are often unaware of how much information they are potentially sacrificing.
Murky Privacy Protections Prove Problematic
“Many times, schools and private companies indiscriminately collect student records unbeknownst to students (and their parents) and without adequate privacy safeguards,” said Barnes. “In the current environment, students are subjected to the wholesale collection of their sensitive data with no meaningful oversight, accountability, or transparency. Not only does the over collection of student data threaten student privacy, it also threatens students’ freedom of expression.”
Unfortunately for MOOC advocates who see the open courses as practical innovation, federal laws protecting student information in this area is murky. The Family Educational Rights and Privacy Act (FERPA) offers some legal protection for student records. However, as Barnes points out, this protection does not extend to MOOCs. FERPA only applies to education records, or materials maintained by a school, containing information directed related to students.
“The Supreme Court has narrowly defined ‘maintained’ under the statute,” said Barnes. “This narrow interpretation has been understood by student privacy experts to generally exclude records that the school itself does not maintain, but rather outsources the record collection to private companies. Additionally, many of the records that edtech companies collect would be considered records of ‘instructional, supervisory, and administrative personnel,’ which are not ‘education records’ under FERPA.”
Also, MOOCs generally do not receive federal funding, excluding them from FERPA protection, according to Barnes. Only schools requiring their students to enroll in a MOOC would be offered this limited safeguard, she said.
With politicians now pushing for more MOOCs and other forms of online education, including President Obama’s ConnectED initiative, some are trying to ensure that fear of mass data gathering does not get in the way of disruptive innovation that could reform education. Several legislators, including Luke Messer (R-IN) and Jared Polis (D-CO) are urging tech companies to sign a pledge to respect student data privacy.
A Step in the Right Direction
Mark Schneiderman, Senior Director of Education Policy at the Software & Information Industry Association, says the pledge is a step in the right direction, and that more companies would be wise to get on board.
“The pledge was developed with the idea that the best way to ensure student privacy is through a collaborative effort between service providers and educators, rather than through further government regulation,” says Schneiderman. “It is intended to specify and clarify service provider practices and legal responsibilities in ways that further safeguard student data, build trust, and enable effective use of technology to support school operations, teacher instruction and student learning.”
Schneiderman emphasizes that the pledge offers real safeguards for student privacy.
“All elements of the pledge are important and work in total,” he said, “but key examples include clarification that service providers use individual student information only for school purposes, provide comprehensive security standards, and do not behaviorally target advertising. Companies are held publicly and legally accountable for meeting their pledge commitments in the same way they are held accountable for their customer privacy statement and other public statements of their practices.”
So should students and parents feel more comfortable with the safety of their child’s student records? Though student privacy is a growing concern for many families, Schneiderman warns that while legal protection is important for students in online courses, lawmakers should not be allowed to regulate MOOCs out of existence.
“Information privacy and security is very important, and parents are right to hold schools and school service providers accountable. The danger is going too far and imposing inflexible, one-size government regulations that end up restricting education technology use and holding back our students and our nation. This pledge creates more certainty and transparency on this issue, and will help make certain that schools and companies better communicate to parents how their children’s information is protected. It is important that families fully understand how current laws and practices safeguard student data privacy, that data is not used for purposes beyond what is needed to serve students and advance education.”
Chris Neal ([email protected]) writes from New York, New York.
Image by hackNY.org.