Thanks to our increasing use of technology, we are creating mind-bogglingly vast amounts of data in increasing volume, speed, and complexity — IBM estimates about 2.5 quintillion bytes of data created every day. The great challenge for education technology (and, as such, for schools) will be striking a balance between the collection and analysis of student data and the protection of student privacy. Audrey Watters explores what’s at stake.
It used to be fairly clear what comprised a student’s “educational record”: the information that appeared on the transcript. That is, name, address, demographics, age, grade, courses taken, and final grades. Data kept on an individual student also included attendance and behavioral information.
What’s changing today isn’t simply that these records are stored on computers instead of in manilla file folders. It’s that students are generating vast amounts of data via their computer usage — on mobile devices and desktop computers, at home and at school. This means that what counts as “student data” is changing radically.
Some contend that all this data — collected and analyzed — will provide new insights into how a student learns. It will enable a technology-assisted “personalization” of education, so the argument goes. That is, it will lead to computer-based instruction and assessment specially crafted and adapted to suit each individual student (and to achieve, no doubt, what are highly traditional goals of education)..
Of course, the science isn’t really there yet, despite some of the marketing claims by companies already offering software that purports to function to this end. Nevertheless the generation and the collection of student data continues, some hoping that we will eventually divine the perfect algorithm — and product — for teaching and learning.
In the meantime, what do we do about student privacy?
Protecting Student Privacy
Protecting student privacy was (somewhat) simpler when a student’s “educational record” could be kept under lock and key — in a file cabinet or even on a local computer or district server. Access was supposedly restricted to the student, the parents, teachers, and administrators, and the student and parents had some say over who else could view it.
It’s another example, perhaps, of how policy has failed to keep pace with technological change. (The US law governing student privacy, the Family Educational Rights and Privacy Act or FERPA, was passed in 1974.) There has been little consideration of how best to ensure the same rights and protections that cover the privacy of information on a student’s transcript extend to cover the privacy of all the data created by a student — whether that data is created purposefully or incidentally.
What Counts as a Student’s “Educational Record”?
A short list of what this expanding “educational record” could now include, thanks to students’ computer usage:
Their learning management system log-ins and the duration of their LMS sessions. Their course-related blog posts. Their blog and forum comment history. Their Internet usage while on campus. Their search engine history. The size of files they upload and download. The apps they are assigned to use — which apps they actually use and for how long. The emails sent and received via a school-issued account (who to, who from, subject line, and so on). The pages read in digital textbooks. The passages highlighted.
There’s more too — a gray area via software that isn’t necessarily administered or even assigned by the school: students’ geolocation (based on their mobile device location). Their social media profiles. Time spent on social media. Items shared and comments posted on there. Photos taken. Videos recorded. Photos and videos shared. Text messages sent — the contents and the recipient. Videos watched on YouTube— the content of the videos, the pauses and rewinds. Khan Academy views. Khan Academy exercises. Wikipedia visits. Wikipedia edits. Highest level achieved on Angry Birds.
Who Owns a Student’s Data?
Who has access to that data? Who controls it? Who owns it?
Despite claims to protect the privacy of students’ records, nowhere does FERPA, the law that addresses student privacy in the US, say that a student actually “owns” her or his data. Nowhere does it say that a school does either. At best, it would seem, the education institution is a steward for the official “education record” — responsible for its storage, its security, and its protection. The terms of “ownership” of other student-generated content and data are mostly spelled out between individual schools and the databases and software they buy or license, and as such there is little protection or autonomy for the individual student here.
Furthermore, there’s a strong argument from many in the technology industry (most famously, perhaps, from Facebook founder Mark Zuckerberg) that we have reached “the end of privacy.” We are encouraged to share more and more personal information via applications in exchange for purportedly better, more “personalized” service; yet we typically have little say in what happens to our data. It’s collected, analyzed, and monetized — sometimes with our consent (you did read the Terms of Service, didn’t you?) but more often without our giving it much thought.
Changing Privacy Expectations?
How does the technology industry’s attitude towards data and privacy shape the ways in which they design educational software? Will there be a major push to collect more and more data and to share it across the various third-party systems that schools utilize? Will students be able to examine their educational record and demand that errors are fixed? How long will data be kept on students? Will it move with them from school to school? What sorts of data will be shared and with whom?
What sorts of privacy expectations can students have?
These questions matter immensely for educators, and not simply because there is such a strong push right now for more “data-driven education.” In this framework, the student (and her or his data) remains an object — for collection, for analysis, for tracking, for molding — rather than a subject in control of her or his own learning (and any data that might indicate that).
As Julie Cohen argues in “What Privacy is For,” “Privacy shelters dynamic, emergent subjectivity from the efforts of commercial and government actors to render individuals and communities fixed, transparent, and predictable. It protects the situated practices of boundary management through which the capacity for self-determination develops.” The protection of student privacy matters immensely because students need a safe space for exploration, experimentation, and development — one that isn’t fully surveilled and tracked.
The challenge will be carving out that safe space for students, particularly in the face of policy and technology that wants very much to monitor and monetize their data. The key will be making their learning — and any data associated with it — theirs to control.
So How Do Education Leaders Do That?
Read the Terms of Service. Read privacy policies. (The website Terms of Service; Didn’t Read helps parse the legalize in these sites and highlights the best practices (and bad practices) in popular Web-based tools.)
Share publicly with parents and students a list of educational software utilized, with links to their Terms of Service.
Choose software that honors student privacy. Ask questions to vendors about the data they collect, how it is used, and with whom it is shared.
Choose software that offers the export of individual’s data (and that offers interoperability, that is, data in a form that is usable with other software).
- Recognize the right of students to control their digital data — all the digital data they create. That is, extend the rights we have already granted students regarding their traditional “educational record” into the digital sphere. But then push further to put this into their hands and not simply the school’s.