Colleges and universities have implemented a wide range of technologies on their campuses to collect data, often with the intent to improve the education experience. But the surge of data collection in higher education has prompted many to scrutinize the privacy implications of gathering personal data on students and the lack of transparency around how it’s being used.
These issues were brought into focus earlier this month when a GPA calculator at Indiana University that was designed to help students plan for their futures instead exposed their grades to their peers and potentially violated federal privacy laws. From GPA calculators, to chatbots, to biometric scanners, technology in higher education is fueled by student data. And with the rapid deployment of these and similar edtech tools, the well of information that institutions can now draw from is far larger than ever.
But in many instances, this unprecedented access to data and the privacy implications that go along with it also means that colleges are able to better meet the needs of students and help them succeed in school.
“Of course good teaching and learning can take place without data,” said Michael Berman, chief information officer of the California State University system. “But given the scale of operations, data can help improve operations and facilitate the ability of our faculty and staff to support student success.”
Georgia State University’s student success program, launched in 2012, has been a leading example of how data-driven analytics can help students, and has helped the school increase its graduation rate by 23 percentage points over the last decade by monitoring each student for risk factors that could contribute to drop-out, such as how often they attend class, log on to the Wi-Fi network and whether they’re enrolled in the the classes they need to graduate.
But the convenience of technology and the insights that data provides can come at a cost to students, said Amelia Vance, director of youth and education privacy at the Future of Privacy Forum.
“When you have data in multiple places or data that is accessible by multiple people in the university, well, the more places that data is available, the more vulnerable it is,” she said.
The privacy of student information is heavily affected by its security, and there is no shortage of headlines illustrating the impact of public exposure of student data, like the leak of academic performance data at Pomona’s California Polytechnic University last year. But while failure to protect sensitive data can open students up to potential harm, it is not the only threat to data privacy.
Institutions can also erode privacy simply by failing to be transparent about how they are using student data. Mount St. Mary’s University found itself in hot water in 2015 after its president sought to dismiss students deemed “unlikely to succeed in college” in order to improve the school’s retention numbers based on their responses to a freshman survey.
Many colleges are falling short in alerting students of their data privacy practices, Vance said.
“In most circumstances, I would say students have no idea what is being implemented and how it may affect them. [Students] were told it would be used to help them,” Vance said of the Mount St. Mary’s incident. “And then there was an underlying agenda.”
However, there are certain things institutions have to know about their students, said David Whittaker, CIO of Missouri’s Park University.
“They’re here for four years and we need their data or financial data, their demographic data, their academic data to get them through the process of higher education,” he said.
However, Whittaker said transparency throughout that process is absolutely essential, a belief that’s supported by the university’s privacy policies.
“We let our students investigate, see what data is out there on them,” he said. “They can make a request to see what data is in the system and they can also make a request for that data to be altered or removed. We may or may not alter that data, but we let them know the state of their data and what it’s being used for.”
But students at Park University rarely ask for that information, Whittaker said, because many of them feel that data collection has become an inherent part of higher education and there is little they can do to stop its widespread use, even if they want to.
“Once you’ve signed up and you’ve invested money, in many ways students are captive to whatever data and tech is being implemented on campus,” Vance said.
Convenient or ‘creepy’?
At many colleges, students are being monitored by an abundance of technology, like apps and cameras that collect data, along with systems that record online activity. At the University of Missouri, administrators are piloting a new way to track attendance this year, using location data from students’ phones. And while the university has defended the use of this technology, some students have raised concerns that collecting location data goes too far and invades their privacy.
“Some [students] may have given up. Some of them may say, you know, I’d like to protect my privacy, but there seems to be nothing I can do about it, so I’m giving up,” said Lorrie Cranor, director of the Carnegie Mellon Usable Privacy and Security Laboratory. “But that doesn’t mean that they don’t care.”
One student on the University of Missouri’s Reddit page called the new attendance system, “creepy and dystopian,” while another compared it to something one might see in a “right-wing police-state.”
“I think an institution that respects their students should listen to their students,” Cranor said. “And that starts by the institution being transparent about what data they’re collecting, and making sure the students are aware of it and then have opportunities to ask that data not be collected or [have] the ability to opt out.”
Moving forward, colleges need to remain vigilant and consider the privacy implications of new technologies before implementing them on campus, she said. And ultimately, Cranor said she hopes to see legislators pass comprehensive privacy legislation that can provide students with more data privacy and protection.
The Family Educational Rights and Privacy Act currently serves as the primary legal protection for student data. However, written in 1974, it’s authors didn’t anticipate data collection on a mass scale like what exists today, and few updates have been made to the law over the years.
But Vance said students can take smaller, personal steps to safeguard data on their own, like using a virtual private network to protect their internet traffic or using browser extensions that block internet tracking cookies.
“Students can dive into and learn how to build more privacy protection into their own lives, which is also important, not just because of what may be happening on their campus, but because so many employers are doing surveillance of their employees,” Vance said. “We’re seeing so many more technologies come out in public facial recognition, in cities, license plates scanners, location tracking of everybody’s phones, and so learning how to adopt privacy protective measures now benefits students for their entire lives.”
This is part of StateScoop and EdScoop’s special report on user experience. Read the rest of the report.