How long should vendors be allowed to maintain and use the information they collect about school children?
The question cuts to the heart of the tensions that define the digital learning revolution now underway, said Viktor Mayer-Schönberger, a professor of Internet governance and regulation at England’s Oxford University.
“Big” educational data, new technologies, and learner profiles have the potential to help personalize learning in previously unimaginable ways, Mr. Mayer-Schönberger wrote in his 2014 e-book Learning With Big Data: The Future of Education. Still, he wrote that they also threaten to “shackle us to our past, denying us due credit for our ability to evolve, grow, and change.”
Not surprisingly, privacy advocates and ed-tech industry leaders see the issue very differently.
“When companies can keep student information indefinitely, it increases the likelihood that they will retain outdated and irrelevant information that will be used to make important decisions about the students,” said Khaliah Barnes, a lawyer for the Electronic Privacy Information Center, a Washington-based advocacy group. “We’ve also seen that when companies have unlimited access to data, they tend to want to use it for purposes outside of that for which it was originally provided.”
In response, Ms. Barnes and EPIC favor legislation that limits data retention and requires schools and companies to delete information after it has been used for its initial purpose.
Modern Tensions
But Jose P. Ferreira, the CEO of New York City-based Knewton, one of the companies making the most expansive use of big educational data, questions the wisdom of any legislation that imposes time limits on how long student data may be kept.
“I think people who don’t understand this stuff should take more time to think it through,” Mr. Ferreira said. “I think you would be insane to tell a student, ‘We’re going to make your own data disappear, even from you.’ ”
As an example of the potential negative repercussions, he described a hypothetical situation in which a student who has benefited from a comprehensive learner profile throughout her K-12 career loses access to that information when she goes on to college, forcing her professors to start from scratch in attempting to understand her strengths, weaknesses, and preferences.
Part of the challenge facing policymakers is that current laws are widely perceived as ill-equipped to resolve such modern tensions.
“When companies can keep student information indefinitely, it increases the likelihood that they will retain outdated and irrelevant information that will be used to make important decisions about the students.” Khaliah Barnes, Lawyer, Electronic Privacy Information Center
“I think people who don’t understand this stuff should take more time to think it through. I think you would be insane to tell a student, ‘We’re going to make your own data disappear, even from you.’” Jose P. Ferreira, CEO, Knewton
“There is no silver bullet for this particular challenge. But there are some pragmatic ways to make it work and build stakeholders’ trust, even if it means forgoing some of the data’s value.” Viktor Mayer-Schönberger, Professor of Internet Governance and Regulation, Oxford University
The federal Family Educational Rights and Privacy Act, or FERPA, for example, generally imposes on schools the obligation to ensure that third parties do not use students’ educational records and personally identifiable information for purposes other than that for which they were originally collected. And under some circumstances, the law requires that such records are destroyed after being used for those original purposes.
A bill to update FERPA, introduced by U.S. Sens. Edward Markey, D-Mass., and Orrin Hatch, R-Utah, in July, would expressly prohibit schools from using third-party vendors that do not destroy students’ personally identifiable information after its educational use.
But exactly what that means in practice is subject to interpretation. Oversight of the existing law has been lax, at best.
And neither the current law nor the proposed revisions would update the definition of what constitutes a student’s educational record, leaving much of the digital data and metadata that is collected in the course of building learner profiles unprotected.
‘No Silver Bullet’
At the state level, meanwhile, more than 20 bills enacted in the most recent legislative sessions touch on the topic of student-data privacy.
California’s new student-data-privacy law is widely viewed as the most comprehensive state measure, attempting to reconcile competing interests by explicitly prohibiting online service providers from “amass[ing] a profile about a K-12 student except in furtherance of K-12 school purposes,” and requiring those providers to delete any such information at a school or district’s request. But the measure also specifies that such operators shall be allowed to maintain and use “de-identified,” or anonymous student information to develop and improve their own educational products and services.
It remains to be seen exactly how such an approach will affect the wide range of big-data approaches being explored by vendors, but there is reason to believe California’s approach may point the way to a workable compromise.
Ms. Barnes of EPIC called the bill a “good framework,” while Mark Schneiderman, the senior director of education policy for the Washington-based Software & Information Industry Association, said the bill “seems to strike generally the right balance.”
Ultimately, experts on big educational data say it will be necessary to establish—and maintain—that kind of balancing act moving forward.
“There is no silver bullet for this particular challenge,” said Mr. Mayer-Schönberger, the Oxford professor, in an interview. “But there are some pragmatic ways to make it work and build stakeholders’ trust, even if it means forgoing some of the data’s value.”
