Abstract
Two terms, student privacy and Massive Open Online Courses, have received a significant amount of attention recently. Both represent interesting sites of change in entrenched structures, one educational and one legal. MOOCs represent something college courses have never been able to provide: universal access. Universities not wanting to miss the MOOC wave have started to build MOOC courses and integrate them into the university system in various ways. However, the design and scale of university MOOCs create tension for privacy laws intended to regulate information practices exercised by educational institutions. Are MOOCs part of the educational institutions these laws and policies aim to regulate? Are MOOC users students whose data are protected by aforementioned laws and policies? Many university researchers and faculty members are asked to participate as designers and instructors in MOOCs but may not know how to approach the issues proposed. While recent scholarship has addressed the disruptive nature of MOOCs, student privacy generally, and data privacy in the K-12 system, we provide an in-depth description and analysis of the MOOC phenomenon and the privacy laws and policies that guide and regulate educational institutions today. We offer privacy case studies of three major MOOC providers active in the market today to reveal inconsistencies among MOOC platform and the level and type of legal uncertainty surrounding them. Finally, we provide a list of organizational questions to pose internally to navigate the uncertainty presented to university MOOC teams.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
“HarvardX” is Harvard University’s MOOC brand name. All the EdX Consortium members adopt the “X” to denote their EdX MOOC offerings, for example Georgetown University (GeorgetownX).
FERPA rights transfer from the parent to the student, when a student turns 18 or enters a postsecondary institution (Department of Education n.d.).
See also Carey v. Me. Admin. Sch. Dist. 17, 754 F. Supp. 906, 923-24 (D. Me. 1990) (involving a claim that the school violated FERPA by providing the media with confidential information about an “unnamed” special education student who brought an automatic weapon to school).
Including the US Comptroller General, the US Attorney General, the US Secretary of Education, or State and local educational authorities, such as a State postsecondary authority that is responsible for supervising the university’s State-supported education programs.
This includes a number of other regulations and restrictions. The Children’s Online Privacy Protection Act (COPPA) applies only to commercial entities—not non-profits or schools. MOOCs challenge these distinctions. While MOOC organizations may be non-profits or provided directly by the school, some MOOC providers are commercial entities. COPPA also only applies to sites that collect data from users with actual knowledge the user is under 13 or target children under 13. COPPA requires these MOOCs obtain verifiable parental consent prior to the collection of personal information from children under 13, as well as disclose to parents the information collected, provide a right to revoke consent and deletion, and provide a detailed privacy policy. The FTC recently released an FAQ on COPPA providing more insight into the school exception (Federal Trade Commission 2014). The Protection of Pupil Rights Act (PPRA) grants rights to parents to gain access to federally funded experimental instructional material as a way to address the unsettling circumstances when schools administered sensitive surveys to students without parent knowledge. However, 60 Fed. Reg. 4696-01 (Aug. 28, 1995) explains that PPRA differs from FERPA in that the latter applies to postsecondary institutions whereas the former only applies to K-12 settings. See Daggett (2008). Student Privacy and the Protection of Pupil Rights Act as Amended by No Child Left Behind. UC Davis J. Juv. L. & Pol'y, 12, 51; O'Donnell (2003). FERPA: Only a piece of the privacy puzzle. JC & UL, 29, 679. A 1998 case filed by a law student claiming that the law school’s disciplinary decision requiring him to undergo psychiatric treatment violated PPRA moved forward as if the PPRA did apply to postsecondary institutions. The court eventually determined that psychiatric treatment was not administered by the Department of Education and therefore beyond the scope of PPRA. A 2001 PPRA claim filed by a medical student was dismissed for procedural errors related to the appeal, and the court again did not discuss the applicability of PPRA to higher education. Finally, whether university researchers need to obtain approval from their institutions internal review board (IRB) is handled within the university and many IRBs offer clear guidance on academic assessment data. Many universities have datasets available on their students for research purposes, which can muddle whether approval is need for the use of data collected through university courses. By way of example, the Virginia Tech academic assessment research page informs researchers that before collecting data from enrolled students researchers should consider whether they intend to disseminate findings in ways other than to provide feedback to students, improve a course or program, or report finding to university administration or accrediting agencies. If the researcher intends to disseminate findings beyond these recipients, IRB approval should be sought (Virginia Tech IRB 2015). In addition, because MOOC student records may not be educational records for the education institution, researchers may be considered collecting data on human subjects in the general public and should be get cleared by their IRB.
Credit for completed MOOC course was offered by Colorado State, but no one has taken the university up on its price reduced ($89 vs. $1050) credits) (Kolowich 2013a).
Available at https://www.edx.org/edx-terms-service.
If a site collects birth date information and allows for the creation of an account for users under 13, it is considered to knowingly collect information on that child.
Amazon Associates, Facebook Connect, Facebook Social Plugin, Twitter Badge, Twitter Button, Google +1, and Google Analytics.
Twitter Badge and Google Analytics.
AddThis, Google Analytics, Google+ Platform, Facebook Connect, Facebook Social Plugins, ScoreCard Research Beacon, and Twitter Button.
Google Analytics.
ChartBeat, Google Analytics, MixPanel, New Relic, and Segment.io.
Note also that the FTC enforces subpar security measures that lead to security breaches. Additionally, many states have laws that deal directly with the secure disposal of personal information that apply to business, private vendors of government agencies, and government agencies themselves. Almost all states have laws that create procedures for notifying individuals when a security breach of their personal information has occurred.
inBloom was a non-profit that offered data solutions to help public schools achieve personalized learning and integration of new applications in day-to-day teaching. Its collapse is almost entirely due to privacy concerns (Horn 2014).
The Matthew effect, coined by sociologist Alan C. Kerckhoff and Elizabeth Glennie, is a theory or explanation of why the “rich get richer” theory. When adapted for the purposes of education, the Matthew effect has caused many to question tracking structures in education systems (Kerckhoff and Glennie 1999).
References
Adamopoulos, P. (2013). What makes a great MOOC? An interdisciplinary analysis of online course student retention. In Proceedings of the 34th international conference on information systems, ICIS (p. 13).
Allen, I. E., & Seaman, J. (2013). Changing course: Ten years of tracking online education in the United States. Sloan Consortium. http://onlinelearningconsortium.org/survey_report/changing-course-ten-years-tracking-online-education-united-states/. Retrieved 16 Feb 2015.
Berkman Center for Internet & Society. (2015). Student privacy initiative. https://cyber.law.harvard.edu/publications/2014/spi_publications. Retrieved 14 July 2015.
Blanchard, J. (2007). University tort liability and student suicide: Case review and implications for practice. JL & Education, 36, 461.
Britz, J., & Zimmer, M. (eds.). (2014). International Review of Information Ethics, 21.
Cormier, D. (2008). The CCK08 MOOC—connectivism course, 1/4 way. Dave’s Educational Blog. http://davecormier.com/edblog/2008/10/02/the-cck08-mooc-connectivism-course-14-way/. Retrieved 5 Aug 2014.
Daggett, L. M. (2008). Student privacy and the protection of pupil rights act as amended by no child left behind. UC Davis J. Juv. L. & Pol’y, 12, 51.
Department of Education. (2008). Family educational rights and privacy, 34 CFR Part 99.
Department of Education. (n.d.). Frequently asked questions about FERPA. http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferpafaq.pdf. Retrieved 16 Feb 2015.
Downes, S. (2009). Access2OER: The CCK08 solution. Half an Hour (Personal Blog). http://halfanhour.blogspot.com/2009/02/access2oer-cck08-solution.html. Retrieved 5 Aug 2014.
Duncan, A. (2014). Letter to Sen. Edward Markey. http://www.markey.senate.gov/documents/2014-01-10_Education_Privacy.pdf. Retrieved 16 Feb 2015.
Federal Trade Commission. (2014). Complying with COPPA: Frequently Asked Questions. http://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions. Retrieved 16 Feb 2015.
Fischer, L., Schimmel, D., & Kelly, C. (1995). Teachers and the law (4th ed.). White Plains, NY: Longman.
Future of Privacy Forum. (2015). Student privacy. http://www.futureofprivacy.org/issues/student-privacy/. Retrieved 14 July 2015.
Gardner, L., & Young, J. (2013). California’s move toward MOOCs sends shock waves, but key questions remain unanswered. Chronicle of Higher Education. http://chronicle.com/article/A-Bold-Move-Toward-MOOCs-Sends/137903/. Retrieved 8 Aug 2014.
Horn, M. (2014). inBloom’s collapse offers lessons for innovation in education. Forbes.com. http://www.forbes.com/sites/michaelhorn/2014/12/04/inblooms-collapse-offers-lessons-for-innovation-in-education/. Retrieved 16 Feb 2015.
Johnson, T. P. (1993). Managing student records: The Courts and the Family Educational Rights and Privacy Act of 1974. West’s Education Law Quarterly, 2(2), 260–276.
Kerckhoff, A. C., & Glennie, E. (1999). The Matthew effect in American education. Research in Sociology of Education and Socialization, 12(1), 35–66.
Kolowich, S. (2013a). A university’s offer of credit for MOOC gets no takers. Chronicle of Higher Education. http://chronicle.com/article/A-Universitys-Offer-of-Credit/140131/. Retrieved 8 Aug 2014.
Kolowich, S. (2013b). California puts MOOC bill on ice. Chronicle of Higher Education. http://chronicle.com/blogs/wiredcampus/california-puts-mooc-bill-on-ice/45215. Retrieved 8 Aug 2014.
Kolowich, S. (2013c). American Council on Education Recommends 5 MOOCs for credit. Chronicle of Higher Education. http://chronicle.com/article/American-Council-on-Education/137155/. Retrieved 8 Aug 2014.
Leckart, S. (2012). The Stanford education experiment could change higher learning. Wired.com. http://www.wired.com/wiredscience/2012/03/ff_aiclass/. Retrieved 5 Aug 2014.
Lucas, H. (2014). Disrupting and transforming the university. Communications of the ACM, 57(10), 32–33.
MacCarthy, M. (2014). Student privacy: Harm and context. International Review of Information Ethics, 21, 11.
Mawdsley, R. D., & Russo, C. J. (2002). Limiting the reach of FERPA into the classroom: Owasso school district v. Falvo. West Education Law Reporter, 165, 1–13.
Merriam, S. B., Caffarella, R., & Baumgartner, L. (2007). Learning in adulthood: A comprehensive guide (3rd ed.). New York: Wiley.
Morozov, E. (2012). In Soviet Russia, book reads you. Slate. http://www.slate.com/articles/technology/future_tense/2012/11/coursesmart_analytics_whispercast_the_danger_of_software_that_monitors_students.2.html. Retrieved 16 Feb 2014.
Nesterko, S. O., Dotsenko, S., Han, Q., Seaton, D., Reich, J., Chuang, I., & Ho, A. D. (2013). Evaluating the geographic data in moocs. In Neural information processing systems. http://nesterko.com/files/papers/nips2013-nesterko.pdf
Noer, M. (2012). One man, one computer, 10 million students: How Khan Academy is reinventing education. Forbes.com. http://www.forbes.com/sites/michaelnoer/2012/11/02/one-man-one-computer-10-million-students-how-khan-academy-is-reinventing-education/. Retrieved 8 Aug 2014.
O’Donnell, M. L. (2003). FERPA: Only a piece of the privacy puzzle. Journal of College and University Law, 29, 279–715.
Pariser, E. (2011). The filter bubble: How the new personalized web is changing what we read and how we think. New York: Penguin Books.
Penrose, M. M. (2012). In the name of Watergate: Returning FERPA to its original design. 14 N.Y.U. J. Legis. & Pub. Pol. 75, 96.
Piech, C., Huang, J., Chen, Z., Do, C., Ng, A., & Koller, D. (2013). Tuned models of peer assessment in MOOCs. arXiv preprint arXiv:1307.2579.
Polonetsky, J., & Tene, O. (2014). The ethics of student privacy: Building trust for Ed Tech. International Review of Information Ethics, 21, 31–32.
Privacy Technical Assistance Center. (2012). PTAC-FAQ. http://ptac.ed.gov/sites/default/files/cloud-computing.pdf. Retrieved 16 Feb 2015.
Sandeen, C. (2013). Integrating MOOCS into traditional higher education: The emerging “MOOC 3.0” Era. Change: The Magazine of Higher Learning, 45(6), 34–39.
Sheridan, K. (2013). Blackboard MOOC gains 15 more colleges. InformationWeek. http://www.informationweek.com/software/blackboard-mooc-gains-15-more-colleges/d/d-id/1110778. Retrieved 16 Feb 2015.
Simon, S. (2014). Data mining your children. Politico. http://www.politico.com/story/2014/05/data-mining-your-children-106676.html. Retrieved 5 Aug 2014.
Solove, D. (2013). Privacy self-management and the consent dilemma. Har. L. Rev., 126, 1880.
Straumsheim, C. (2014). Proactive on prior learning. Inside Higher Ed. https://www.insidehighered.com/news/2014/04/15/accept-moocs-credit-florida-international-u-may-set-prior-learning-assessment. Retrieved 16 Feb 2014.
The White House. (2012). Consumer data privacy in a networked world: a framework for protecting privacy and promoting innovation in the global digital economy (Report). http://www.whitehouse.gov/sites/default/files/privacy-final.pdf
The White House. (2015). FACT SHEET: Safeguarding American Consumers & Families (Press Release). http://www.whitehouse.gov/the-press-office/2015/01/12/fact-sheet-safeguarding-american-consumers-families
Toglia, T. V. (2007). How does the family rights and privacy act affect you? Tech Directions, 67(2), 32–35.
Turow, J. (2013). The daily you: How the new advertising industry is defining your identity and your worth. New Haven: Yale University Press.
Virginia Tech IRB. (2015). FAQ for Academic Assessment Research. http://www.irb.vt.edu/pages/assessment.htm. Retrieved 16 Feb 2015.
‘Watered Down’ MOOC Bill Becomes Law In Florida. (2013). Inside Higher Ed. http://www.insidehighered.com/quicktakes/2013/07/01/watered-down-mooc-bill-becomes-law-florida. Retrieved 8 Aug 2014.
What You Need to Know About MOOCs. (2014). The Chronicle of Higher Education. http://chronicle.com/article/What-You-Need-to-Know-About/133475/=. Retrieved 5 Aug 2014.
Young, J. (2012). Inside the Coursera Contract: How an upstart company might profit from free courses. Chronicle of Higher Education. http://chronicle.com/article/How-an-Upstart-Company-Might/133065/. Retrieved 16 Feb 2014.
Young, J. (2013). California puts MOOC bill on ice. Chronicle of Higher Education: Campus Wired Blog. http://chronicle.com/blogs/wiredcampus/california-puts-mooc-bill-on-ice/45215. Retrieved 8 Aug 2014.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jones, M.L., Regner, L. Users or Students? Privacy in University MOOCS. Sci Eng Ethics 22, 1473–1496 (2016). https://doi.org/10.1007/s11948-015-9692-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11948-015-9692-7