Have you ever witnessed a Ferpa freakout? Maybe you’ve had one yourself, as you worried about whether trying a new digital tool in class might violate the federal law that protects student privacy.
Georgia Tech had a Ferpa freakout a few years ago. The university, which had pioneered the use of public wikis for classes in the 1990s, shut down all course wikis because its lawyers believed that they violated the Family Educational Rights and Privacy Act, commonly known as Ferpa. In their view, simply making public the fact that a student attended the university (by, for example, having a student’s name appear in a public course-related wiki) violated the law. Needless to say, consternation followed. In a Chronicle article at the time, one of the creators of Georgia Tech’s wiki program lamented that the university’s take insulted the intelligence of students by assuming that they weren’t capable of managing their own privacy.
Ferpa is inconsistently interpreted across institutions and often misunderstood to be far more restrictive than it actually is. Why is there such anxiety about it? Why does it so often provoke worry and hand-wringing above and beyond what the law justifies? And why don’t students get a say in, for example, whether making their wiki content public violates their privacy?
The answers lie partly in our sense of ethics as educators. Beyond any law, there is a moral imperative to protect students’ privacy. Whenever we choose to use an electronic teaching tool, there are consequences. We may be forcing students to leave a trail of personally identifiable information. Or the risks to student privacy may be unclear. We have a responsibility to make the right decision on behalf of our students.
Of course, the moral weight of protecting students’ privacy is not unique to teaching technologies. Suppose in your class is a student with a disability. How much should you know? How much can you share with the student’s other instructors? Her adviser? As with Ferpa, colleges often go to greater lengths to protect that information than the law requires. Generally speaking, they err on the side of not sharing information about the disability, even when the knowledge could help that student’s support network to help her.
The doctrine that may best capture this sense of institutional obligation (philosophically, if not legally) is in loco parentis, which has a rich history in higher education. (For a good overview, I recommend “The Curious Life of In Loco Parentis at American Universities,” by Philip Lee.) The basic idea is that the college has a quasi-parental or guardianship obligation to its students. When the doctrine showed up in the courts, the legal issue at hand was generally whether that obligation gave colleges latitude that superseded students’ constitutional rights. This clash was often precipitated by a college’s decision to restrict behavior that might affect their character development.
In the 1913 case Gott v. Berea College, Berea held that it had the right to expel students for visiting an off-campus restaurant, arguing that it has “been compelled from time to time to pass rules tending to prevent students from wasting their time and money, and to keep them wholly occupied in study.” The Kentucky Supreme Court agreed. Other times, the doctrine was invoked in an attempt to hold colleges liable for students’ physical safety when they made decisions that put them in jeopardy (like engaging in drinking binges could end up killing them).
In loco parentis died as a legal doctrine for higher education during the civil-rights movement. When some colleges tried to restrict students’ right to protest, the courts blocked them from doing so. For example, in 1967, a federal court in Alabama invalidated a University of Alabama prohibition against publishing editorials in the campus newspaper that were critical of the governor or Legislature. Today, in place of in loco parentis, colleges are generally seen as taking a facilitator role. Theyare generally expected to help students learn what “drinking responsibly” means, but students are expected to take responsibility for their own behavior.They make decisions for themselves, as young adults. The job of educators is to guide them on how to make good decisions.
Except when it comes to student data and privacy. There, colleges are still making decisions on behalf of the students, whether those students want it or not. Whether they even know it or not.
I believe it is time to consider whether this state of affairs is in the best interest of students. After all, the data that are being guarded are often the free expressions of students. They are encapsulations of what the students have said, written, and done. Do we really believe that we serve students best by deciding for them when and how their personal information will be shared within various learning tools, or with interested third parties? They make those sorts of decisions for themselves all the time on Facebook, Twitter, and Instagram. Do we have a right to decide for students with disabilities which information regarding their need for support should be withheld from whom? Or are we unintentionally infringing on their rights, from an outdated sense of in loco parentis?
Wouldn’t we serve students better by letting them make their own decisions and, in doing so, create teachable moments in digital literacy that we deny them whenever we decide for them?
The legal barriers may not be significant. According to Steven McDonald, general counsel of the Rhode Island School of Design, “the question is not whether we facilitate student disclosure, it’s whether we disclose.” In other words, Ferpa and other privacy laws generally do not stop students from sharing their own data, even if the data are generated at a college using college equipment. “I see nothing that prevents us from letting a student putting dry-erase boards on their doors because we own the doors,” he said.
The main barriers for making a change are more logistical and financial. Software, policies, and cultures are built upon the assumption that the college makes the decision. None of these are easy to change. Nor should any decision to change them be made lightly. But the status quo is becoming less and less tenable.
Professors routinely require students to use electronic products, such as homework platforms, that are run by for-profit companies. These companies, which are not bound by the same constraints that colleges are, effectively carry on levels of education research that college researchers can only dream of. Students can neither opt in nor opt out of such corporate research, even as their colleges’ policies render equivalent academic research impractically difficult to get approved. Enabling students to make their own decisions about how their data may be used wouldn’t resolve all the complexities of this situation. But it could help.
As a first step, I propose that, whenever educators and college leaders are faced with a decision about student-data privacy, they ask themselves whether there is an opportunity to empower students to make the decision for themselves. Just that. Just start thinking of data about students as data that in some way belongs to the students.
If we can do that, then maybe we will stop freaking out about what we can’t do and focus more of our energy on what the students can do.
Michael Feldstein is a partner at MindWires Consulting, co-publisher of the e-Literate blog, and co-producer of e-Literate TV.
Join the conversation about this article on the Re:Learning Facebook page.