Massive open online courses, first envisioned as a way to democratize higher education, have made their way into high schools, but Washington is powerless to stop the flood of personal data about teenage students from flowing to private companies, thanks to loopholes in federal privacy laws.
Universities and private companies this fall unveiled a slew of free, open-access online courses to high school students, marketing them as a way for kids to supplement their Advanced Placement coursework or earn a certificate of completion for a college-level class.
But when middle and high school students participate in classes with names like “Mars: The Next Frontier” or “The Road to Selective College Admissions,” they may be unwittingly transmitting into private hands a torrent of data about their academic strengths and weaknesses, their learning styles and thought processes — even the way they approach challenges. They may also be handing over birth dates, addresses and even drivers license information. Their IP addresses, attendance and participation in public forums are all logged as well by the providers of the courses, commonly called MOOCs.
With little guidance from federal privacy law, key decisions on how to handle students’ data — including how widely to share it and whether to mine it for commercial gain — are left up to the company hosting the MOOC or its business partners. In fact, student data is even less protected by federal law since the Education Department updated regulations in 2012 to allow for even greater disclosure of students’ personal identifying information.
Parents, activists and a select group of lawmakers are clamoring for a fix. They’ve made student data privacy a top issue in state legislatures, and they’ve even dismantled major data collection efforts. For example, massive parent pushback led to the demise of inBloom — the $100 million student database funded by the Bill & Melinda Gates Foundation — a little more than a year after its launch.