Do you know what your college is doing with your data?
By the time most college freshmen step on campus, it’s a good bet Facebook knows who their friends are, Amazon knows what they buy, Netflix knows what they watch and Google knows …well, pretty much everything they do online.
What students may not realize is that their colleges are collecting data about them, too.
It’s not just grades and transcripts. Most colleges are completely wired. Students turn over their data when they take a book out of the library, when they log on to the campus Wi-Fi network, when they swipe their student ID to get into their dorms, when they buy lunch at the dining hall, when they post an assignment on a class discussion board and at almost every other point throughout their day.
Students typically don’t sign a blanket data-use agreement when they arrive on campus, like they do when they sign up for Facebook or Gmail. But the data colleges collect could be just as valuable.
So who owns these data? The students, who create it? Or the colleges, who collect it?
The short answer: No one knows.
“I think it’s unclear at this point,” says Bruce Maas, chief information officer at the University of Wisconsin—Madison. “We’re in a learning phase right now about this.”
A lot of student data can be used to make colleges operate better, Maas says. Knowing that students prefer pizza over chicken in the cafeteria, for instance, can help food-service operators be more efficient. Data on what time students return to their dorms could be used to improve campus security. Data on how many use the library could affect staffing or inventory.
Data can also make a difference in the bottom line, as colleges fight to get more students in the door — and turn them into successful graduates in six years or less.
From the moment a student first inquires about a college, admissions offices are learning about them through social media, campus visits and interviews. Applications, which are often submitted online through the ubiquitous Common Application, have long been rich sources of data about a student’s academic history, interests, family and finances.
Many colleges are using this trove of data, along with information gleaned from digital school work, to predict student behavior, to craft interventions for students at risk of dropping out and even to direct students to the classes and majors in which they are most likely to succeed. Companies like Naviance, which provide college-counseling services to high school students, make this easier by collecting even more detailed data on students.
“It’s difficult, because if we can help the student to be more successful through the analysis of disparate pieces of data, is that by itself sufficient to justify that we’re using it this way?” Maas says. “I don’t know the answer to that question.”
To the extent that students are even aware of what data are being collected about them, they don’t like the idea of college officials tracking their movements. Does anyone really want administrators to know that they didn’t get back to their dorm until 3 a.m. when they had a discussion section at 9 the next morning?
“I actually didn’t really think about it at all,” said Rae Friedman, a freshman at Oberlin College, when confronted with the fact that her college collects data every time she swipes her student ID card. “The swiping was just kind of like, ‘Oh, I have to get into my dorm, I have to eat.’ But now that I think about it, it’s kind of a weird tracking device on each student.”
Of course, colleges say they aren’t actually tracking students. Instead, these location data could be useful in drawing connections if students begin to do poorly. But they could track students, which is enough to worry privacy advocates.
“There’s definitely an imbalance of power and an imbalance of knowledge about the extent to which things are being collected,” says Michael Zimmer, associate professor of information studies at the University of Wisconsin at Milwaukee, who writes about online privacy. “We really need to be educating parents and students.”
It’s unclear what rights, if any, students have to protect this data. The Family Educational Rights and Privacy Act (FERPA), the law that governs what data about students educational institutions can disclose, protects “education records.” Experts disagree on whether metadata created when a specific student logs on to the Wi-Fi network or enters the library are protected under FERPA. After all, the law was written when student records were kept on paper.
“A lot of the student information that we see today unfortunately falls out of the scope of the very narrow definition of education records,” says Khaliah Barnes, director of the EPIC Student Privacy Project at the Electronic Privacy Information Center.
Which could give colleges the ability to sell student data to the highest bidder. It’s not hard to imagine PepsiCo, say, being interested in the eating habits of undergraduates. Under current law, there is little stopping the university — or the third parties to whom they contract out many campus services, including data storage — from selling data about this valuable, captive, 18-to-22-year-old demographic.
Colleges already sell access to their students to banks through campus debit cards, which are typically linked directly to a student’s ID card. The lucrative contracts often offer colleges incentives for signing up more students, who then become bank customers.
And with hacks becoming commonplace, security is a big issue, no matter who is collecting the data. Colleges and universities are juicy targets for hackers, because student records typically include social security numbers, and may also include credit card information and financial information on family members. (Explore our graphic on data breaches.)
Some students are hoping schools will do a better job of protecting and using student data out of sheer regard for their reputations. Kyle M.L. Jones, a fifth-year Ph.D. student in library and information studies at the University of Wisconsin—Madison, believes it’s in universities’ best interests to be at the forefront of responsible data-privacy practices.
“I think it’s our ethical responsibility as academic institutions to understand what’s going on with Google and Amazon and to say, ‘It doesn’t have to be this way,’” says Jones. “We can be a model for how data can be used.”
Jones, who recently wrote an article about ownership of student data, says that this model would require colleges to be transparent about what data the collect and what they do with it, and only to use it to advance students’ interests.
That’s asking students to put a lot of trust in their educational institutions, Barnes says. Luckily for the colleges, most students already feel an affinity for their universities.
“If I’m going to feel uncomfortable about giving data out, it’s going to be about giving it to big social network companies, not about giving it to my college, which I feel a personal connection with,” says Friedman, the Oberlin freshman. “I trust Facebook less than the college that I’m giving $60,000 to a year.”
But with technology moving faster than many schools’ and regulators’ ability to keep up with it, Friedman may look back one day and find she was just another idealistic college student.