December 3, 2014
By Steve Kolowich
The U.S. Education Department wants to encourage colleges and the tech companies they work with to protect student data from misuse. But the agency’s power to protect the privacy of people taking free, online courses is essentially nonexistent.
“Data in the higher-education context for MOOCs is seldom Ferpa-protected,” Kathleen Styles, the Education Department’s chief privacy officer, said on Tuesday at a symposium on student privacy. In other words, people who take free online courses known as MOOCs, or massive open online courses, are not covered under the Family Educational Rights and Privacy Act, known as Ferpa, which stipulates how colleges must protect the “education records” of their students.
That puts those taking MOOCs in a kind of limbo. They are not technically students, even though the courses are offered by colleges, some of which receive a portion of revenue from fees for certificates of completion.
The Education Department has little power to impose its own privacy standards in those courses, said Ms. Styles, “because MOOCs are seldom paid for with Title IV, government-funded dollars.”
Still, the issue is murky. The two highest-profile MOOC providers—edX, the nonprofit founded by Harvard University and the Massachusetts Institute of Technology, and Coursera, the Silicon Valley company founded by Stanford University professors—actually disagree on whether Ferpa applies in free, online courses.
And edX is acting as if the law does apply.
“The community is trying to still figure out whether and how Ferpa applies,” said Ms. Herlihy in an interview. And so the MOOC provider seems to be playing it safe, treating the data of freelance learners as if they were students enrolled at a university.
Coursera, by contrast, does not believe federal student-privacy laws apply to MOOCs, according to Vivek Goel, the company’s chief academic strategist. But the company does follow the “principles” of Ferpa when handling the data of its users, according to Mr. Goel.
Some universities that offer MOOCs on Coursera’s platform have taken a similar stance. The University of Pennsylvania guards the personal data of MOOC registrants as closely as that of the students enrolled on its campus, say officials there—but because it wants to, not because it has to.
“From a legal perspective, it’s our view that, because they are not registered as students at the University of Pennsylvania, they are not protected by Ferpa,” Edward B. Rock, a professor of business law at Penn’s law school, said in an interview.
The University of Illinois at Urbana-Champaign, another Coursera partner, takes the same position in an online FAQ for faculty members: “The university does not consider participants in our Coursera courses to be students of the University of Illinois and thus Ferpa regulations do not apply.”
[Full article here.]