Ara Shirinian: UC should protect student privacy, take steps to prevent data mining

Every day, billions of pieces of information are collected on students and used to create intricate profiles on them.

Most of these students don’t even have a choice, because they are forced by their schools to use programs that track them.

Unfortunately, state and national legislation fails to provide the same kinds of privacy protections for college students that it provides for students in K-12. While legislation remains inadequate, the University of California should only allow academic departments or professors to require the use of cloud and mobile services if their privacy policies are in the interest of students.

Last year, Gov. Jerry Brown signed into law the Student Online Personal Information Protection Act. This is a comprehensive piece of legislation that protects student privacy by banning companies from selling student data, using data for advertisement purposes or creating digital profiles of students for its own purposes.

The problem is that the bill only applies to K-12 education. This a serious oversight because college students are prime targets for profiling by companies that want to sell their information or deliver them targeted advertisements.

The Obama administration is currently working on new federal legislation similar to the one passed in California, but all indications point towards there being no mention of higher education there either.

Pearson Education is one company that provides many educational programs, like MasteringPhysics, MyMathLab and MyStatLab, that are used at schools across the country, including those in the UC system. Pearson was recently criticized for monitoring student social media accounts while developing new testing software. While this extreme activity is not indicative of how all its services are run, the privacy policy for its services states that it can collect data related to “your full name, address, email address, username and password, phone number, and credit or debit card information … the name of the school you attend or your workplace, date of birth, personal interests, and grade information.” This is significantly more information than what is normally considered personally identifiable public information in universities.

Programs like MasteringPhysics are often used to do homework, so working on them is required for a portion of students’ grades. The privacy policies of programs like these can often be extremely long and difficult to understand, and most students probably don’t read through them before agreeing to the terms and conditions.

This means that students in higher education are particularly vulnerable to having their information collected by companies like Pearson.

Until meaningful legislation is passed on the national or state level, the UC should set clear rules on the type of information that can be mined; that way, students won’t have to worry about how their data is being collected or used.

That process should not prove to be too difficult; simply working with companies that have more progressive policies could go a long way in protecting students.

Many companies have made an effort to protect student privacy on their own, which leaves the UC with a lot of options. For instance, after receiving some criticism for reading student emails, Google changed the privacy policies of its Apps for Education, so that student email addresses are no longer monitored and receive no advertisements. This is good news for UCLA students because school emails are hosted by Google.

The UC system should search for alternative online tools to replace all those that mine data from students unnecessarily. In cases where there is no viable alternative for a tool, the University has an obligation to, at the very least, inform students of the kind of data that is being mined from them.

Adults can make decisions about which advertisement-supported services they use, like Facebook, but students often don’t have a choice about using mandated online tools for their classes. This makes it all the more important for universities to instate protections on its own.

The most logical thing to do then would be to push these two methods forward: first, creating clear university policies about partnerships with third party companies, and, second, expanding student privacy legislation to higher education.

Students have a right to feel secure with their information without the fear of being tracked while participating in academic work.

While groundbreaking legislation for student privacy continues to ignore a huge portion of those affected, the UC should pick up the slack left by the state and protect its students.