The seriousness of online privacy is something that did not really occur to me until this course. I do all kinds of nothing to protect my information online. It is something I used to chalk up to a fairly consistent trait of being generally trusting of strangers. I tend to leave my wallet out on tables. When I lived on the South Side of Chicago or in a dodgy small city in Russia, I would walk home at night all the time. My phone has never had a locked screen. As a logical extension of these examples, I haven’t even checked how to make myself unsearchable on Facebook and only a month ago did I realize that I ought to have truly different passwords for different things and not tell them to people.
This past week, my professor was quoted in this article in the tech section of the Chronicle of Higher Education. The piece, entitled “Are MOOC-Takers ‘Students’? Not When It Comes to Feds Protecting Their Data,” focuses on the murky legal space MOOCs occupy in their collection of user data. The topic is a spicy one, as it truly is hard to call whether or not a free, open online course ought to adhere to the same strict regulations that protect student data within academic institutions. Should MOOCs be bound by Ferpa, and therefore be legally responsible for protecting the information of registered course-takers? Some universities say no, Ferpa does not apply to their MOOC offerings, though many of them still protect the information regardless, out of sheer goodness.
I was relieved to find that edX’s answer was simply “YES.” Universities offer MOOCs, and the enrolled users, while not enrolled in the school, are still enrolled in the course. I also do not see any reason that schools offering open online courses would be exempt from treating the data of those users as they would that of a tuition-paying student. The incentive on the university’s part to instill institutional trust in the user may be lost when the money is gone, and the funding may be from different sources, but the terms of the federal law still seem like they ought to apply. However convoluted and remote, the university-student relationship still exists in the MOOC-space. Registrants share identifiable information that ought to be protected. As an unknowing user, I believe I would have more trust in, say, Stanford University to protect my information than I would, say, Twitter. This might be naiive, but I’d maintain that an academic institution of any kind ought to inspire at least the trust of confidentiality of my information, even in the wild web.