I want to pick back up on some of the ideas I started to flesh out yesterday, based on Tressie McMillan Cottom’s recent talk on ideologies and identities in digital domains. Again, not sure where I’m going with this…
Tressie highlighted the ways in which new educational technologies – MOOCs for example – assume a student free of place, free of context. "Free." That’s a deeply ideological assumption, no doubt, one that erases race, class, and gender for starters. I tried to link her arguments to a tweet by Knewton CEO Jose Ferreira, who defending his company from parent-privacy activists, tweeted that Knewton “can help students understand their learning history without knowing their identity.” There, I argued, we see this nod to “identity-less-ness” – a notion that with the right engineering, the right algorithms ed-tech can be personalized to your academic needs without knowing your person.
Here, I want to turn back to those parent-privacy activists for a moment rambling exposition…
The Parent Coalition for Student Privacy
A new privacy group launched earlier this month: the Parent Coalition for Student Privacy. The group launched with letters to the House and Senate Education Committees, demanding changes to FERPA (the Family Educational Rights and Privacy Act) that would strengthen student privacy rights and give parents more say over what happens to student data.
The group describes itself as a “broad coalition.” Politico’s description: “odd bedfellows.” Among those signing the letter (and in the coalition?), education historian Diane Ravitch, Leonie Haimson (who helped lead much of the parental backlash against the data infrastructure project inBloom), Josh Golin from the Campaign for a Commercial-Free Childhood, Lisa Rudley from the Autism Action Network, Emmett McGroarty and Jane Robbins from the American Principles Project, Helen Gym from Parents United for Public Education, and Joy Pullmann, the editor of School Reform News.
As someone who spends a lot of time talking about student data and privacy and is committed to progressive education and is committed to social justice, I was pretty appalled by the coalition (and spent the good part of the day of the press release on Twitter asking for clarification from certain people as to why they thought such a coalition was a good idea). I was particularly concerned with these signers: the Autism Action Network, which is notoriously anti-vaccine and anti-science, and the American Principles Project, which is virulently anti-LGBTQ, anti-choice, anti-public pensions, anti-"promiscuity," and pro-Gold Standard (and wasn’t just a signer. APP’s McGroarty is cited in the press release).
This underscores, in my opinion, the dangers with “single issue politics,” and frankly I don’t understand how people could be willing to partner with organizations which actively work against the civil rights of other individuals and against the health and well-being of the public at-large.
And that means that, despite the hand-waving that the coalition has come to agree upon this “one important topic,” it’s worth considering how the members of this coalition might define “privacy” and “data” in very different ways.
These terms, like the technologies they’re bound up with, have histories and have ideologies.
(Ideology and) Defining “Data”
What do we mean when we talk about “privacy”? What do we mean by “student data”?
The latter is different, for example – conceptually, technologically, and of course legally – than the “educational record” as defined by FERPA. (Here’s the government’s lengthy and yet totally unhelpful definition of "educational record.") This is part of the concern of some privacy advocates who note that the protections that FERPA purportedly mandates extend to only a small portion of the “student data” that is created and collected – thanks to the variety of technologies that schools utilize. Metadata, including location data, and the time and date of data creation, are not covered by FERPA.
The Parent Coalition for Student Privacy, in its letter to Congress, expresses its concerns over the collection and sharing of “highly sensitive personal data” and "personally identifiable student data." It neither defines nor specifies what these phrases entail. Here, for what it’s worth, is the Department of Education’s definition of personally identifiable information, or PII.
PII is a legal concept, and as such, what constitutes PII differs from jurisdiction to jurisdiction. (Here’s the EU Directive on PII, for example). “Highly sensitive personal data” does, in some situations, carry legal weight (say, with regards to classified information); but the notion of “sensitivity” is incredibly subjective. That means it is personal, and it is political.
And that matters, particularly when your privacy coalition includes members of an organization, the American Principles Project, whose founder described being gay as “beneath the dignity of human beings as free and rational creatures” and has worked to prevent schools from teaching about LGBTQ historical figures or supporting LGBTQ students. How does the APP wish to see this "sensitive data" wielded, or perhaps submerged?
(Ideology and) Defining Privacy
“Privacy” is similarly undefined by the Parent Coalition for Student Privacy in its letter to Congress. There’s a sense, based on the repeated demands for parental consent regarding the disclosure of student data, that that’s the main issue: the right of parents to control information about their children.
The letter also articulates concerns over data falling into the hands of for-profit companies (although it’s worth noting that, for the right-wing American Principles Project, the fear is that the data will fall into the hands of the government).
Of course, privacy is a historical construct, one with multiple and ever-changing meanings. Defining privacy is something that NYU professor Helen Nissenbaum calls a “treacherous path.” Those who have tried
“have sought to establish whether privacy is a claim, a right, an interest, a value, a preference, or merely a state of existence. They have defended accounts of privacy as a descriptive concept, a normative concept, a legal concept, or all three. They have taken positions on whether privacy applies only to information, to actions and decisions (the so-called constitutional rights to privacy), to special seclusion, or to all three. They have declared privacy relevant to all information, or only to a rarefied subset of personal, sensitive, or intimate information, and they have disagreed over whether it is a right to control and limit access or merely a measure of the degree of access others have to us and to information about us. They have posited links between privacy and anonymity, privacy and secrecy, privacy and confidentiality, and privacy and solitude.”
Privacy in Context
In her book Privacy in Context, Nissenbaum offers a different frame:
“What people care most about is not simply restricting the flow of information but ensuring that it flows appropriately, and an account of appropriate flow is given here through the framework of contextual integrity.”
Privacy, she argues, is the right to the appropriate flow of information, and we should debate the appropriateness of the creation, collection, and consumption of data based on the context of each. We can debate this, ideally, through transparent, democratic processes, recognizing that we have to work through the knotty challenges of protecting public and individual needs. That is, with integrity.
Nissenbaum actually spends a number of pages in her book thinking through the considerations a school administrator should weigh when deciding on features for a “new computerized student record system”: questions of liberty, autonomy, fairness, harm, efficiency, cost effectiveness, and so on.
“Each [data] disclosure would need to be considered on its own merits, on the basis not only of moral and political principles, but on factual knowledge of systematic mutual effects on students and those seeking access. Both general effects and those pertaining to the goals of an educational context should be considered.”
So again, I can’t help but ask: what does “student privacy” look like for a group like Autism Action Network – a member of the Parent Coalition for Student Privacy – that opposes laws surrounding vaccinations?
The question here isn’t simply “should students be required to be vaccinated,” but “must students disclose their vaccinations”? Do schools have a right to know which students have and haven’t been vaccinated? What happens in, say, a whooping cough outbreak? Do other parents have a right to know if their child is at risk of exposure to disease? Does the public have a right to know?
Or is this “highly sensitive personal data” that a parent gets to decide whether or not to disclose?
Privacy and Context-less-ness
Context matters in learning, as Tressie’s talk this week helped make very clear. Identity matters. But ed-tech strips away the context, and in order to fend off concerns about privacy violations, asserts that identity has been stripped away as well.
To counter this, however, we cannot respond with a politics emptied of context or identity or meaning. That's a dangerous game. And it is a lie. Those things – context, identity, meaning – can be found in “data,” to be sure. But they are always more than mere "data": they are weighted and wielded by power.
Tech critic Evgeny Morozov cautions against a “technological solutionism” whereby more data and better algorithms and niftier apps claim they can solve society’s problems – often bypassing, he argues, the political processes whereby the public has an opportunity to decide what exactly those problems entail, for whom, and how.
And to resist this solutionism, we cannot respond with an acquiescence to an unexamined radical individualism – it's my privacy, my child’s data, my decision. We cannot respond by saying that privacy protections and data usages are context-less, that we should have schools that are identity-less. That simply feeds right back into the ideology of the machine.