Remember when FERPA was all you needed to know about student (data) privacy?
EdAI and FERPA 101: Navigating Privacy and Regulation in an Algorithmic World
Artificial Intelligence (AI) is increasingly being utilized in higher education (EdAI) to categorize, target, track, and predict student behavior and their educational environment. The implications of AI in this context are not yet fully understood, and the laws that govern these technologies and institutions are not always clear.
In light of this, we are excited to announce the launch of our blog series on the regulation and trustworthy use of AI in Higher Education. Our first installment focuses on understanding how the Family Educational Rights and Privacy Act (FERPA) applies to AI. While FERPA is the primary law governing student privacy for over two decades, its application to new technologies such as AI is not always clear. We are kicking off our series with a high-level overview of FERPA history and insights into how technological advancements motivated its passage.
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974, long before the widespread use of technology in education - and certainly before the use of AI. FERPA’s goals were to protect student records, give parents and eligible students (generally students who are 18 and older) access to records, and “prevent erroneous, biased, or unfounded allegations from limiting students' future prospects.” In addition to concerns about confidentiality and access, technological advances also spurred Congress to act. As computers started taking over record-keeping tasks, concerns arose regarding the potential for errors and breaches in confidentiality. A 1969 study on record-keeping highlights this reality:
“Computerized record-keeping systems by several school districts may make detection of errors somewhat more difficult unless extreme care is taken by school personnel… The more frequently that records are examined… the more likely it is that mistakes will be discovered and corrected. The eventual widespread use of computers in schools, therefore, should be accompanied by policies encouraging more frequent access to school records by parents, as well as school personnel.”
Despite the common misconception that FERPA’s creators were exclusively thinking about paper records, a major motivation for FERPA was the need for additional safeguards around computerized records because the potential for errors was greater.
Technology has been integrated into the fabric of education since FERPA’s introduction in 1974, but the concerns around data access, quality, and fairness remain the same. Consequently, automated decision-making algorithms, machine learning models, and data analytics techniques, are not explicitly covered by FERPA. However, privacy protections within FERPA, such as rights of access, the ability to challenge inaccurate information or have information deleted, and other rights, do apply to these technologies. As higher education institutions continue to adopt AI systems to manage many aspects of education, higher education institutions must understand how FERPA may apply to their use of AI systems. To do this, higher education systems should seek out guidance from the Department of Education and other agencies to clarify how AI is regulated under existing law and identify where there are gaps in existing law that need new protections. Over the next month, we’ll be posting a series of blogs talking about some of the likely implications of FERPA for AI.