Student Data Privacy in Field Education

Hey everyone! Starting a new thing here where I’m blogging instead of sending long emails that only one person reads. Hopefully more people find this useful.

One of the goals of Payment for Placements organizers is removing the cost of field education software. While many schools use some combination of spreadsheets, forms, poorly-formatted Microsoft Word documents and yes, paper…many schools rely on third-party software tools like Tevera. That’s the one that my school uses, and it’s the one that Payments for Placements at University of Georgia highlighted in their campaign. So, that’s the one I’ll analyze here. I imagine that most field education tracking software companies will be similar to Tevera, though a more rigorous study is required.

The reason I ask is that the issue of student data privacy comes up a lot in open education when textbook platforms try to get faculty to mandate 3rd party homework//learning platforms that are not approved by university IT… and so the companies who run 3rd party platforms can and do monetize student data. See Billy Meinke’s article which inspired mine.

This is an end-around of university IT departments’ controls on student data privacy, and it is one way that dominant education companies like textbook publishers and other vendors are pivoting to a digital-first business model. I wasn’t sure whether there were similar issues in these platforms, but I wanted to take a look. While field educators have well-established protocols they follow when choosing software vendors, sometimes those vendors can find ways to shortcut necessary review.

Tevera’s privacy policy seems anodyne, and it describes very clearly the limitations on data sharing. I’m curious about whether storing user data on AWS is FERPA-compliant, but I’m sure lots of ed tech companies do that. None of their privacy documents explicitly mention FERPA. Below is an excerpt from Tevera’s Terms of Service. Would you be comfortable if the software you used to create schoolwork required you to…

You hereby grant to Tevera and its affiliates, contractors, and suppliers a nonexclusive, perpetual, irrevocable, world-wide, royalty-free, assignable and sublicensable (through multiple tiers), license to reproduce, copy, use, host, store, sublicense, reproduce, create derivative works from, modify, publish, edit, translate, distribute, perform and display, including digitally or electronically, your submitted User Content and your name, voice and likeness (to the extent they are part of the User Content), (i) in connection with the Services, as specified under Third Party Licenses and/or for the interoperation of any third party products, (ii) if required by applicable law, where necessary to enforce these Terms of Use and/or to protect any of Tevera’s or other parties’ legal rights, (iii) in an aggregated form which does not include your identifying information, and (iv) as permitted by Tevera’s Privacy Notice.

Section 8 of Tevera’s Terms of Service

Billy’s post helpfully points to the United States Department of Education report Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

	GOOD! This is a Best Practice	WARNING! Provisions That Cannot or Should Not Be Included in TOS
10 Rights and License in and to Data Maintaining ownership of data to which the provider may have access allows schools/districts to retain control over the use and maintenance of FERPA￾protected student information. The “GOOD!” provision will also protect against a provider selling information.	“Parties agree that all rights, including all intellectual property rights, shall remain the exclusive property of the [School/District], and Provider has a limited, nonexclusive license solely for the purpose of performing its obligations as outlined in the Agreement. This Agreement does not give Provider any rights, implied or otherwise, to Data, content, or intellectual property, except as expressly stated in the Agreement. This includes the right to sell or trade Data.”	“Providing Data or user content grants Provider an irrevocable right to license, distribute, transmit, or publicly display Data or user content.”

From my reading, it appears Tevera’s language is nearly identical to the all-caps warning from the DoE. Moving down to the next section in Tevera’s Terms of Service, it also appears that students themselves are responsible for determining whether Tevera meets their needs.

Without limiting the foregoing, you understand the risks associated with the access to and use of the Services and any User Content and other data, content and materials made available through the Services, and acknowledge that you are using the Services and such other data, content, and materials at your own risk and that you are personally responsible for verifying their suitability for your needs through your own investigation.

Section 9 of Tevera’s Terms of Service

While this clause by Tevera is entirely understandable from a legal perspective, universities know school employees are actually selecting software that students must purchase. This is one reason students are not permitted to choose their field software. The other is that software companies do not design their platforms to be interoperable because it is incompatible with their business model for students to move their field education data to a better provider if one comes along.

Students are not free to decline Tevera’s terms of service and continue in their social work program. Yet, they must agree that they are entirely in charge of consenting to the terms of service and are therefore providing voluntary consent. Seems fishy…ethically…for the university to manufacture that truth.

Essentially, students are forced to purchase software that requires them to give the software company unlimited rights to use, analyze, republish, and basically have carte blanche with the educational records students enter into the platform–in perpetuity. And students are forced to say this deal was entirely their choosing, and that they entered into the agreement voluntarily.

Cool. Cool.