But when middle and high school students participate in classes with names like “Mars: The Next Frontier” or “The Road to Selective College Admissions,” they may be unwittingly transmitting into private hands a torrent of data about their academic strengths and weaknesses, their learning styles and thought processes — even the way they approach challenges. They may also be handing over birth dates, addresses and even drivers license information. Their IP addresses, attendance and participation in public forums are all logged as well by the providers of the courses, commonly called MOOCs.
With little guidance from federal privacy law, key decisions on how to handle students’ data — including how widely to share it and whether to mine it for commercial gain — are left up to the company hosting the MOOC or its business partners. In fact, student data is even less protected by federal law since the Education Department updated regulations in 2012 to allow for even greater disclosure of students’ personal identifying information.