Canvas LMS and Student Data Collection Image c/o author By Lucy Bikahi American Journalism Student 2023 is an age of constant data monitoring and collection; from streaming services, to social media, all the way to the learning platforms students use to submit assignments. Educational technology, such as the learning platforms used by colleges to post announcements and turn in assignments, make large amounts of student data available to EdTech companies and other parties associated with those corporations. In the Fall of 2023, Saint Mary’s College of California (SMC) officially made the switch from Moodle, its previous online learning management system, to Canvas. Canvas appears to be a well organized and user friendly platform; it is easy to navigate and its layout makes it clear what is available to its users. However, what is not readily apparent is the vast amount of student data that is collected in order for the website to function. Everyone should be mindful of their online data, where it is going, and who is collecting it. As stated by American Journalism Scholar and Professor Nolan Higdon, “In this new economy of surveillance capitalism, people are the ones who are mined for data. So people think they are using products, but they are the products.” Canvas LMS, the learning platform currently utilized by SMC, is supported by Instructure. Instructure is an educational technology company owned by Thoma Bravo, a multi-billion dollar private equity firm. Instructure collects large amounts of student data through their educational software, such as Canvas. The data collected by Canvas and its privacy policy regarding that data can be found here. It is a long list of personal information including, but not limited to, contact information, geographic location, in-site interactions, browser type, “unique device identifiers,” and more. According to Canvas’s website this data is reportedly used to “provide, analyze, and improve products.” A general outline of how that data is utilized is provided, however there is not a specific outline of how each piece of data is utilized within user experience and why it is crucial to product functionality. Furthermore, the authorized actions of third party providers are made very vague. Initially created in the 1970s, the Family Education Rights and Privacy Act or FERPA was intended to ensure student privacy protection. However, under updated 2012 FERPA laws, definitions of certain terms were expanded, creating a loophole that allows EdTech companies to share student data to companies and corporations outside of themselves. The student data made accessible to Instructure through Canvas is also made available to authorized third party service providers, which are utilized with, “the sole purpose of providing you [users] with our products,” according to the Canvas product privacy web page. For example, according to their security webpage, Instructure’s learning platforms are hosted by Amazon Web Services (AWS). According to a written interview with Daisy Bennett, Instructure’s Associate General Counsel and Data protection officer, AMS and other third party providers are, “not permitted to share customer’s data or use it for any unauthorized purposes.” However, authorized uses of data were not specified further. According to Bennett, a lot of the student data signed over to Canvas and by extension Instructure depends on the contract that they agree upon with the academic institutions they work with. That means that the information signed over to create students’ Canvas accounts was decided upon by SMC, rather than the individual students affected. When talking to students about whether or not they were fully informed by SMC about the amount of data Canvas collects upon the switch from Moodle to Canvas, the general consensus was that they were not. “I don’t like it. It’s an invasion of privacy and I should have been explicitly told about it before I was given a Canvas account,” said SMC junior Roark Rowland. “I don’t see how they would need all that information,” says SMC junior and student writer Sam Nobile, later adding,“I think that they [SMC] should disclose more about Canvas’s data practices because it feels like a very glaring thing to not explicitly inform students of.” “You’re basically allowing these companies to have an intimate look at students from the cradle to the grave,” answered Professor Higdon, when asked about the ethics of using online learning platforms to store student information. He continued, “historically benign invasions of privacy have had pretty detrimental consequences.” When asked about potential alternatives to Canvas and other online platforms that collect student information and whether or not students should be able to opt out of using them, there were a variety of suggestions put forward. There was a consensus that everyone has a right to their own personal information, and should therefore be able to make their own decision as to what platforms they utilize, rather than administrators making that decision for them. Suggestions on alternatives included individual institutions developing independent academic software, students and faculty getting a cut of data dividends made by corporations running learning platforms, and the right to be erased being made easily accessible. Currently, according to Bennett, Canvas LMS does provide the ability to erase all student data if requested so by the user. However, if a student’s account was created by their school, they may have to request permission from the institution in order to delete the student’s account and data. Essentially, when this is the case, the academic institution has the final say over student data, not the students themselves. Data should be the property of the individual students themselves, not a corporation or an academic institution, as students will be the ones affected by this type of surveillance capitalism in the long term.
0 Comments
Leave a Reply. |
STAFFMadison Sciba '24, |