Package Rules: Why the Udacity-San Jose State collaboration will beat “unbundling”

This week, two of California’s three higher education systems announced their intent to partner with for-profit online education companies such as Udacity to experiment with online and blended courses. This expansion in online education will be unlike the first courses in commercial MOOCs (massive open online courses),1 which often focused on computer-science and other technical courses. Instead, the new collaboration between Udacity and San Jose State University will be in high-demand prerequisite classes and developmental (remedial) programs.

Most of the attention for this story focuses on the experimental nature of the agreement for students: will these courses help students, especially those who otherwise might be stuck in an endless loop of remedial and prerequisite courses? But it is also experimental for colleges and universities, and even moreso for companies experimenting with online education. One of the major questions with massive online courses is the business model for-profit companies are trying to develop. This week’s announcement is a tentative answer of sorts: colleges and universities might directly contract with companies to help develop and maintain courses in a university-vendor relationship.

That possibility sets the stage for a divide between companies interested in partnering with colleges and universities and companies pinning their hopes on the complete unraveling of higher education, or “unbundling” as some have termed it. Tech guru Clay Shirky predicts such an unraveling, and New America Foundation education policy director Kevin Carey hopes it will happen, with students taking courses in an a la carte fashion and somehow breaking the collegiate credential package. Damn those colleges! comes the cry. Why should the package of “attending college” have such market power? Let’s break the system!

Many faculty are skeptical of the Great Unraveling argument, for a few reasons: among others, while many disciplined students could easily succeed in college without any institutional support, there is often a useful discipline that comes from knowing you will see faculty and classmates every few days. That structural support is highly imperfect–no one should be happy with the general level of attrition in colleges or from remedial (developmental) courses that many community-college students are required to enter. But the imperfect nature of higher education does not mean that the Great Unraveling would be better. For young adults, for parents with busy lives, and for mid-career professionals looking to respecialize and retrain, there is much to be said for a notional one-stop shop for education, and a college or university is that one-stop shop.

One of the hidden advantages of using the one-stop shop is some (partial but important) protection that comes from attending a college that receives federal funding. Colleges, universities, and elementary and secondary schools must comply with the Federal Educational Rights and Privacy Act (or FERPA), which requires that schools protect student records. FERPA is imperfect–the law and regulations were written in the pre-Internet age–but it provides the type of umbrella protection of privacy that is largely absent from the rest of the Internet… including companies that would take advantage of the Great Unraveling.

Does FERPA apply to online education? Yes, if the school receives funding from the U.S. Department of Education. FERPA “applies to an educational agency or institution to which funds have been made available under any program administered by the Secretary” of Education (53 Federal Register 11943, section 99.1). A college or university that contracts out some part of coursework, whether content or platform, can and should bind the vendor to meet the same standards the University has to meet, as North Carolina State University recommends. One of the major advantages Blackboard had in the early days of Learning Management Systems was the development of technology that could satisfy university lawyers on data security. (You surely didn’t think Blackboard had an advantage in its technology being pedagogically sound, right?)

As a result of FERPA requirements, a company that does business with colleges and universities has a strong incentive to build student-privacy protections into its platform, because that is a requirement to get in the door. Once built, that technology then becomes part of the infrastructure for the company more generally. Thus, when news broke in late 2012 that online education company Coursera had created a career-placement service, giving access to student records to selected business partners, it was only with student consent and, where there was a contract with a college or university, only with the school’s consent. Udacity told the Chronicle of Higher Education it had a similar service, and because Udacity is now contracting with San Jose State, Udacity has to build (or has built) FERPA-compliant protections.

But what about stand-alone outfits that do not seek any direct or indirect federal funds: what might we see if higher education truly becomes “unbundled”? We know the attitude of one company trying to profit from unbundling: the head of “World Education University” told a reporter last summer that the company intends to stay away from being bound by federal protections for students: “Title IV [federal funding with its regulation] means nothing to us.”

If you look at the privacy policy of StraighterLine (an a la carte darling of pro-unbundling advocates such as Kevin Carey), you will see large holes in student privacy in an unbundled world: StraighterLine makes no pretense that it tries to meet FERPA privacy standards. StraighterLine states explicitly that personal information “may be given to an institutional administrator or other third parties with direct relationships with StraighterLine.” World Education University has an even broader clause in its Terms of Service: “WEU may share your information with any third party outside of our organization as necessary to underwrite free educational offerings.” A college or university receiving federal education funding and thus under FERPA could not give itself the same privileges. There is nothing I could find in the StraighterLine or World Education University privacy policies that prohibits sharing student information with recruiters or anyone else willing to pay these companies for the data.

Let’s get out of our head the picture of “sharing your information” as an inherently benign activity, something with the consent structure required by FERPA. Online, privacy is largely unguaranteed, at least for those in the U.S. A quick browse through the online privacy section of the Privacy Rights Clearinghouse website illustrates the practices that commercial entities feel free to engage in. StraighterLine or World Education University might send some student names to job recruiters, making a match and providing a career boost for a small handful, but even with a benign outcome, it’s unsettling for any organization to collect a finder’s fee for employment without gaining the consent of the supposed beneficiary.

Instead of such vaguely-benign-but-unsettling “sharing,” I imagine a number of clearly unsavory uses of MOOC users’ data, such as providing detailed information about activity on courses to private data clearinghouses, outfits that can combine the information with political party registrations, credit information, and consumption records to feed the great maw of Big Data. Is taking Pre-Algebra multiple times correlated with home mortgage foreclosure or with Type II diabetes? If we truly see the unbundling of higher education, I expect this information to become the common fodder for credit analysis, potential employers, and marketers. Pick your creepy use of personal data; nothing in StraighterLine’s or World Education University’s privacy policies promises to abstain from it.

In the long run, I suspect StraighterLine, World Education University, and any other entity trying to evade FERPA restrictions will have limited impact, because to do so the company would have to forgo a very large stream of revenue. Yet I worry about the potential damage that may be done to unsuspecting users, and who those users might be. They’re probably not the young adults whose parents can afford Williams and Stanford and the like. Then again, that’s the reason why StraighterLine appealed to Kevin Carey–a low, flat-rate charge for access to all-you-can-eat courses. He just didn’t look more closely at the back side of that deal.2

I don’t think that the protection of privacy within a college or university is the primary reason why I expect there to be no day of the Great Unraveling soon, but the issue of privacy is an illustration of the differences between private a la carte offerings and institutional behavior. Maybe community college students do not buy a “lifestyle package” in the same way that students at residential colleges do, but they still buy a package of services, and I think for the most part students do not want to be the higher-ed equivalent of serving as your own general contractor. Part of the script for a “real” college or university is an organization that handles admissions, advising, the curriculum, tuition, and a few other items. That includes protecting student privacy, something that StraighterLine and its close cousins appear to be happy ignoring in its privacy policies.

Addendum: In the world of “we ignore federal funding,” New Charter University’s privacy policy is much better than either StraighterLine’s or World Education University, containing the following sentence: “New Charter University will not rent or sell your personally identifiable information to others.” That’s worlds better than World Education University. Then again, NCU’s privacy policy is subject to change at the whim of its leaders.

If you enjoyed this post, please consider subscribing to the RSS feed to have future articles delivered to your feed reader, and sign up for my irregular newsletter below!


  1. A caveat on the term MOOC: Udacity is often called a MOOC company though the courses at San Jose State (the focus of Tuesday’s announcement) are not initially large enough to be called MOOCs, and the courses are not open in the way many think MOOCs should be. Instead, this agreement is a university-vendor contract… the central fact that is the basis for my discussion here. []
  2. The seamier for-profits who take tuition supported by federal student loans do a much better job of roping in naive young adults even without selling individual student data to third parties, but there’s a creepy scam built for everyone. []