As Web culture permeates the higher education experience, from Yik Yak conversations to collaborative digital assignments, questions of data privacy are gaining national attention. In 2015, 46 states introduced 182 bills addressing student data privacy, according to nonprofit advocacy group the Data Quality Campaign.
These attempts to protect personal information treat student data as something to be managed and controlled—but don’t give students themselves a voice in how they want their data to be used.
Jim Groom, who spearheaded the Domain of One’s Own effort as director of technologies at the University of Mary Washington, thinks there’s a better way. He’s working with Brigham Young University (BYU) on a personal API concept that would let students decide what they share, with whom and for how long. “We’re building a system that de-centers the control of data, so that students can control their own information,” Groom says.
A personal API builds on the domain concept—students store information on their site, whether it’s class assignments, financial aid information or personal blogs, and then decide how they want to share that data with other applications and services. The idea is to give students autonomy in how they develop and manage their digital identities at the university and well into their professional lives.
Domain of One’s Own
Since UMW introduced Domain of One’s Own in 2013, more than 30 universities have followed suit. They’re giving students and faculty domain names and Web spaces and letting them experiment. Users publish coursework, build portfolios or tinker with personal projects, for example.
The idea springs from what Phil Windley, an enterprise architect at BYU, calls sovereign source identity—the notion that your identity comes from within you and not from someone else. It’s the opposite of what happens in many online transactions today. Facebook, Google and even universities give users identities, Windley says. When individuals share personal information with these services, their data lives inside the organizations’ administrative domain and they have little to no control over what happens next.
“We want to teach students that this isn’t the only way identity happens online. They can create their own,” Windley says. This fall BYU introduced its Domain of One’s Own pilot to 1,000 student and faculty participants. But offering personal Web spaces is just the beginning, Windley says. “Domains help students understand their personal identity. The next step is understanding your personal data and how you control that.”
Domains as Gateways
A personal API radically changes the relationship between data owners and users. In the university context, it works like this: Students store their information in their personal domains and grant other sites and applications access to that data as they see fit. Perhaps they want an app to access their course enrollment data for exactly one semester, or they want to share only certain portions of their portfolio with their professor. In theory, a personal API creates a more egalitarian relationship between the person sharing data and the entity that wants to use it.
“It’s the idea that tapping into one’s data should be a negotiation that the student gets to make,” says Adam Croom, director of digital learning at the Center for Teaching Excellence at the University of Oklahoma (OU). “Why can’t I manage what apps tap into my data, whether that’s the learning management system or the bursar’s office? Why aren’t there terms and conditions for students to understand who has access to their data?” OU launched its Domain of One’s Own initiative, called OU Create, in fall 2014 and is also working on API programs at a system level.
At BYU, Windley and his colleagues have been working on a university API, which will make the school’s data easily accessible so that developers can build applications that use it. Now they’re figuring out how student and faculty APIs could interact with a broader one developed by the university. BYU teamed up with Groom and his company Reclaim Hosting, which provides domains and Web hosting to educators and institutions, to use domains as the hosting platform for personal APIs.
Reclaim and BYU will test personal APIs this spring. Once students have a domain, they’ll be able to install applications that allow their data to talk to other programs, such as a learning management system. From their domain site, users will have the option to publish work and share data with different spaces, including social media and class sites, and control privacy settings to decide which other sites can access their information.
From Data Owner to Arbiter
A personal API linked with a domain puts students at the center of their learning experience. Windley says he sees the combination as a key to lifelong learning. In managing their data and taking their work with them well beyond their academic life, students become active participants in their education, rather than passive consumers, he says.
As with domains, not every student and faculty wants to use a personal API. The project is as much about opting out as opting in, Groom says. He doesn’t anticipate that all 30,000 BYU students will sign up for a personal API. Instead he says he hopes the project will provide a proof of concept that students and faculty care about using data in radically different ways to gain more control over the work and information they produce. “It’s not a final solution that should be pushed on anyone. It’s a platform for people to experiment with, to control and manage and work through this question of identity on the Web.”