Knight discusses if virtual-reality "Metaversities" are a risk to students' data privacy

This fall, hundreds of students across 10 colleges will join a small but growing cohort nationwide that is attending class in another dimension — the digital one.

What does that mean, exactly, for their data privacy?

To find out, The Chronicle analyzed university-vendor contracts, obtained under the Freedom of Information Act, from five of the institutions that plan to pilot “metaversities”: digital, immersive replicas of their campuses that dozens of their students will visit and even attend classes in, using virtual-reality headsets.

Their analysis unearthed inconsistencies in the provisions the contracts outlined for data privacy and security. It also found no mention of two third-party companies — one of which is Meta, Facebook’s parent company and a tech conglomerate not historically known for best practices in this realm — that will be collecting various pieces of student data during the two-year pilot.

The differences across the contracts could be attributable to a host of factors, experts said: A college’s own data-governance policies, and relevant state laws (see the California Consumer Privacy Act of 2018). Resources, and the number of general-counsel staff on hand to review contracts. The presumed lower stakes of a pilot project, and a price tag that, in the contracts The Chronicle reviewed, falls between $12,000 and $40,000.

Broadly speaking, especially if a new, exciting venture is generating community buzz, colleges’ main priorities are likely to be “to get to ‘Yes,’” said Jeff Knight, an education lawyer at Bricker & Eckler LLP. “They’re trying not to be a blocking agent.”

To read more about Metaversities and their impact on data privacy, visit The Chronicle to read more.