Concerns raised over universities signing over students’ private FERPA data to voter data companies

Editor’s Note: This article was originally published by The College Fix on April 3, 2024 and is crossposted here with permission.


A relatively new report outlines how universities nationwide have signed over students’ private FERPA data to a third-party vendor that reviews their personal information to help study college students’ voting trends.

The nine-page report describes how a national voting study run out of Tufts’ Institute for Democracy in Higher Education gets university administrators from across the country to agree to release students’ Family Educational Rights and Privacy Act, or FERPA, enrollment data from the National Student Clearinghouse, where its kept, to a voter data company.

“This is an extraordinary violation of student privacy and is not consistent with FERPA,” said Heather Honey, an investigator with Verity Vote, in a recent interview with The College Fix.

Verity Vote is an organization that works to ensure government transparency, including election integrity issues, she said, and published its findings on the student voting issue in July 2023.

At issue is Tufts’ institute’s National Study of Learning, Voting, and Engagement, launched during the Obama administration in response to a “call to action,” the report states.

But as recently as February, the U.S. Department of Education encouraged colleges and universities to take part in the study to “use their own campus reports to see where there are gaps among their students in registering, and all schools can use the national dataset to determine target populations.”

The study is “a service to colleges and universities interested in learning their students’ aggregate voter registration and turnout rates in national elections since 2012,” as described on its website.

“NSLVE data are the result of matching student enrollment records with public voting files,” the FAQ section states. More than 1,200 campuses participate in the study.

For a university to participate, its leaders sign a two-page contract that states administrators are allowing the National Student Clearinghouse to release their students’ FERPA data to a “third party vendor,” a company not named in the contract, according to the 2022-2033 reauthorization form.

“The third party vendor of choice from inception until recently has been Catalist, the Democrat’s exclusive voter data provider. Tufts maintains a relationship with Catalist but also has an agreement with L2 Political for analysis of the NSC data,” the report states.

The report alleges that campus leaders “may have been duped into authorizing disclosure of highly sensitive private student data to a partisan private corporation that works exclusively with Democrats and progressives under the guise of a dubious ‘study exception’ to FERPA’s prohibitions against sharing of the data.”

Tufts University spokesman Peter Collins told The College Fix via email on Tuesday the institute switched to L2 in 2018.

The report also argues the release of the data does not fall under FERPA’s exceptions, which must fall under one of three categories: to “develop, validate, or administer predictive tests”; “administer student aid programs”; or “improve instruction.”

The two-page contract that the universities sign states the data is needed to improve instruction:

“NSLVE offers colleges and universities an opportunity to measure the voting and registration rates of their students, to use such information to study the effectiveness and improve the instruction of its educational programs, and to increase student civic learning and engagement in democracy. IDHE shall also use the Institution’s de-identified enrollment data for publishing aggregate reports regarding student civic learning and engagement in democracy which do not identify Institution.”

However, the Verity Vote report argues that “[m]easuring the success of voter registration or [Get Out The Vote] activities does not logically fit into any of the study categories … of FERPA.”

“Voter registration is not a requirement for student aid, it does not improve academic instruction and it does not assist with predictive tests.”

Asked about the Verity Vote argument, Collins said the study does improve academic instruction and thus falls under the exception.

“NSLVE data and reports are used as a way of measuring something that is a key part of higher education’s role in the U.S. – educating for democracy,” he said. “NSLVE serves as a proxy measure for student political learning, and it is one of the only ways to do so.”

He cited campus campaigns that educate for democracy year-round, “not just during an election season, and using elections as that ‘teachable moment’ for students as responsible citizens in a democracy.”

“We do other research on learning conditions for civic learning. We help campuses understand and use their NSLVE reports, but we always stress the educational value of this information,” Collins said.

While the contract states the data will be deleted within one year, Verity Vote argues there is “no mechanism to verify deletion of the NSC data from the vendor’s database.”

The report also flags the fact that the voter data company, which for years was the self-described “progressive” Catalist before L2, essentially gains access to what is known in voting lingo as EBUs, or eligible but unregistered voters. In the case of college students, studies show that’s primarily Democratic voters.

The voter data companies take the personal information of the students and turn it into de-identified aggregated student voting data, which is then used in the Tufts study and given to universities, ostensibly to help them improve education.

“Tufts reports that the student files are de-identified by removing names, identification numbers and month and day of birth. However, this is superficial de-identification, the collection of attributes retained in the data can be used to identify individuals just as the cookies on your browser can be used to identify you,” the report states.

It points to an Office of the Director of National Intelligence report, declassified in June 2023, that “reveals how de-identified data can easily be re-identified with minimal attributes.”

Collins told The Fix the university and the institute do not receive students’ personal identification data, that the information is removed by L2.

Tufts’ relationship with the voter data companies is “simply to access a voter file, which is already a matter of public record,” he said.

“We do not ask for or receive any information, for example, such as phone records. Nothing about a public voter file is partisan. We do not receive any data on party affiliation.”


Photo by Vitalii Vodolazskyi — Adobe Stock — Asset ID#: 179067778

3 thoughts on “Concerns raised over universities signing over students’ private FERPA data to voter data companies

  1. Universities have always sold their students data. Many male students receive Playboy Magazine in their name and at their home address within two months of enrolling. All students who enroll in public universities have their name, email, phone, home address sold to a company that posts this info online… which is why you can find yourself listed on many websites. Google for your name and home address right now. Check and see.

    Universities, banks, credit cards, credit bureaus, utilities and post offices all LEGALLY sell/share their customers data (name, phone number, address, email and other personal data like political data if available ) with companies who post this data straight on the internet to sites like Radaris, Intelius, Whitepages (and dozens of other sites).

    I called Acxiom (the biggest data collectors in the US) and their representative explained to me that the United States is the ONLY country in the world under an “opt-out” law —- meaning all data can be sold/shared and citizens must “opt-out” to keep it private. All other countries are under an “opt-in” law — meaning information is automatically kept private unless a citizen opts-in to having their info sold or shared.

    If university students and customers of banks, credit cards, credit bureaus, etc want their information private, they need to band together and change the opt-out law.

  2. When I called Acxiom, they explained the United States is one of the only countries under an “opt out” law —- meaning all data can be sold and shared and we must “opt out” to keep it private. Hence the banks and credit cards share our names, phone numbers, email addresses and home addresses to the credit bureaus who sell it to the public and put it on the Internet.

  3. The actual report is at: https://verityvote.us/wordpress/wp-content/uploads/2023/07/national-student-data-sharing_VerityVote.pdf

    This is chilling in a different way — prior to about 2012, it was possible for Republican students to remain “in the closet” — to not have the university know that they were registered Republicans in their hometowns and hence not be treated as second class students. That started changing around 2012 and this might be why.

    Second, it is one thing to register college students en masse without bothering to check to see if they are registered elsewhere, it is something else entirely to do so when you KNOW that they are. That’s criminal…

    Third, the more that MAGA America hears about this sort of stuff happening in higher education, the less likely they are to be supportive of continuing to fund higher ed….

Leave a Reply

Your email address will not be published. Required fields are marked *