Some Student Data Should Never Become Digital

By: Charles Fadel, Center for Curriculum Redesign

Adapted from “Cognitive Security Architecture for Student Learning Data”

Schools have been capturing student data for decades, and eventually will also use new applications such as Intelligent Tutoring Systems (ITS) that can adapt to each student’s pace, performance, and learning needs. But the key question becomes what kinds of student data they create, how long that data persists, and whether some information about a child should ever be digitized at all.

Student data is no longer limited to grades, attendance, test scores, or assignment completion. Modern learning systems can observe response times, hesitation patterns, engagement signals, repeated errors, abandoned tasks, and changes in behavior over time. From those signals, systems may infer far more sensitive conclusions: cognitive difficulty, emotional state, personality traits, anxiety risk, motivation, confidence, persistence, and other psychological characteristics.

That is where the line must be drawn.

The danger is not only a data breach, but a malevolent state that wishes to influence student development at scale, or freelance hackers. Breaches matter greatly, but they are not the only problem. A student profile can be collected lawfully, stored securely, and accessed only by authorized parties—and still be harmful. The harm also lies in the existence of a persistent, queryable psychological record of a child.

Children are not fixed objects to be classified. They are developing people. A label assigned at age nine can follow a student long after it has stopped being accurate. “Low engagement,” “anxiety-prone,” “poor executive function,” or “high cognitive difficulty” may begin as internal system inferences, but they can shape teacher expectations, intervention pathways, parent perceptions, and eventually the student’s own self-concept.

That is why the most important design question is not simply “How do we secure the database?” It is: “Should this information be in a database at all?”

The distinction between digital and analog records is therefore critical. Some information can reasonably be stored digitally, with strict limits: learning progress, pacing, and short-term engagement data needed for instruction. Other information should be session-only, meaning it may support immediate scaffolding but should not persist across time. And the highest-risk categories—emotional state, personality traits, anxiety or risk profiles—should not be digitally derived or stored. If such observations are needed, they belong with the teacher, in human judgment, and in analog form.

This is not nostalgia for paper or Luddite behavior. It is risk management.

A paper note in a teacher’s notebook is limited by design. It is not easily aggregated, queried, sold, copied into another system, merged with external data, or decrypted years later. It ages with context. It remains tied to professional judgment rather than automated classification. A digital record, by contrast, is durable, searchable, portable, and vulnerable to future uses no one can fully predict today.

The following table, extracted from Cognitive Security Architecture for Student Learning Data offers a practical boundary between acceptable digital learning data and sensitive student information that should remain analog.

*Proposed Inference Taxonomy for Student Learning Data* *Source and ©:* *Center for Curriculum Redesign*
Inference Category	Educational Purpose	Psychological Risk	Permissibility	Retention / Modality
Learning progress	Grade-level tracking, pacing	Minimal	Permitted	Digital, encrypted; enrollment + 5 yr
Session engagement	Adaptive content delivery	Low	Permitted	Digital, federated; 12-24 months rolling
Learning-style classification	Personalized pedagogy	Moderate (label crystallization risk)	Conditional	Digital, federated; 36 months, annual review
Cognitive-difficulty profiling	Scaffolding, intervention triggers	Moderate-High (diagnostic labeling)	Restricted	Session-only digital, analog-only beyond session unless clinical consent
Emotional-state inference	Engagement optimization	High (prohibited under EU AI Act Art. 5(1)(f))	Prohibited	Must not be derived; analog only by teacher if needed
Personality-trait classification	Executive Functions & Engagement Optimization	Very High (identity fixation)	Prohibited	Must not be derived; analog only
Anxiety / risk-profile inference	Executive Functions	Very High (psychological labeling)	Prohibited	Analog only by teacher; separate clinical framework if escalated

The practical implication is straightforward: education systems should separate learning data from psychological profiling. A tutoring system may need to know that a student has not mastered fractions. It does not need to infer that the student is anxious, impulsive, disengaged, or low in persistence. The first supports instruction. The second risks turning a temporary developmental moment into a durable identity label.

Digital systems should therefore be built around data necessity, short retention, and strict inference boundaries. They should collect only what is needed for learning, retain it only as long as necessary, and block categories of inference that are too personal to justify. For the most sensitive observations, the safest architecture is not stronger encryption. It is non-digitization.

The point is not to reject intelligent tutoring or personalized learning. The point is to keep personalization educational rather than psychological. Students deserve support without becoming permanently profiled. They deserve learning systems that adapt to what they need today without building dossiers about who they supposedly are forever.

All student data should be protected.

Some should expire.

And some should never become digital in the first place.

	Beginning	Piloting	Implementing
From Fixed Standards to Competency-Based Mastery	BeginningFrom Fixed Standards to Competency-Based Mastery Beginning	PilotingFrom Fixed Standards to Competency-Based Mastery Piloting	ImplementingFrom Fixed Standards to Competency-Based Mastery Implementing
From One-Size-Fits-All to Adaptive Learning	BeginningFrom One-Size-Fits-All to Adaptive Learning Beginning	PilotingFrom One-Size-Fits-All to Adaptive Learning Piloting	ImplementingFrom One-Size-Fits-All to Adaptive Learning Implementing
From Prescribed Knowledge to Innovation & Inquiry	BeginningFrom Prescribed Knowledge to Innovation & Inquiry Beginning	PilotingFrom Prescribed Knowledge to Innovation & Inquiry Piloting	ImplementingFrom Prescribed Knowledge to Innovation & Inquiry Implementing
From Subjects as Silos to Transdisciplinary, Real-World Learning	BeginningFrom Subjects as Silos to Transdisciplinary, Real-World Learning Beginning	PilotingFrom Subjects as Silos to Transdisciplinary, Real-World Learning Piloting	ImplementingFrom Subjects as Silos to Transdisciplinary, Real-World Learning Implementing
From Schools as Self-Contained to Schools as Embedded in Communities	BeginningFrom Schools as Self-Contained to Schools as Embedded in Communities Beginning	PilotingFrom Schools as Self-Contained to Schools as Embedded in Communities Piloting	ImplementingFrom Schools as Self-Contained to Schools as Embedded in Communities Implementing
From Standardized Testing to Meaningful Assessment	BeginningFrom Standardized Testing to Meaningful Assessment Beginning	PilotingFrom Standardized Testing to Meaningful Assessment Piloting	ImplementingFrom Standardized Testing to Meaningful Assessment Implementing
From Institutional Ownership of Student Data to Student-Controlled Learning Wallets	BeginningFrom Institutional Ownership of Student Data to Student-Controlled Learning Wallets Beginning	PilotingFrom Institutional Ownership of Student Data to Student-Controlled Learning Wallets Piloting	ImplementingFrom Institutional Ownership of Student Data to Student-Controlled Learning Wallets Implementing

Advocacy

Advisory

Topics

Recent Releases

Key Points

Discover the latest in learning innovations

Related Reading

0 Comments

Leave a Comment

Stay on the cutting edge!