The Third-Party Access Effect: An Overlooked Challenge in Secondary Use of Educational Real-World Data

TL;DR

This paper examines the overlooked challenges of third-party access to educational real-world data, highlighting privacy risks, stakeholder behavior, and impacts on data validity in secondary research.

Contribution

It introduces the concept of the third-party access effect (3PAE), analyzing how privacy communication influences stakeholder behavior and data quality in educational data sharing.

Findings

Re-identification risk in RWD can be substantial.

Communicating risks influences stakeholder privacy behavior.

Behavioral changes can significantly alter shared data and research validity.

Abstract

Secondary use of growing real-world data (RWD) in education offers significant opportunities for research, yet privacy practices intended to enable third-party access to such RWD are rarely evaluated for their implications for downstream analyses. As a result, potential problems introduced by otherwise standard privacy practices may remain unnoticed. To address this gap, we investigate potential issues arising from common practices by assessing (1) the re-identification risk of fine-grained RWD, (2) how communicating such risks influences learners' privacy behaviour, and (3) the sensitivity of downstream analytical conclusions to resulting changes in the data. We focus on these practices because re-identification risk and stakeholder communication can jointly influence the data shared with third parties. We find that substantial re-identification risk in RWD, when communicated to stakeholders, can induce opt-outs and non-self-disclosure behaviours. Sensitivity analysis demonstrates that these behavioural changes can meaningfully alter the shared data, limiting validity of secondary-use findings. We conceptualise this phenomenon as the third-party access effect (3PAE) and discuss implications for trustworthy secondary use of educational RWD.