{"id":475,"date":"2025-09-29T15:26:03","date_gmt":"2025-09-29T15:26:03","guid":{"rendered":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/?post_type=chapter&#038;p=475"},"modified":"2026-02-02T16:07:10","modified_gmt":"2026-02-02T16:07:10","slug":"6-2-tk","status":"publish","type":"chapter","link":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/chapter\/6-2-tk\/","title":{"raw":"6.2. AI, Data Privacy, and Your Rights (FERPA, HIPAA, GDPR &amp; TDPSA)","rendered":"6.2. AI, Data Privacy, and Your Rights (FERPA, HIPAA, GDPR &amp; TDPSA)"},"content":{"raw":"As we established in the introduction, your digital interactions are never neutral; they generate data that powers AI systems. Because this information is so sensitive, specific laws have been created to protect it. Learning these rights is the first step toward becoming an informed digital citizen who can navigate the opportunities and risks of AI with confidence.\r\n<h2>Foundational U.S. Privacy Laws: Protecting Specific Data<\/h2>\r\n<h3>FERPA: Your Rights in an Educational Context<\/h3>\r\nThe <strong>Family Educational Rights and Privacy Act (FERPA)<\/strong> is a U.S. federal law that protects the privacy of <strong>student education records<\/strong>. While FERPA does not extend to faculty or staff records, the principles it sets have shaped institutional practices for decades. In an AI-driven classroom, FERPA introduces new challenges:\r\n<ul>\r\n \t<li><strong>Faculty as Evaluators:<\/strong> If a professor uses a third-party AI tool to analyze student participation, the resulting analysis may itself count as an education record. Strong vendor contracts and compliance protocols are needed to protect student privacy.<\/li>\r\n \t<li><strong>Faculty as Learners:<\/strong> Faculty completing online, AI-powered training modules also generate data. While not legally covered under FERPA, this information is still sensitive and requires careful stewardship by the institution.<\/li>\r\n<\/ul>\r\n<h3>HIPAA: Protecting Health Information<\/h3>\r\nThe <strong>Health Insurance Portability and Accountability Act (HIPAA)<\/strong> safeguards Protected Health Information (PHI). This is vital not only in clinical settings but also in academic programs where patient data may be used. AI creates new risks: anonymized data used for research could be re-identified by machine learning. For example, if a student enters patient details into a public chatbot while brainstorming a care plan, even partial information could lead to a HIPAA violation if handled outside a secure, compliant system.\r\n<h2>Comprehensive Data Privacy Frameworks<\/h2>\r\n<h3>GDPR: The Global Standard for Data Rights<\/h3>\r\nThe <strong>General Data Protection Regulation (GDPR)<\/strong>, created by the European Union, is one of the strongest privacy laws in the world. It grants individuals rights such as the <strong>Right to Erasure<\/strong> (often called the \"Right to Be Forgotten\"). Yet AI complicates this right\u2014once personal data has been used to train a massive language model, how can it truly be removed? GDPR also requires a <strong>\"right to an explanation\"<\/strong> for automated decisions, pushing companies toward greater transparency in how AI systems operate.\r\n<h3>The Texas Data Privacy and Security Act (TDPSA)<\/h3>\r\nThe <strong>Texas Data Privacy and Security Act (TDPSA)<\/strong> follows in GDPR\u2019s footsteps, giving Texans the right to access, correct, and delete their personal data, and to opt out of its use for targeted advertising. For AI, this means companies must disclose how user data contributes to personalization, training, or automated decision-making\u2014empowering individuals to hold organizations accountable for ethical practices.\r\n<h3>Texas Responsible Artificial Intelligence Governance Act (2026) (H.B. 149)<\/h3>\r\n<p data-path-to-node=\"19,1\"><span data-path-to-node=\"19,1,1\"><span class=\"citation-33\">In January 2026, Texas joined the vanguard of AI regulation with the <\/span><b data-path-to-node=\"19,1,1\" data-index-in-node=\"69\"><span class=\"citation-33\"><a href=\"https:\/\/legiscan.com\/TX\/text\/HB149\/id\/3180120\">Texas Responsible Artificial Intelligence Governance Act (H.B. 149<\/a>)<\/span><\/b><\/span><span data-path-to-node=\"19,1,3\">. <\/span><span data-path-to-node=\"19,1,5\"><span class=\"citation-32\">This Act establishes comprehensive standards for AI transparency and accountability, specifically targeting the ethical use of machine learning in both the public and private sectors<\/span><\/span><span data-path-to-node=\"19,1,7\">.<\/span><\/p>\r\n<p data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,0\"><b data-path-to-node=\"19,2,0\" data-index-in-node=\"0\">Key Protections:<\/b><\/span><\/p>\r\n\r\n<ul>\r\n \t<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,2\"><b data-path-to-node=\"19,2,2\" data-index-in-node=\"2\"><span class=\"citation-31\">Right to Disclosure:<\/span><\/b><span class=\"citation-31\"> Government agencies utilizing AI to interact with the public must provide clear, \"plain language\" notice of AI involvement<\/span><\/span><span data-path-to-node=\"19,2,4\">.<\/span><\/li>\r\n \t<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,6\"><b data-path-to-node=\"19,2,6\" data-index-in-node=\"2\"><span class=\"citation-30\">Algorithmic Accountability:<\/span><\/b><span class=\"citation-30\"> Individuals have the right to appeal AI-generated decisions that impact their health or fundamental rights and are entitled to an explanation of the AI's role in the decision-making process<\/span><\/span><span data-path-to-node=\"19,2,8\">.<\/span><\/li>\r\n \t<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,10\"><b data-path-to-node=\"19,2,10\" data-index-in-node=\"2\"><span class=\"citation-29\">Anti-Discrimination Guardrails:<\/span><\/b><span class=\"citation-29\"> The Act prohibits the intentional use of AI for political viewpoint discrimination or unlawful bias against protected classes<\/span><\/span><span data-path-to-node=\"19,2,12\">.<\/span><\/li>\r\n \t<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,14\"><b data-path-to-node=\"19,2,14\" data-index-in-node=\"2\"><span class=\"citation-28\">Biometric &amp; Privacy Limits:<\/span><\/b><span class=\"citation-28\"> It restricts state-level government entities from using AI to harvest biometric identifiers from public sources to uniquely identify individuals in ways that might infringe upon constitutional rights<\/span><\/span><span data-path-to-node=\"19,2,16\">.<\/span><\/li>\r\n<\/ul>\r\n<p data-path-to-node=\"19,3\"><span data-path-to-node=\"19,3,0\">While H.B. <\/span><span data-path-to-node=\"19,3,2\"><span class=\"citation-27\">149 focuses on consumer and individual rights, it complements existing data privacy laws like the <\/span><b data-path-to-node=\"19,3,2\" data-index-in-node=\"98\"><span class=\"citation-27\">Texas Data Privacy and Security Act (TDPSA)<\/span><\/b><span class=\"citation-27\"> by ensuring that AI \"processors\" adhere to strict security and notification standards when handling personal data<\/span><\/span><span data-path-to-node=\"19,3,4\">.<\/span><\/p>\r\n\r\n<h3>Why These Laws Matter in the Age of AI<\/h3>\r\nTogether, FERPA, HIPAA, GDPR, and TDPSA serve as a patchwork of protections that set boundaries for data collection and use. Think of them as \u201cguardrails\u201d along the highway of AI innovation: they do not dictate exactly where technology goes, but they prevent the most dangerous misuses. Still, gaps remain\u2014particularly in areas where AI tools operate outside traditional educational or healthcare systems. For students, educators, and professionals, knowing these frameworks is key to making informed choices about data sharing and advocating for stronger protections.\r\n<h2>AI, Data Privacy, and Your Rights - True or False<\/h2>\r\n[h5p id=\"22\"]\r\n<h2>\ud83d\udcda Weekly Reflection Journal<\/h2>\r\n<div style=\"border: 2px solid #2e7d32;background-color: #f9fff9;border-radius: 6px;padding: 12px;margin: 1em 0\">\r\n\r\n<strong>Reflection Prompt: <\/strong>Which of these laws\u2014FERPA, HIPAA, GDPR, or TDPSA\u2014do you feel most directly impacts your daily life? Why? Can you imagine a situation where AI might blur or challenge the protections that law is designed to provide?\r\n\r\n<\/div>\r\n<h2>Looking Ahead<\/h2>\r\nIn the next chapter, we will turn from <strong>legal frameworks<\/strong> to the <strong>real-world uses of AI in education<\/strong>, such as learning analytics and remote proctoring. These examples will show how the laws you\u2019ve just learned about intersect with everyday academic technologies\u2014and why balancing innovation with privacy is so challenging.","rendered":"<p>As we established in the introduction, your digital interactions are never neutral; they generate data that powers AI systems. Because this information is so sensitive, specific laws have been created to protect it. Learning these rights is the first step toward becoming an informed digital citizen who can navigate the opportunities and risks of AI with confidence.<\/p>\n<h2>Foundational U.S. Privacy Laws: Protecting Specific Data<\/h2>\n<h3>FERPA: Your Rights in an Educational Context<\/h3>\n<p>The <strong>Family Educational Rights and Privacy Act (FERPA)<\/strong> is a U.S. federal law that protects the privacy of <strong>student education records<\/strong>. While FERPA does not extend to faculty or staff records, the principles it sets have shaped institutional practices for decades. In an AI-driven classroom, FERPA introduces new challenges:<\/p>\n<ul>\n<li><strong>Faculty as Evaluators:<\/strong> If a professor uses a third-party AI tool to analyze student participation, the resulting analysis may itself count as an education record. Strong vendor contracts and compliance protocols are needed to protect student privacy.<\/li>\n<li><strong>Faculty as Learners:<\/strong> Faculty completing online, AI-powered training modules also generate data. While not legally covered under FERPA, this information is still sensitive and requires careful stewardship by the institution.<\/li>\n<\/ul>\n<h3>HIPAA: Protecting Health Information<\/h3>\n<p>The <strong>Health Insurance Portability and Accountability Act (HIPAA)<\/strong> safeguards Protected Health Information (PHI). This is vital not only in clinical settings but also in academic programs where patient data may be used. AI creates new risks: anonymized data used for research could be re-identified by machine learning. For example, if a student enters patient details into a public chatbot while brainstorming a care plan, even partial information could lead to a HIPAA violation if handled outside a secure, compliant system.<\/p>\n<h2>Comprehensive Data Privacy Frameworks<\/h2>\n<h3>GDPR: The Global Standard for Data Rights<\/h3>\n<p>The <strong>General Data Protection Regulation (GDPR)<\/strong>, created by the European Union, is one of the strongest privacy laws in the world. It grants individuals rights such as the <strong>Right to Erasure<\/strong> (often called the &#8220;Right to Be Forgotten&#8221;). Yet AI complicates this right\u2014once personal data has been used to train a massive language model, how can it truly be removed? GDPR also requires a <strong>&#8220;right to an explanation&#8221;<\/strong> for automated decisions, pushing companies toward greater transparency in how AI systems operate.<\/p>\n<h3>The Texas Data Privacy and Security Act (TDPSA)<\/h3>\n<p>The <strong>Texas Data Privacy and Security Act (TDPSA)<\/strong> follows in GDPR\u2019s footsteps, giving Texans the right to access, correct, and delete their personal data, and to opt out of its use for targeted advertising. For AI, this means companies must disclose how user data contributes to personalization, training, or automated decision-making\u2014empowering individuals to hold organizations accountable for ethical practices.<\/p>\n<h3>Texas Responsible Artificial Intelligence Governance Act (2026) (H.B. 149)<\/h3>\n<p data-path-to-node=\"19,1\"><span data-path-to-node=\"19,1,1\"><span class=\"citation-33\">In January 2026, Texas joined the vanguard of AI regulation with the <\/span><b data-path-to-node=\"19,1,1\" data-index-in-node=\"69\"><span class=\"citation-33\"><a href=\"https:\/\/legiscan.com\/TX\/text\/HB149\/id\/3180120\">Texas Responsible Artificial Intelligence Governance Act (H.B. 149<\/a>)<\/span><\/b><\/span><span data-path-to-node=\"19,1,3\">. <\/span><span data-path-to-node=\"19,1,5\"><span class=\"citation-32\">This Act establishes comprehensive standards for AI transparency and accountability, specifically targeting the ethical use of machine learning in both the public and private sectors<\/span><\/span><span data-path-to-node=\"19,1,7\">.<\/span><\/p>\n<p data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,0\"><b data-path-to-node=\"19,2,0\" data-index-in-node=\"0\">Key Protections:<\/b><\/span><\/p>\n<ul>\n<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,2\"><b data-path-to-node=\"19,2,2\" data-index-in-node=\"2\"><span class=\"citation-31\">Right to Disclosure:<\/span><\/b><span class=\"citation-31\"> Government agencies utilizing AI to interact with the public must provide clear, &#8220;plain language&#8221; notice of AI involvement<\/span><\/span><span data-path-to-node=\"19,2,4\">.<\/span><\/li>\n<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,6\"><b data-path-to-node=\"19,2,6\" data-index-in-node=\"2\"><span class=\"citation-30\">Algorithmic Accountability:<\/span><\/b><span class=\"citation-30\"> Individuals have the right to appeal AI-generated decisions that impact their health or fundamental rights and are entitled to an explanation of the AI&#8217;s role in the decision-making process<\/span><\/span><span data-path-to-node=\"19,2,8\">.<\/span><\/li>\n<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,10\"><b data-path-to-node=\"19,2,10\" data-index-in-node=\"2\"><span class=\"citation-29\">Anti-Discrimination Guardrails:<\/span><\/b><span class=\"citation-29\"> The Act prohibits the intentional use of AI for political viewpoint discrimination or unlawful bias against protected classes<\/span><\/span><span data-path-to-node=\"19,2,12\">.<\/span><\/li>\n<li data-path-to-node=\"19,2\"><span data-path-to-node=\"19,2,14\"><b data-path-to-node=\"19,2,14\" data-index-in-node=\"2\"><span class=\"citation-28\">Biometric &amp; Privacy Limits:<\/span><\/b><span class=\"citation-28\"> It restricts state-level government entities from using AI to harvest biometric identifiers from public sources to uniquely identify individuals in ways that might infringe upon constitutional rights<\/span><\/span><span data-path-to-node=\"19,2,16\">.<\/span><\/li>\n<\/ul>\n<p data-path-to-node=\"19,3\"><span data-path-to-node=\"19,3,0\">While H.B. <\/span><span data-path-to-node=\"19,3,2\"><span class=\"citation-27\">149 focuses on consumer and individual rights, it complements existing data privacy laws like the <\/span><b data-path-to-node=\"19,3,2\" data-index-in-node=\"98\"><span class=\"citation-27\">Texas Data Privacy and Security Act (TDPSA)<\/span><\/b><span class=\"citation-27\"> by ensuring that AI &#8220;processors&#8221; adhere to strict security and notification standards when handling personal data<\/span><\/span><span data-path-to-node=\"19,3,4\">.<\/span><\/p>\n<h3>Why These Laws Matter in the Age of AI<\/h3>\n<p>Together, FERPA, HIPAA, GDPR, and TDPSA serve as a patchwork of protections that set boundaries for data collection and use. Think of them as \u201cguardrails\u201d along the highway of AI innovation: they do not dictate exactly where technology goes, but they prevent the most dangerous misuses. Still, gaps remain\u2014particularly in areas where AI tools operate outside traditional educational or healthcare systems. For students, educators, and professionals, knowing these frameworks is key to making informed choices about data sharing and advocating for stronger protections.<\/p>\n<h2>AI, Data Privacy, and Your Rights &#8211; True or False<\/h2>\n<div id=\"h5p-22\">\n<div class=\"h5p-iframe-wrapper\"><iframe id=\"h5p-iframe-22\" class=\"h5p-iframe\" data-content-id=\"22\" style=\"height:1px\" src=\"about:blank\" frameBorder=\"0\" scrolling=\"no\" title=\"6.2. AI, Data Privacy, and Your Rights \u2014 True\/False\"><\/iframe><\/div>\n<\/div>\n<h2>\ud83d\udcda Weekly Reflection Journal<\/h2>\n<div style=\"border: 2px solid #2e7d32;background-color: #f9fff9;border-radius: 6px;padding: 12px;margin: 1em 0\">\n<p><strong>Reflection Prompt: <\/strong>Which of these laws\u2014FERPA, HIPAA, GDPR, or TDPSA\u2014do you feel most directly impacts your daily life? Why? Can you imagine a situation where AI might blur or challenge the protections that law is designed to provide?<\/p>\n<\/div>\n<h2>Looking Ahead<\/h2>\n<p>In the next chapter, we will turn from <strong>legal frameworks<\/strong> to the <strong>real-world uses of AI in education<\/strong>, such as learning analytics and remote proctoring. These examples will show how the laws you\u2019ve just learned about intersect with everyday academic technologies\u2014and why balancing innovation with privacy is so challenging.<\/p>\n","protected":false},"author":6,"menu_order":2,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":["david-gardner"],"pb_section_license":"","_links_to":"","_links_to_target":""},"chapter-type":[],"contributor":[67],"license":[],"class_list":["post-475","chapter","type-chapter","status-publish","hentry","contributor-david-gardner"],"part":38,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapters\/475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/wp\/v2\/users\/6"}],"version-history":[{"count":8,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapters\/475\/revisions"}],"predecessor-version":[{"id":829,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapters\/475\/revisions\/829"}],"part":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/parts\/38"}],"metadata":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapters\/475\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/wp\/v2\/media?parent=475"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/pressbooks\/v2\/chapter-type?post=475"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/wp\/v2\/contributor?post=475"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/books.nbsplabs.com\/ai-lit-intro\/wp-json\/wp\/v2\/license?post=475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}