Earlier this month, students got word of a shocking breach of privacy. Interim University President Mark Wrighton announced in an email that GW tracked students’ movements and whereabouts without their knowledge or consent.

It is self-evident that this is an outrageous violation of student privacy – in both a moral sense and based on GW’s own stated data collection guidelines. While Wrighton did the right thing by revealing this program’s existence, students are owed even more of an explanation as to how this could have even happened in the first place. Further, the University needs to put in place ironclad guardrails against any future clandestine surveillance of students.

Looking beyond the headline, this story gets more and more bizarre. According to Wrighton, personal details like students’ names were stripped from the data, which was then aggregated. But pieces of personal information – like gender, which residence hall a student lived in or whether they were involved with Greek Life – remained attached to each data point, faculty said at a faculty senate meeting last Friday. Degree Analytics, the firm that performed the analysis, has even touted how it offers colleges the ability to track individual students’ movements around campus.

Although GW seemingly did not analyze individualized data, they had the capacity to do so, and students are entitled more answers about the decision-making process behind this pilot project.

When it comes to who exactly oversaw this effort, there are even more unknowns. Pandemic-era budgetary woes resulted in Chief Financial Officer Mark Diaz having more oversight over GW’s technology offices – but neither Diaz nor University spokesperson Crystal Nosal would comment on who signed off on the project.

While Wrighton noted that the project had been intended to gather data that would be helpful to the Division of Safety and Facilities, that was the extent of the details provided about motive. It would have perhaps been reasonable for the University to want to track occupancy of buildings on campus in the process of reopening a pandemic-era campus, but even that seems unlikely – Wrighton said the University weighed a similar program in 2019, before COVID-19 hit.

Wrighton, for his part, seemed to gently, and rightly, throw his predecessor under the bus, noting in his email that the program had started and finished before he took over from former University President Thomas LeBlanc. Wrighton’s hands do seem to be clean on this matter – he apologized for the breach of privacy and pledged to establish a committee to ensure that this did not happen again. Now, all eyes are on him to impanel this committee and make sure his words are matched with deeds.

The most crucial lesson that the University should have learned from this incident is that communication and transparency are of utmost importance. Nowadays, every one of us is being tracked. The proof is in the pudding through technology like Spotify Wrapped, Apple Keychain and even TikTok. But what the University needs to do is be upfront about which data it is tracking and why they need to track it. If they do this, then students would be aware of how they are being tracked and raise specific issues regarding the data if they please.

In his response to the incident, Wrighton said officials will not conduct a “similar project” in the future without establishing a committee made of students, faculty and staff to develop a set of policies, as well as a “University position” on the use of the GW community’s data. It is a good sign that Wrighton plans on including students and faculty along with administrators because it rids any notion that administrators are attempting to hide their activities from the GW community.

But there are still unknowns regarding Wrighton’s plan to deal with this issue. The policy needs to take students’ right to privacy seriously and enact solutions that students can see every day and be aware of.

Presumably, students’ data will still be collected. But the committee should find ways to collect the minimum amount of data necessary to optimize the quality of campus life. Prior to the digital age, institutions relied on interactions with students to get their feedback on campus facilities and ways to improve their lives at college. The University should continue taking students’ and faculty members’ temperature on data collection.

If the University has to collect certain data to keep track of how many students on average occupy a certain facility or what the peak times that students are using GWireless is, then they should do so by first getting students’ consent. By adding a pop-up every time students log on to GWireless, or asking students to fill out a consent form about data privacy prior to their first year at GW, the University can collect certain data while keeping students informed.

Everyone’s on board with the fact that the University should not track students without their knowledge or agreement. But that this project was sketchy is about the only thing everyone’s on the same page about – the GW community needs more details about how this happened and who allowed it.

The editorial board consists of Hatchet staff members and operates separately from the newsroom. This week’s staff editorial was written by opinions editor Andrew Sugrue and contributing opinions editor Shreeya Aranake based on discussions with culture editor Anna Boone, contributing sports editor Nuria Diaz, design editor Grace Miller and copy editor Jaden DiMauro.