Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethics privacy washington


Published on

  • Be the first to comment

Ethics privacy washington

  1. 1. Hendrik  Drachsler,  @hdrachsler   Welten  Ins4tute  Research  Centre,  Open  University  of  the  Netherlands     Presenta4on  given  at:  NSF  expert  mee4ng  on  ‘Big  Data  and  Privacy  in   Human  Subjects  Research’  (#BDEDU)  11  November  2014   Response  to  talks  at  Big  Data  and  Privacy   in  Human  Subject  Research  (1st  day)      
  2. 2. 3   • Hendrik  Drachsler,   Open  University     of  the  Netherlands   • Research  topics:   Personaliza4on,     Recommender  Systems,     Learning  Analy4cs,     Mobile  devices   • Applica4on  domains:     Science  2.0   Health  2.0   WhoAmI  
  3. 3. 3   Research  communi4es  
  4. 4. Who  are  the  good  guys?     4  
  5. 5. They  brought  together  some  Super  Hero’s   5   Who  of  you  considers  him-­‐  herself  to  be  a  Super  Hero?     •  You  are  passionate  about   what  you  are  doing.   •  You  shape  the  future  of   society.   •  You  touch  ethical  ques4ons   with  your  super  power.       •  You  want  to  follow  societal   norms  and  advance  those.    With  Big  Power  comes  great  responsibili5es.    
  6. 6. Big  Power  -­‐>  Big  Data  =  Repurposing  data   6   Jawbone  data  repurposed  to  measure  earthquake  strength  
  7. 7. 7   Big  Data  is  the  new  truth    (the  ulHmate  truth?)  
  8. 8. 8   Big  Data  is  the  new  truth    (the  ulHmate  truth?)   Inaccurate  Google  Flue  trend  measures  compared  to  CDC    
  9. 9. Big  Data  has  the  potenHal  to  change  EducaHon   9   •  First  4me  monitoring   learning  while  it  happens   •  Personalize  Educa4on   •  Iden4fy  students  at  Risk     •  Learning  Measures  on   demand   •  More  …      
  10. 10. Some  QuesHons,  Super  Hero’s   10   Some  Demographics:  Who  of  you  are  data  scien4sts,   legal  or  educa4onal  experts?       Who  of  you  read  TOC  of  your  online  services?       Who  of  you  cares  about  his/her  privacy?     Who  sees  Privacy  and  Legal  regula4ons  as  a  burden  we   need  to  overcome?    
  11. 11. Learning  AnalyHcs  Research  Issues   11   Learning  Analy4cs  research   always  raises  the  P-­‐Word  in  EU   (University  of  Amsterdam,  2014)     This  stops  innova4on  and   advancing  research     (dataTEL  2010)    
  12. 12. 12   •  Privacy  changes  overHme       •  Privacy  is  bind  to  context   •  Privacy  is  bind  to  culture       Slide  supported  byTore  Hoel,  @Tore    
  13. 13. What  if  I  would  know  …     •  How  many  days  you  have  NOT  been  at  school  without  any  excuse.   •  All  read  and  wrihen  pages,  and  what  your  annota4ons  have  been.   •  The  people  you  hangout  with  in  your  youth.   •  If  you  cheated  in  a  test  and  how  many  ahempts  you  needed  for   your  math  class.       •  What  if  I  use  all  those  informaHon  and  predict  your  chances  to  be   good  or  bad  in  a  certain  job  aSer  school?     •  How  representaHve  and  reliable  is  this  data  I’m  capturing  to   predict  those  chances?       •  And  what  if  all  this  informaHon  will  be  last  forever!   13  
  14. 14. Approaches  to  prevent  another  inBloom  …   •  Transparency  (Purpose  of  analysis,  Raw  data  access,  opt-­‐out)   •  Data  Security     •  Contextual  Integrity  (Smart  Informed  Consents)   •  Anonymisa4on  &  Data  degrada4on     14  
  15. 15. Hendrik  Drachsler,  @hdrachsler   Welten  InsHtute  Research  Centre,  Open  University  of  the  Netherlands     Presenta4on  given  at:  NSF  expert  mee4ng  on  ‘Big  Data  and  Privacy  in   Human  Subjects  Research’  (#BDEDU)  11  November  2014   Ethics  &  Privacy  Issue  in  the  ApplicaHon     of  Learning  AnalyHcs  (#EP4LA)    
  16. 16. Who  we  are   16  FP7  LACE  –  Hendrik  Drachsler,  @Hdrachsler,  28  October  2014   LACE  Network   LACE  ConsorHum  
  17. 17. Building  bridges  between  research,   policy  and  prac4ce  to  realise  the   poten4al  of  learning  analy4cs  in  EU   17  FP7  LACE  –  Hendrik  Drachsler,  @Hdrachsler,  28  October  2014  
  18. 18. Data  Geology   18   PAST,  single,  centered    IT  solu4ons  with  single   purpose   (loosely  couple  data)     FP7  LACE  –  Hendrik  Drachsler,  @Hdrachsler,  28  October  2014   PRESENT,  mul4ple   ubiquitous    IT  systems   mul4ple  func4onali4es   (highly  connected  but   unstructured  data)       FUTURE,  learner   ac4vity  tracking  of   ubiquitous  systems         (structured  learner   data)   •  Are  our  instruments  measuring   what  we  expect  them  to   measure?     •  Can  we  isolate  the  noise  in  the   data?   •  Are  the  measures  accurate?  
  19. 19.   19  
  20. 20. •  $100  million  investment     •  Aim:  Personalized     learning  in  public  schools,  through  data  &  technology  standards     •  9  US  states  par4cipated   •  In  2013  the  database  held  informa4on  on  millions  of  children   Privacy  as  Showstopper  –  The  inBloom  case   20  
  21. 21. Privacy •  What is privacy? –  Right to be let alone (Warren and Brandeis) –  Informational self-determination (Westin) –  Degree of access (Gavison) –  … Right to be forgotten … •  Three dimensions (Roessler) –  Informational privacy –  Decisional privacy –  Local privacy •  What it is not –  Anonymity, secrecy, data protection
  22. 22. inBloom  example(s)  in  the  Netherlands   22  
  23. 23. inBloom  example(s)  in  the  Netherlands   23   hhp:// kamer-­‐wil-­‐uitleg-­‐dekker-­‐privacy-­‐ scholieren.html  
  24. 24. What  are  the  dangers  of  learning  analyHcs?   –  Missing  legal  obliga4ons:   •  Data  protec4on   •  IRB   •  Educa4on  laws   –  Inflic4ng  harm:   •  Unfair  discrimina4on   •  Unjus4fied  discrimina4on  (through  errors)   •  Subjec4ve  privacy  harm  (panop4c  effect)   •  Unintended  pressure  to  perform  /  wrong  incen4ves?   •  Anonymisa4on  is  not  possible   –  Viola4ng  human  dignity   –  Unintended  changes  of  educa4on  norms?   24  
  25. 25. ModernizaHon  of  EU  UniversiHes  report   RecommendaHon  14   Member  States  should  ensure  that  legal  frameworks  allow  higher   educa4on  ins4tu4ons  to  collect  and  analyse  learning  data.  The  full   and  informed  consent  of  students  must  be  a  requirement  and  the   data  should  only  be  used  for  educa4onal  purposes.     RecommendaHon  15   Online  plaqorms  should  inform  users  about  their  privacy  and  data   protec4on  policy  in  a  clear  and  understandable  way.  Individuals   should  always  have  the  choice  to  anonymise  their  data.     hdp:// library/reports/modernisaHon-­‐ universiHes_en.pdf    
  26. 26. #EP4LA  on  the  European  Agenda   •  Round  table  meeHng  ‘Ethiek  en  Learning  AnalyHcs’  (Jan  2014)   hhps://­‐1499-­‐ b315e61001041bf52a6b1c5d80053cea.pdf     •  Learning  AnalyHcs  Summer  InsHtute  (July  2014)   hhp://   •  Call  for  a  ‘Code  of  Ethics  for  LA’  in  NL  (August  2014)   hhps://­‐towards-­‐a-­‐uniform-­‐code-­‐of-­‐ethics-­‐and-­‐ prac4ces-­‐for-­‐learning-­‐analy4cs/   •  Call  for  a  ‘Code  of  Ethics  for  LA’  in  the  UK  (September  2014)   hhp://­‐of-­‐prac4ce-­‐essen4al-­‐ for-­‐learning-­‐analy4cs/   26  
  27. 27. 27   1.  Privacy   2.  Ethics   3.  Data   4.  Transparency   hdp://  
  28. 28. The  rise  of  the  #EP4LA  project   28   •  1st  EP4LA  @  Utrecht,  NL,  28  October  2014     •  2nd  EP4LA  @  Educa4on  Days,  NL,  11  November  2014     •  3rd  EP4LA  @  BDEDU,  Washington,  US,  11  November  2014   •  4th  EP4LA  @  Apereo  Founda4on,  FR,  February  2015   •  5th  EP4LA  @  JISC,  February,  UK,  2015   •  6th  EP4LA  @  LAK15,  NY,  USA,  March  2015  
  29. 29. The  Booksprint  Method   29  
  30. 30. What  #EP4LA  is  aiming  for   30  
  31. 31. Example  Submissions  from  ParHcipants   •  Who  is  in  charge  (who  is  the  owners)  of  the  data  created  by   persons?     •  What  is  the  impact  of  privacy  concerns  for  the  management?   How  to  deal  with  these  concerns?     •  Should  students  be  allowed  to  opt-­‐out  of  having  their   personal  digital  footprints  harvested  and  analysed?   •  How  to  prevent  reuse  of  collected  data  for  non-­‐educa4onal   needs.  (e.g.  finance,  insurance,  research),  or  is  it  no   problem?   Full  list:  hdp://  
  32. 32. We  are  pracHcal  people  –  our  approach   32   •  Invite  5  legal  experts,  rest  Learning  Analy4cs  experts   •  Task  groups  to  answer  requests  of  the  stakeholders  
  33. 33. Boundaries  of  Learning  AnalyHcs  data   Where  is  the  boundary  on  data  use  for  learning  analy3cs  (courses,   grades,  LMS,  GoogleDrive,  library  system,  residence  halls,  dining   halls,  …)?   – Contextual  Integrity:  context    and  norms  of  learning   environment   – It  depends  on   •  Awareness  of  students  about  processes   •  Possible  consequences  for  students   •  Safeguards  that  are  in  place   33  
  34. 34. Outsourcing   What  are  the  concerns  when  outsourcing  the  collec3on  and   analysis  of  data?  Who  owns  the  data?   –  Concerns:   •  Undue  third  country  data  transfers   •  Less  control  about  processing   •  Less  transparency  for  the  data  subject   –  Ownership:   •  No  complete  ownership  for  any  party   •  Relevant:  data  protec4on  and  intellectual  property  rights   •  See  discussion  concerning    `data  portability’  in  DP   regula4on  (NDA  agreement  required)   34  
  35. 35. Undesirable  data  collecHon   Are  there  any  circumstances  when  collecHng  data  about   students  is  unacceptable/undesirable?   – Yes,  there  are:   •  Data  which  is  not  of  any  purpose   •  Data  outside  of  the  learning  context   •  Data  of  which  the  student  is  not  aware   •  Data  which  poses  a  risk  to  the  student   •  Data  which  is  not  well  protected   35  
  36. 36. Data  access  by  students   What  data  should  students  be  able  to  view,  i.e.  what  and  how   much  informaHon  should  be  provided  to  the  student?   –  Data  Protec4on  Direc4ve  (ar4cle  12):   •  Everything  concerning  them  (at  least  upon  request)   –  Human  subjects  research:   •  Everything  concerning  study  (at  least  ater  experiment)   •  Avoidance  of  decep4on   –  But   •  Possible  conflict  of  full  data  access  with  goals  of  LA?   •  How  to  provide  meaningful  access  while  excluding  other   students  data?   36  
  37. 37. 9  Themes  around  privacy  (1/3)   1.  LegiHmate  grounds   -­‐  Why  are  you  allowed  to  have  the  data?     2.  Purpose  of  the  data     -­‐  Repurposing  is  an  issue  vs.  MIT  Social   Machine  lab     3.  Inventory  of  data   -­‐  What  data  do  you  have?     -­‐  What  can  you  do  with  that  data  already?  
  38. 38. 9  Themes  around  privacy  (2/3)   4.  Data  quality   -­‐  How  good  is  the  data?  (eg.  Bb  log  file  is  weak   predictor)   -­‐  When  do  you  I  delete  data  and  what  data?       5.  Transparency   -­‐  Informing  students  (Purpose,  Approach)   -­‐  Checklist  what  to  communicate  for  researchers     6.  The  rights  of  the  data  subject  to  access  their  data   from  the  data  client   -­‐  For  teachers  who  are  employees  other  rights  apply      
  39. 39. 9  Themes  around  privacy  (3/3)     7.  Outsource  processing  to   external  parHes   -­‐  Prevent  external  par4es  to  not   do  addi4onal  analysis  (NDA   agreement)     8.  Transport  data,  legal  locaHon   -­‐  e.g.  Safe  Harbour  agreement     9.  Data  Security   -­‐>  Shuangbao  Wang      
  40. 40. SoluHons  Privacy  by  Design   The  7  FoundaHonal  Principles   1.  Proac4ve  not  Reac4ve;   2.  Privacy  as  the  Default  Sevng   3.  Privacy    Embedded  into  Design   4.  Full  Func4onality   5.  End-­‐to-­‐End  Security   6.  Visibility  and  Transparency   7.  Respect  for  User   hhp://   OWD  2014  –  Ethics  &  Privacy  in  the  ApplicaHon  of  Laerning  AnalyHcs  
  41. 41. The  Booksprint  Rules   41   •  All  voices  are  valid     •  Take  ownership  of   the  book  (now  and   later)   •  Session  to  be  strongly   facilitated     5  main  elements:   1.  Concept  Mapping   2.  Structuring   3.  Wri4ng   4.  Composi4on   5.  Publica4on  
  42. 42. 42   Twider  Archive  for  Event   A  Twubs  archive  for  this  event  is   available  at   Can  help  in  report-­‐wri4ng  and  iden4fying   those  with  similar  interests  
  43. 43. De-­‐anonymizaHon  of  user  data   43  
  44. 44. 44  
  45. 45. Using  Lanyrd   The  Lanyrd  social   directory  of  events   provides  access  to   informa4on  about:   •  Events   •  Speaker   •  Par4cipants   The  entry  for  this   event  may  include   access  to:   •  Slides   •  Twiher  archives   •  Reports   Feel  free  to  add  your   details     45   hhp://  
  46. 46. PracHcal  consideraHons   •  Data  protec4on   •  Anonymisa4on   •  Human-­‐subjects  research   •  (Contextual  Integrity)   46  
  47. 47. Data  protecHon   •  EU  Data  Protec4on  Direc4ve     •  Common  misconcep4ons   –  Scope  of  ‘personal  data’   –  Relevance  of  consent   –  Anonymisa4on   •  Legal  ground:  consent  or  legi4mate  interest?   •  How  to  fulfil  purpose  limita4on?   •  Applicability  of  sta4s4cs  exemp4on?   •  Automated  decisions?   47  
  48. 48. AnonymisaHon   •  Oten  considered  as  an  ‘easy  way  out’  of  DP  obliga4ons   •  But   –  Other  legal  obliga4ons?   –  Right  to  collect  data  in  the  first  place?   –  Ethical  considera4ons?   –  Uniden4fiability  achievable  for  dataset?   •  Useful  guidance:  Opinion  05/2014  of  Art.  29  WP   hhp://­‐protec4on/ar4cle-­‐29/documenta4on/ opinion-­‐recommenda4on/files/2014/wp216_en.pdf   48  
  49. 49. Human-­‐subjects  research   •  Ethics  approval  required?   –  In  NL:  differs  per  university   •  Likely  problema4c  points:   –  Consent   –  Decep4on   –  Iden4fiable  data   –  Subordinate  posi4on  of  students   49  
  50. 50. Transparency •  Transparency about –  Data collection –  Profiling activities –  Use of results within institutional process •  Data Protection directive •  Human-subjects research •  Failure of notice and consent •  Legal texts vs. layered notices vs. icons vs. data cockpits
  51. 51. Value Sensitive Design (Batya Friedman) •  Goal:  address  human  values  in  a  technical  design     Source: presentation by Jeroen van den Hoven
  52. 52. Reference  that  are  relevant   52  
  53. 53. Formal frameworks •  Contextual  Integrity   •  Value  Sensi4ve  Design    
  54. 54. Contextual  Integrity  (Helen  Nissenbaum)   •  Benchmark  for  privacy  in  informa4on  systems   –  Recogni4on  of  social  contexts   –  Related  to  ‘reasonable  expecta4on’  condi4on   •  Contextual  integrity  ≈  fulfilling  informa4onal  norms   •  Contexts:  roles,  ac4vi4es,  norms,  values   •  Actors:  senders,  receivers,  subjects   •  Ahributes:  data  fields   •  Transmission  principles:  confiden4ality,  etc.   54  
  55. 55. Data Protection aka Directive 95/46/EC •  Privacy as control / informational self-determiniation •  Not necessarily restricting data collection, but channelling it •  In the European Union –  Directive 95/46/EC •  Elsewhere –  OECD Principles (1980) –  Fair Information Practices (US, not mandatory) •  Upcoming: general data protection regulation
  56. 56. 95/46/EC – general obligations (article 6 (1)) a)  Fairly  and  lawfully   b)  Purpose  limita4on  (see  also  Opinion  03/2013  of  Art  29  WP)   •  Specified,  explicit  and  legi4mate   •  Compa4ble  use  (no  secondary  use)   •  Excep4ons  for  sta4s4cs  and  science   c)  Adequate,  relevant  and  not  excessive   d)  Accurate  and  up  to  date   e)  Iden4fica4on  no  longer  than  necessary   •  Important:  these  provisions  also  hold  if  consent  of  data  subject  has   been  collected!  
  57. 57. 95/46/EC – legal grounds (article 7) a)  Consent b)  Performance of a contract c)  Legal obligations d)  Vital interests of the data subject e)  Public interest f)  Legitimate interests •  Legitimate interest should be used more often •  ‘how to’: see Opinion 04/2014 of Art 29 WP –  Balancing test: nature of the interest, impact on data subject, additional safeguards
  58. 58. 95/46/EC - further considerations •  Special categories of data require extra care (article 8) –  ethnic origin, political opinion, etc. •  Right of access to data (article 12) –  Includes rectification •  Automated decisions (article 15) –  Decisions severely affecting the data subject may not be solely based on automated profiling –  If so, appeal to decision must be possible •  Security obligation (article 17) •  Notification obligation (article 18) •  Third country data transfers (article 25) –  Only allowed if adequate level of protection –  For the US: Safe Harbour arrangement
  59. 59. 95/46/EC - scope •  Only applicable if –  automated processing of ‘personal data’ OR –  part of a ‘filing system’ (article 3) •  Personal data –  Natural person is directly or indirectly identifiable •  à properly anonymised data not subject to 95/46/EC •  However, –  Other legal obligations exist •  e.g. article 7 and 8 EU Charter of Fundamental Rights, article 8 ECHR, e-Privacy Directive –  Anonymous data can still inflict harm (à group profiling) –  Anonymisation itself is also data processing!
  60. 60. Anonymisation – legal considerations 1/2 •  Good  introduc4on  in  Opinion  05/2014  of  Art  29  WP   •  iden5fica5on  no  longer  than  necessary  can  be  an  obliga4on  for   anonymisaton   •  à  anonymisa4on  by  default?     •  The  process  of  anonymisa4on  is  also  data  processing   •  Principle  of  purpose  limita4on  applies!   •  Applying  anonymised  data  to  user  profiles  is  data  processing   •  à  only  the  processing  of  already  anonymised  data  by  itself  is  not   subject  to  data  protec4on  
  61. 61. Anonymisation – legal considerations 2/2 •  Pseudonymisation is not anonymisation –  àreplacing identifiers is not enough •  Only anonymous if identification is irreversibly prevented –  Whether that is the case depends on robustness of method –  Opinion 05/2014 assesses different methods in that regard •  Residual risk of identification has to be taken into account –  Monitor and control
  62. 62. Anonymisation – Practical considerations •  Decisive is the ability to single out an individual –  Dropping identifier columns from a DB is likely not enough –  Attributes such as age, gender, etc. might have to be modified –  àrandomization and generalization •  Consider the possibility of further harm (group profiling) –  Unjustified discrimination –  Unfair discrimination
  63. 63. Human-subjects research 1/2 •  Experiments with Learning Analytics might require approval of a local ethics committee! •  Nuremberg code, Declaration of Helsinki (excerpt) –  Informed consent –  For the good of society –  Avoidance of harm –  Option to exit •  Problematic points –  Consent –  Deception –  Identifiable data –  Subordinate position
  64. 64. Human-subjects research 2/2 •  Required by law only for medical research •  àRegulations differ per university •  If review is necessary, often: –  Multiple stages –  Checklists –  Possibly advice for improvement of study •  Requirements for approval tie in with ethical considerations discussed earlier
  65. 65. Conclusions •  No simple recipe or ‘how to ethics’ •  Data protection != anonymisation or consent •  Protecting privacy != anonymisation •  Ethics in LA is more than privacy •  Legal constraints (data protection) are not everything •  Think along the lines of contextual integrity •  Keep the students involved
  66. 66. Discussion •  Limits of privacy by design •  Security best practices •  Difficulties of meten is weten –  Discussion around publication of CITO scores •  Dangers of misinterpretation –  Safeassign Matching Score •  Data access –  Student, teacher or both –  Granularity of access •  Connection to non-university systems –  Cloud services, social media •  Ways forward –  Code of ethics for LA?
  67. 67. “Ethics  &  Privacy  Issues  in  the  Applica4on  of  Learning  Analy4cs”   by  Hendrik  Drachsler,  Open  University  of  the  Netherlands  was   presented  at  LACE  &  SURF  workshop,  Utrecht,  Netherlands  on   28.10.2014.,  @hdrachsler         This  work  was  undertaken  as  part  of  the  LACE  Project,  supported  by  the  European  Commission  Seventh   Framework  Programme,  grant  619424.   These  slides  are  provided  under  the  Crea4ve  Commons  Ahribu4on  Licence:  hhp://    Some  images  used  may    have  different  licence  terms.   @laceproject   67  
  68. 68. 68 68 You  are  free  to:   copy,  share,  adapt,  or  re-­‐mix;   photograph,  film,  or  broadcast;   blog,  live-­‐blog,  or  post  video  of   this  presenta4on  provided  that:   You  ahribute  the  work  to  its  author  and  respect  the  rights  and   licences  associated  with  its  components.