Slides used for talk at the GeekGirl MeetUp UK conference on 8th October 2016

1. DATA, ETHICS AND THE LAW
SAMANTHA AHERN
UNIVERSITY COLLEGE LONDON

2. • What are the ethical and legal considerations for the IoT and
big data collection?
• What is the GDPR and what will it mean for processing and data
collection?
• What rights to privacy do we have and will we want?
• Who should be making those decisions – technologists or end
users?

3. THE VOLUME, VELOCITY AND VARIETY OF
DATA WE ARE GENERATING IS RAPIDLY
INCREASING. WE CREATE DATA ON ALMOST
ALL ASPECTS OF OUR LIVES, WHICH CAN BE
HARNESSED AND ANALYSED TO PROVIDE
POWERFUL INSIGHTS INTO OUR BEHAVIOUR,
OUR PREFERENCES AND OUR FUTURE ACTIONS.
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education.
Policy Connect. Higher Education Commission (2016)

4. REUTERS: YAHOO SECRETLY SCANNED
CUSTOMER EMAILS FOR U.S. INTELLIGENCE
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

5. DATA PROTECTION ACT (1998)
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate
protection
https://www.gov.uk/data-protection/the-data-protection-act

6. PRIVACY SHIELD
• EU Commission fact sheet: http://ec.europa.eu/justice/data-
protection/files/factsheets/factsheet_eu-
us_privacy_shield_en.pdf

7. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
• Will come into force in the UK on May 25 2018
• The GDPR imposes restrictions on the transfer of personal data
outside the European Union, to third countries or international
organisations.
• Principles: https://ico.org.uk/for-organisations/data-
protection-reform/overview-of-the-gdpr/principles/

8. WINDOWS 10

9. GDPR: INDIVIDUALS’ RIGHTS
The main rights for individuals under the GDPR will be:
• subject access,
• to have inaccuracies corrected,
• to have information erased,
• to prevent direct marketing,
• to prevent automated decision-making and profiling, and
• data portability.
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-

10. METADATA AND AGGREGATION
• Where data is to be used anonymously particular care will be
taken by institutions to avoid:
• Identification of individuals from metadata
• Re-identification of individuals by aggregating multiple data sources
https://www.jisc.ac.uk/sites/default/files/jd0040_code_of_practice_for_l
earning_analytics_190515_v1.pdf

11. THE UNIVERSITY ENVIRONMENT

12. • Recommendation 3
• Recommendation 4
• Recommendation 5
BRICKS TO CLICKS RECOMMENDATIONS
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education.
Policy Connect. Higher Education Commission (2016)

13. RECOMMENDATION 3
• All HEIs should consider introducing an appropriate learning
analytics system to improve student support / performance at
their institution.
• Any such decision should be fully informed by an analysis of
the benefits, limitations and risks attached.

14. RECOMMENDATION 4
• Institutions should put in place clear ethical policies and codes
of practices that govern the use of student data in analytics and
other digital systems.
• These policies should, at a minimum, address student privacy,
security of data and consent.

15. RECOMMENDATION 5
• In particular, when introducing learning analytics, HEIs should
seek fully informed consent from students to the use of their
personal and learning data in analytics.
• This should be sought again if new data is incorporated into
the system, or existing data is used in new ways.

16. By KylaBorg (Privacy) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)],
via Wikimedia Commons

17. QUESTIONS