The document discusses the principle of data protection by design and default in the context of learning analytics, highlighting its role in integrating pedagogical approaches into data collection and usage. It emphasizes the necessity of aligning learning analytics applications with privacy regulations, notably the EU's GDPR, to enhance learner agency and trust. Various privacy rights for learners are outlined, including data access, rectification, erasure, and portability, underscoring the importance of robust governance and accountability in educational settings.

1. The Principle of Data Protection by
Design and Default as a lever for
bringing Pedagogy into the
Discourse on Learning Analytics
Tore Hoel & Weiqin Chen
Oslo and Akershus University College of Applied Sciences
Norway
ICCE 2016
Mumbai, India

2. Background
Educational
Concept
Proxy
Captured
Data

3. Background
Learner
Agency
What proxy
to
use?
What data to
capture?

4. Sensor data
• You know there are students
standing in line for lunch
• You don't know anything about
their learning
• And they will start walking if
they know they are monitored

5. How do we start talking to
the students when designing
new LA applications?

6. What could be a compelling force
to bridge pedagogy and analytics?

7. Global Privacy Frameworks
• Global market for
LA tools
• EU regulations may
be more strict…
• The same
foundational data
protection
principles are
shared globally
OECD APEC EU: GDPR
Collection limitation Preventing harm Lawfulness, fairness and
transparency
Data Quality Notice Purpose limitation
Purpose
specification
Collection
limitation
Data minimisation
Use limitation Uses of Personal
Information
Accuracy
Security
Safeguards
Choice Storage limitation
Openness Integrity of
Personal
Information
Integrity and confidentiality
Individual
Participation
Security
Safeguards
Accountability

8. New European Data Protection
Regulation (GDPR) for the digital age
• Consent for processing data: A clear
affirmative action
• Easy access to your own data (Data
Portability)
• Data breaches (e.g., hacking): Notice
without undue delay
• Right to be forgotten
• Data Protection by
Design and Data
Protection by Default
Published May 2016 –
National law in all
European countries
from 2018

9. Privacy and Data Protection
by Design
• Privacy an integral part of next wave in technology
revolution (Finneran Dennedy et al. 2014)
• Privacy-by-Architecture (Spiekermann & Cranor,
2009)
• Data minimisation as the foundational principle
(Güres et al. 2011)
• PbD not much used - still posterior privacy
(ENISA, 2014)

10. Privacy by design affects
each LA process
LA processes defined by ISO/IEC JTC 1/SC36
Pedagogical requirements are related
to each LA process

11. How Privacy by Design and by Default
could inform design of LA solutions
making sure they are grounded in valid
Pedagogical Principles?
The
challenge

12. Data Minimisation vs Utility in
different Data Sharing Contexts

13. Scenario template
• Aims of LA usage
• Pedagogical grounding
• Data Protection by Design and by Default
Implementation
• Requirements for design solutions

14. 3 scenarios
• School class with extensive data sharing
• Publisher / vendor / content provider with apps
for STEM education
• School authority quality assurance system

15. Conclusions
• The EU Data Protection Regulation enforces the
principle of Data Protection by Design and Default
• This principle cannot be follow without exploring
pedagogical scenarios
• This could change the way LA applications are
designed…
• …giving more agency to the learner, e.g., through tools
for consent to, and opting in or out of to data collection

16. 谢谢您的关注
This work is licensed under a Creative Commons
Attribution 4.0 International (CC BY 4.0).
tore.hoel@hioa.no
WeChat: Tore_no

17. Scope of ISO/IEC 20748 Part4
• The scope of this Part is to develop learning analytics specific
attributes of privacy and data protection with the purpose to
inform design of learning analytics systems development and
learning analytics practices in schools, universities, workplace
learning and blended learning settings. The Technical Report will
give a short summary of established data protection regulations
and privacy principles to prepare the underpinning of the specific
attributes that should be considered to build trust in learning
analytics systems and practices.
• What is LA privacy attributes
• What is the Design Space
• Privacy principles are….?
• Define the role of trust
18

18. Right to be informed
19
Requirements LA Attributes
(numbers refer to LA subprocess)
Right to be
informed
The learner will throughout the full cycle of the LA process (1-6) be able to
get information about
- what is the purpose of the LA session specified to learning activity (1)
- what data are collected (2)
- how the data are stored and processed (3)
- what principles (e.g., predictive models, algorithms) are used for
analysing learning data (4)
- what visualisations are used to render results (5)
- what are the technical (as different from human) LA feedback actions
that are designed for the particular LA process (6)

19. Right to access
20
Privacy Requirements LA Attributes
(numbers refer to LA subprocess)
Right to access The learner will throughout the full cycle of the LA
process (1-6) be able to access, i.e., read and download,
- personal information (3)
- activity data (2) used for analysis (4)
- stored results of analysis (3)

20. Right to rectification
21
Privacy Requirements LA Attributes
(numbers refer to LA subprocess)
Right to rectification
The learner will at any time be able to enter into communication with the
data controller to launch claims for rectification of personal information (1-
3).

21. Right to erasure
22
Privacy
Requirements
LA Attributes
(numbers refer to LA subprocess)
Right to erasure
(1-3)The learner has at any time the opportunity to raise the wish to be
forgotten, which means deletion or removal of personal data whether there is no
compelling reason for continued processing. In an educational context this could
a number of actions, depending on educational level (mandatory or voluntary
education) and contract agreements. These are some of possible scenarios:
• LA is not a necessary pedagogical means: All involvement with the LA
process is abolished
• LA is necessary on aggregated data: Only anonymised data are collected
(and there are taken steps to make sure that re-identification is not possible)
• A time restriction for storage of data is agreed, and all data are erased after
completion of module, course, academic semester, degree…
• LA is an integral part of the course offering and the student is given the
option to terminate the course and have his/her data deleted.

22. Right to restricted processing
23
Privacy
Requirements
LA Attributes
(numbers refer to LA subprocess)
Right to restrict
processing (3) This is somewhat similar to the LA attributes described above (Right
to erasure), with the difference that the processing is put on hold and the
data kept for use in historical analysis, aggregated analysis etc.
The learner could also reserve herself from taking part in specific
learning analytics processing.

23. Right to data portability
24
Privacy Requirements LA Attributes
(numbers refer to LA subprocess)
Right to data
portability
(3) The learner has access to her or his learning activity
data, so that when moving to another institution or another
tool or LA system the learner should be able to bring with him
or her data for reuse in the new setting.

24. Right to object
25
Privacy
Requirements
LA Attributes
(numbers refer to LA subprocess)
Right to object (1-6) There must be a service agreement that informs about
the learners rights to object to any aspect of the LA processes
(1-6)

25. Automated Decision & Profiling
26
Privacy
Requirements
LA Attributes
(numbers refer to LA subprocess)
Right related to
automated decision
making and
profiling
(4-6) Individuals have the right not to be subject to a decision when:
it is based on automated processing; and it produces a legal effect or a
similarly significant effect on the individual. Learning analytics may
entail automated decision making and profiling of sorts, and these
might be part of the contract between the institution and the individual.
Learners must be able to
- obtain human intervention;
- express their points of view; and
- obtain an explanation of the decision and challenge it.

26. Other Requirements
27
Privacy Requirements LA Attributes
(numbers refer to LA subprocess)
Accountability and governance
(1-6) The institution must be able to demonstrate that they have
systems in place (policies and procedures) that uphold the protection of
personal information and minimise risk of breaches.
Breach notification
(3) When systems are compromised in any way, learners should be
notified.
Transfer of data
(Only EU relevant for European countries - the GDPR has
regulations about transfer of data outside the EU region???) (3)
Data Protection By Design And
By Default LA systems development should conform to the principle of Data
Protection By Design And By Default