The document discusses the implications of the European Union's General Data Protection Regulation (GDPR) for the design of learning analytics (LA) tools. It analyzes how each stage of the LA process, from data collection to feedback, is affected by the GDPR's new regulations around user consent, data access and portability, security, and privacy by design. The authors argue the GDPR gives designers a two-year window to build LA tools that comply through open architectures, personal data stores, and conversational capabilities respecting user rights. They call for further comparative studies of different regions' approaches to help guide responsible and privacy-aware LA development.

1. Implications of the European
Data Protection Regulations for
Learning Analytics Design
Tore Hoel & Weiqin Chen
Oslo and Akershus University College of Applied Sciences, Norway
The International Workshop on Learning Analytics and Educational Data Mining
(LAEDM 2016)
In conjunction with CRIWG/CollabTech 2016
Kanazawa, Japan – 14 September 2016

2. 2
LA tools – Window of Opportunity for Design

3. 3
Ethics & Privacy a Show-stopper for LA?

4. What influences Requirements for LA systems?
4

5. 5
OECD APEC EU: GDPR (Article 5 & 25)
Collection limitation Preventing harm Lawfulness, fairness and
transparency
Data Quality Notice Purpose limitation
Purpose specification Collection limitation Data minimisation
Use limitation Uses of Personal Information Accuracy
Security Safeguards Choice Storage limitation
Openness Integrity of Personal
Information
Integrity and confidentiality
Individual Participation Security Safeguards Accountability
Accountability Access & Correction
Accountability (Article 25) Data Protection by

6. European Union
General Data Protection Regulation (GDPR)
• 1994: Data Protection Act Directive 94/46/EC
• 2012: Initiation of a revision process
• May 2016: Revised regulation published (GDPR)
– See http://ec.europa.eu/justice/data-protection/reform/index_en.htm
• May 2018: European Law!
6
Gives us a 2 years Window of Opportunity
for
Innovative Design of LA tools

7. GDPR – new regulations for the digital age
• Consent for processing data: A clear affirmative action
• Easy access to your own data (Data Portability)
• Data breaches (e.g., hacking): Notice without undue delay
• Right to be forgotten
• Data protection by design and Data protection by default
7

8. Each LA process is affected by GDPR
8
LA processes defined by ISO/IEC JTC 1/SC36

9. Learning Activities
• Dedicated conversation is set up between the LA processor and
the student, parent, teacher or any other user of the system so
that the data subject can "be informed of the existence of the
processing operation and its purposes"
• The information provided should take into account "the specific
circumstances and context in which the personal data are
processed. Furthermore, the data subject should be informed of
the existence of profiling and the consequences of such
profiling" [Recital 60]
9

10. Data Collection
• GDPR requires "a clear affirmative act establishing a freely
given, specific, informed and unambiguous indication of the
data subject's agreement to the processing of personal data
relating to him or her.
• (..) Silence, pre-ticked boxes or inactivity should not (..)
constitute consent [Recital 32].
10

11. Data Storing & Processing (1)
• Developers must develop mechanisms that allow the data
subjects "to request and, if applicable, obtain, free of charge, in
particular, access to and rectification or erasure of personal
data" [Recital 59].
• Fair and transparent processing.
• "standardised icons in order to give in an easily visible,
intelligible and clearly legible manner, a meaningful overview of
the intended processing. Where the icons are presented
electronically, they should be machine-readable" [Recital 60].
11

12. Data Storing & Processing (2)
• Personal data erased and no longer processed "where the
personal data are no longer necessary in relation to the
purposes for which they are collected or otherwise processed,
[or] where a data subject has withdrawn his or her consent or
objects to the processing of personal data concerning him or
her" [Recital 65].
• The system needs to communicate with other systems that
have "links to, or copies or replications of those personal data"
[Recital 66].
• The system should be able to "handle conflicts", e.g.,
"temporarily moving the selected data to another processing
system, making the selected personal data unavailable to users,
or temporarily removing published data from a website"
[Recital 67].
12

13. Data Storing & Processing (3)
• Steps should be taken towards pseudonymisation and/or
encryption of personal data. [Recital 29].
• The solution needs to specify how the keys, the "additional
information for attributing the personal data to a specific data
subject" [Recital 29], are managed either within the
organisation running the LA or outside.
• Procedures for risk evaluation to establish "whether data
processing involve a risk or a high risk" [Recital 76].
13

14. Analysing
• GDPR defines profiling as "any form of automated processing of
personal data consisting of the use of personal data to evaluate
certain personal aspects relating to a natural person, in
particular to analyse or predict aspects concerning that natural
person's performance at work, economic situation, health,
personal preferences, interests, reliability, behaviour, location
or movements" [Article 4 (4)]
• Developers to give "meaningful information about the logic
involved" [Article 13, (f, g, h)].
14

15. Visualisation
• All the general requirements of the GDPR about transparent
information, communication and modalities for the exercise of
the rights of the data subject come into play here.
15

16. Feedback Actions
• The learner or the teachers "should have the right not to be
subject to a decision, which may include a measure, evaluating
personal aspects relating to him or her which is based solely on
automated processing" [Recital 71].
• If there is any automated individual decision-making, including
profiling, the data subject have the right to be informed about
"the significance and the envisaged consequences of such
processing" [Article 14, g].
• Strict minimum period for which personal data could be stored
[Recital 39], specific circumstances and contexts in which
personal data are processes [Recital 60], etc. point in the
direction of open systems with extensive conversational
capabilities.
16

17. From requirements to solutions
• GPDR published at the right time – still time to influence
architectures and tools
• Privacy by design – Data Protection by Design – Data Protection
by Default
• For LA systems – we should explore…
– Personalised Learning Record Stores
– Personal LA Dashboards with consent & data control capabilities
– Personalised Data Clouds
– School Clouds
– Open architectures
– Open predictive models (how should they be shared?)
17

18. Further work
We want to do a comparative study of Data Protections issues and
concerns in relation to Learning analytics with contributions from
Japan, South Korea, and China
Please help us with data for the case studies!
18

19. Hoel, T. & Chen, W. (2016) Implications of the European
Data Protection Regulations for Learning Analytics Design
Tore Hoel & Weiqin Chen - Paper presented at The International Workshop on
Learning Analytics and Educational Data Mining (LAEDM 2016) In conjunction with
CRIWG/CollabTech 2016, Kanazawa, Japan – 14 September 2016
tore.hoel@hioa.no
@tore
These slides are provided under the Creative Commons Attribution Licence:
http://creativecommons.org/licenses/by/4.0/. Some images used may have different licence terms.
www.laceproject.eu
19