Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data protection and privacy framework in the design of learning analytics systems

553 views

Published on

Presentation on The Influence of Data Protection and Privacy Frameworks on the Design of Learning Analytics Systems at LAK17, Vancouver, Canada - 2017-03-16

Published in: Education
  • Be the first to comment

  • Be the first to like this

Data protection and privacy framework in the design of learning analytics systems

  1. 1. The Influence of Data Protection and Privacy Frameworks on the Design of Learning Analytics Systems Tore Hoel Dai Griffiths Weiqin Chen LAK17, Vancouver, Canada 2017-03-16
  2. 2. From Tim McKay’s keynote
  3. 3. Yesterday @ LAK17
  4. 4. This alphabet soup is working on a standard on LA Privacy & Data Protection Policies ISO/IEC SC36 WG8 Sunday, 12 March meeting co-located with LAK17
  5. 5. What influences privacy requirements for LA?
  6. 6. Privacy frameworks OECD APEC EU GDPR Preventing Harm Lawfulness, Fairness and Transparency Collection Limitation Collection Limitation Data Minimisation Purpose Specification Choice Purpose Limitation Use Limitation Uses of Personal Information Storage Limitation Data Quality Integrity of Personal Information Integrity and Confidentiality Openness Notice Individual Participation Access & Correction Accuracy Accountability Accountability Accountability Security Safeguards Security Safeguards Data Protection by Design and by Default
  7. 7. New European Data Protection Regulation (GDPR) for the digital age • Consent for processing data: A clear affirmative action • Easy access to your own data (Data Portability) • Data breaches (e.g., hacking): Notice without undue delay • Right to be forgotten • Data Protection by Design and Data Protection by Default Published May 2016 – National law in all European countries from 2018
  8. 8. LA process model ISO/IEC 20748-1
  9. 9. GDPR ➔ Pedagogical Requirements LA Processes GDPR Requirements Pedagogical Requirements Learning activity Give information of processing operation and purpose Explicit formulation of the scope of LA processes. Choice of metrics that give answers to the pedagogical questions that initiated the LA process. Data collection Affirmative action of consent to data collection Support of learner agency Data storage and processing Access to, and rectification or erasure of personal data. Exercise the right to be forgotten. Pseudonymisation and risk assessment Support of learner agency Analysis Meaningful information about the logic involved. Information of profiling, e.g., predictive modeling Support of learner agency and understanding of learning context Visualisation General requirements about transparency and communication Selection of salient issues for pedagogical intervention Feedback actions Information about the significance and envisaged consequences of data processing Pedagogical intervention, relating actions to pedagogical goals
  10. 10. GDPR inspired system requirements • Right to be informed • Right to access • Right to rectification • Right to erasure • Right to restrict processing • Right to data portability • Right to object • Right related to automated decision making and profiling • Accountability and governance • Breach notification • Transfer of data (outside of EU) • Data Protection by Design and by Default
  11. 11. Right to be informed • The learner will know… • What is the purpose of LA session • What data are collected • How data are stored and processed • Principles for processing (predictive models / algorithms…) • What visualisations • Technical feedback actions designed for the LA process
  12. 12. Automated decision making / profiling • Right to not to be subject to decisions when based on automated processing • Learner must be able to… • …obtain human intervention • …express their point of view • …obtain explanation of decisions and able to challenge them
  13. 13. Privacy discourse in selected countries
  14. 14. Is the massive concern about privacy reflected the LAK discourse ? • 2015 EU citizens survey • Only 15% European citizens felt they had control over information they provided online • 1/3 felt they had no control at all • ‘Data protection’ in LAK proceedings? • 2014 & 2015: 0 papers • 2016: 1 paper • 2017: 6 papers
  15. 15. European Union • LACE project work: Privacy a show-stopper? • OUUK Code of Practice • JISC work on Consent Service • General Data Protection Regulation – European law May 2018 • Will influence the development and implementation of LA systems • Potential for strengthening the pedagogical grounding of these systems
  16. 16. What could be a compelling force to bridge pedagogy and analytics? Hoel, T. & Chen, W. (2016). The Principle of Data Protection by Design and Default as a lever for bringing Pedagogy into the Discourse on Learning Analytics. Workshop paper in Chen, W. et al. (Eds.) (2016). Proceedings of the 24th International Conference on Computers in Education. India: Asia-Pacific Society for Computers in Education
  17. 17. Japan • Bottom-up approach for application of educational data for LA • K-12 Smart School project: LA support system • No public debate on privacy issues. (Raised though in a Kyushu university LAK17 workshop paper) • Different ministries have different positions on disclosure of educational data (e.g., to 3rd parties)
  18. 18. Korea • Top-down process • KERIS report on Prospects for the Application of LA • Ambitious plans for rolling out LA in schools • LASI-ASIA 2016 • Vendors: MoE are too conservative in giving access to data
  19. 19. China • Top-down • Big Data Centres established at a number of universities • No data protection act or data protection regime • Willingness to use every data there is; however, still few examples of adoption at scale for LA
  20. 20. Issues
  21. 21. Individual vs Organisation
  22. 22. Schools vs. Higher Ed • Schools may be more susceptible to the influence of legal constrains than HE • Higher Ed is more research driven, and the role of research ethics rules may delay the discussions on ethics and data protection of full scale applications • Tug of war between advocates of open vs. closed data
  23. 23. Data Protection by Design and by Default • A simple checkbox will not do any more • Open each sub process of LA up for discussion related to data protection
  24. 24. Window of opportunity is now! Will South Korea wait to launch a national LA solution for K-12 until individualised privacy solutions are found? Will Japanese authorities give 3rd party vendors the opportunity to analyse LA data? Will European countries use the leverage given them by the GDPR to broaden the discourse on privacy and data protection? And what about China?
  25. 25. 谢谢您的关注 This work is licensed under a Creative Commons Attribution 4.0 International (CC BY 4.0). tore.hoel@hioa.no @tore Skype: odintorloke WeChat: Tore_no

×