Post on 21-Mar-2017
The Influence of Data Protection and Privacy Frameworks on the
Design of Learning Analytics Systems
Tore HoelDai GriffithsWeiqin Chen
LAK17, Vancouver, Canada2017-03-16
From Tim McKay’s keynote
Yesterday @ LAK17
This alphabet soup is working on a standard on LA Privacy & Data
Protection Policies
ISO/IEC SC36 WG8 Sunday, 12 March meeting co-located with LAK17
What influences privacy requirements for LA?
Privacy frameworksOECD APEC EU GDPR
Preventing Harm Lawfulness, Fairness and Transparency
Collection Limitation Collection Limitation Data Minimisation
Purpose Specification Choice Purpose Limitation
Use Limitation Uses of Personal Information Storage Limitation
Data Quality Integrity of Personal Information Integrity and Confidentiality
Openness Notice
Individual Participation Access & Correction Accuracy
Accountability Accountability Accountability
Security Safeguards Security Safeguards
Data Protection by Design and by Default
New European Data Protection Regulation (GDPR) for the digital
age • Consent for processing data: A
clear affirmative action• Easy access to your own data
(Data Portability)• Data breaches (e.g., hacking):
Notice without undue delay• Right to be forgotten
• Data Protection by Design and Data Protection by Default
Published May 2016 –
National law in all European countries from 2018
LA process model
ISO/IEC 20748-1
GDPR ➔ Pedagogical Requirements
LA Processes GDPR Requirements Pedagogical Requirements
Learning activity Give information of processing operation and purpose
Explicit formulation of the scope of LA processes. Choice of metrics that give answers to the pedagogical questions that initiated the LA process.
Data collection Affirmative action of consent to data collection
Support of learner agency
Data storage and processing
Access to, and rectification or erasure of personal data.Exercise the right to be forgotten.Pseudonymisation and risk assessment
Support of learner agency
Analysis Meaningful information about the logic involved. Information of profiling, e.g., predictive modeling
Support of learner agency and understanding of learning context
Visualisation General requirements about transparency and communication
Selection of salient issues for pedagogical intervention
Feedback actions Information about the significance and envisaged consequences of data processing
Pedagogical intervention, relating actions to pedagogical goals
GDPR inspired system requirements
• Right to be informed• Right to access• Right to rectification• Right to erasure• Right to restrict
processing• Right to data portability• Right to object
• Right related to automated decision making and profiling
• Accountability and governance
• Breach notification• Transfer of data (outside
of EU)• Data Protection by
Design and by Default
Right to be informed• The learner will know…
• What is the purpose of LA session• What data are collected• How data are stored and processed• Principles for processing (predictive models /
algorithms…)• What visualisations• Technical feedback actions designed for the LA
process
Automated decision making / profiling
• Right to not to be subject to decisions when based on automated processing
• Learner must be able to…• …obtain human intervention• …express their point of view• …obtain explanation of decisions and able
to challenge them
Privacy discourse in selected countries
Is the massive concern about privacy reflected the LAK
discourse ?• 2015 EU citizens survey
• Only 15% European citizens felt they had control over information they provided online
• 1/3 felt they had no control at all• ‘Data protection’ in LAK proceedings?
• 2014 & 2015: 0 papers• 2016: 1 paper • 2017: 6 papers
European Union • LACE project work: Privacy a show-stopper?• OUUK Code of Practice• JISC work on Consent Service• General Data Protection Regulation – European law
May 2018• Will influence the development and implementation
of LA systems• Potential for strengthening the pedagogical
grounding of these systems
What could be a compelling force to bridge pedagogy and
analytics?
The LawHoel, T. & Chen, W. (2016). The Principle of Data Protection by Design and Default as a lever for bringing Pedagogy into the Discourse on Learning Analytics. Workshop paper in Chen, W. et al. (Eds.) (2016). Proceedings of the 24th International Conference on Computers in Education. India: Asia-Pacific Society for Computers in Education
Japan• Bottom-up approach for application of
educational data for LA• K-12 Smart School project: LA support
system• No public debate on privacy issues. (Raised
though in a Kyushu university LAK17 workshop paper)
• Different ministries have different positions on disclosure of educational data (e.g., to 3rd parties)
Korea• Top-down process• KERIS report on Prospects for the
Application of LA• Ambitious plans for rolling out LA in schools• LASI-ASIA 2016• Vendors: MoE are too conservative in giving
access to data
China• Top-down• Big Data Centres established at a number
of universities• No data protection act or data protection
regime• Willingness to use every data there is;
however, still few examples of adoption at scale for LA
Issues
Individual vs Organisation
Schools vs. Higher Ed• Schools may be more susceptible to the
influence of legal constrains than HE• Higher Ed is more research driven, and the
role of research ethics rules may delay the discussions on ethics and data protection of full scale applications
• Tug of war between advocates of open vs. closed data
Data Protection by Design and by Default
• A simple checkbox willnot do any more
• Open each sub process of LA up for discussion related to data protection
Window of opportunity is now!
Will South Korea wait to launch a national LA solution for K-12 until
individualised privacy solutions are found?
Will Japanese authorities give 3rd party vendors the opportunity to analyse LA
data? Will European countries use the leverage given them by the GDPR to broaden the discourse
on privacy and data protection?
And what about China?
谢谢您的关注This work is licensed under a Creative Commons
Attribution 4.0 International (CC BY 4.0).
tore.hoel@hioa.no@tore
Skype: odintorlokeWeChat: Tore_no