Strategies  for  Dealing  with  Privacy  in  the  context  of  LA

Tore  Hoel  Oslo  and  Akershus  University  College  of  Applied  Sciences    

Norway  September  2014

What  is  the  problem  with  Privacy?

2

Medical  Privacy

Various  methods  have  been  used  to  protect  patient's  privacy.  This  1822  drawing  by  Jacques-­‐Pierre  Maygnier  shows  a  "compromise"  procedure,  in  which  the  physician  is  kneeling  before  the  woman  but  cannot  see  her  genitalia.  (Wikipedia)

Privacy,  Interoperability  &  Data  Sharing

3"Silos,  Acatlán,  Hidalgo,  México,  2013-­‐10-­‐11,  DD  03"  by  Diego  Delso  -­‐  Own  work.  Licensed  under  Creative  Commons  Attribution-­‐Share  Alike  3.0  via  Wikimedia  Commons

Control  or  Limitations?

4"Silos,  Acatlán,  Hidalgo,  México,  2013-­‐10-­‐11,  DD  03"  by  Diego  Delso  -­‐  Own  work.  Licensed  under  Creative  Commons  Attribution-­‐Share  Alike  3.0  via  Wikimedia  Commons

I  want  control  over  my  own  data!

I  want  to  grant  limited  access  to  your  data!

Privacy  is  out  of  scope  for  LA  –  it  is  dealt  with  by  basic  infrastructure  or  front-­‐end  applications

Privacy  defined…

• Privacy  is  not  simply  an  absence  of  information  about  us  in  the  minds  of  others;  rather  it  is  the  control  we  have  over  information  about  ourselves.  -­‐-­‐Charles  Fried    

• Privacy  is  a  limitation  of  others’  access  to  an  individual  through  information,  attention,  or  physical  proximity.  -­‐-­‐Ruth  Gavison

5

Or…

Privacy  as  Contextual  Integrity

• Norms  of  Appropriateness  • Norms  of  Distribution  (Flow,  transfer)  

• S  shares  information  with  R  at  S’s  discretion  

• R  requires  S  to  share  information  • R  may  freely  share  information  

about  S  • R  may  not  share  information  

about  S  with  anyone  • R  may  share  information  about  S  

under  specified  constraints  • Information  flow  is/is  not  

reciprocal  • etc.

6Source:  Helen  Nissenbaum

Integrity  –  respected  or  violated

Contextual  Integrity,  is  respected  when  norms  of  appropriateness  and  distribution  are  respected;  it  is  violated  when  any  of  the  norms  are  infringed.  

7

‘Contexts’  is  the  strategic  word  –  so  what?

• Contexts  are  Structured  Social  Settings  (“Institutions”)  • Characterized  by  roles,  relationships,  power  structures,  

canonical  activities,  strategies,  norms  (rules),  enforcement  mechanisms,  and  internal  values  (goals,  ends,  purposes)  (Nissenbaum)

8

Health-­‐care

Education

PoliticsReligious

observance

More  about  ‘contexts’…

9

• Evolve  over  time  in  cultures  and  societies,  subject  to  historical,  cultural,  geographic  contingencies  

• May  be  nested,  overlap,  conflict  • May  be  more  or  less  explicit,  

formalized,  institutionalized    • May  be  more  or  less  “complete”

Education  as  context(s)

• Learning,  Education  and  Training    • Levels  –  K12,  HE,  LLL  • Types  of  learning  • Informal  vs  formal  learning  • Pedagogies  • Learning  styles

10

Privacy  a  concern  for  LA  research  community?

• Not  really,  it  seems…  • LAK14  papers:  12  of  47  contained  word  ‘privacy’  • we  anonymised  data  before  analysis  • barrier  &  restriction  • users  are  «concerned»  -­‐  privacy  as  a  risk  

• «Learners  need  to  be  convinced  that  they  are  reliable  and  will  improve  their  learning  without  intruding  into  their  privacy»  (Ferguson,  2014)  

• «Many  myths  surrounding  the  use  of  data,  privacy  infringement  and  ownership  of  data  need  to  be  dispelled  and  can  be  properly  modulated  once  the  values  of  learning  analytics  are  realized»      (Arnold,  2014).

11

LACE  LA  Quality  Indicator  study

12

Data  Privacy  –  a  major  area  of  concern (Scheffel  et  al.,  in  press)

What  are  the  optimal  contexts  for  discussing  Privacy  in  Education?

13

Privacy  by  Design

14

• «The  principles  of  data  protection  by  design  and  data  protection  by  default»  (European  Commisson,  2012)  

• 7  Foundational  Principles  by  PbD  • Proactive  not  Reactive;  Preventative  not  Remedial  • Privacy  as  the  Default  Setting  • Privacy  Embedded  into  Design  • Full  Functionality  -­‐  Positive-­‐Sum,  not  Zero-­‐Sum  • End-­‐to-­‐End  Security  -­‐  Full  Lifecycle  Protection  • Visibility  and  Transparency  -­‐  Keep  it  Open  • Respect  for  User  Privacy  -­‐  

Keep  it  User-­‐Centric

Strategies  for  design  of  interoperable  LA  applications• Give  Privacy  priority  –  Privacy  is  in  scope!  • Follow  Privacy  by  Design  principles  • Be  aware  of  contexts  • Focus  on  well  defined  and  autonomous  contexts  first  • When  multiple  contexts  are  involved,  go  for  lightweight,  low-­‐

ambitious  solutions

15

Questions

• What  are  the  relevant  educational  contexts  from  a  Privacy  perspective?  

• What  contexts  generate  the  most  interesting  data  from  a  LA  perspective?  

• If  Social  Media  contexts  are  relevant  for  learning  –  how  do  we  avoid  contextual  integrity  infringements?  

• How  are  responsibilities  balanced  between  learner  and  institution  when  it  comes  to  the  different  contexts  of  Learning,  Education  and  Training?

16

“Strategies  for  Dealing  with  Privacy  in  the  context  of  LA”  by  Tore  Hoel,  Oslo  and  Akershus  University  College  of  Applied  Sciences,    was  presented  at  EC-­‐TEL  workshop,  Graz,  Austria,  on  16  September  2014.  !tore.hoel@hioa.no                        @tore

This  work  was  undertaken  as  part  of  the  LACE  Project,  supported  by  the  European  Commission  Seventh  Framework  Programme,  grant  619424.

These  slides  are  provided  under  the  Creative  Commons  Attribution  Licence:  http://creativecommons.org/licenses/by/4.0/.    Some  images  used  may    have  different  licence  terms.

www.laceproject.eu  @laceproject

17