Student privacy self-management: implications for learning analytics

By Paul Prinsloo (University of South Africa) & Sharon Slade (Open University, UK)

ACKNOWLEDGEMENTS

The presenters do not own the copyright of any of the images in this presentation. We hereby acknowledge the original copyright and licensing regime of every image and reference used. All the images used in this presentation have been sourced from Google labeled for non-commercial reuse

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License

Do students know • what data we harvest from them• about the assumptions that guide our algorithms• when we collect data & for what purposes• who will have access to the data (now & later)• how long we will keep the data & for what purpose & in

what format• how will we verify the data & • do they have access to confirm/enrich their digital

profiles…?Image credit: http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg

Image credit: http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg

Do they know?

Do they have the right to know?

Can they opt out and what are the implications if they do/don’t?

Image credit: http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg

“Providing people with notice, access, and the ability to control their data is key to facilitating some autonomy in a world where decisions are increasingly made about them with the use of personal data, automated processes, and clandestine rationales, and where people have minimal abilities to do anything about such decisions”

(Solove, 2013, p. 1899; emphasis added)

Image credit: http://www.mailbow.net/eng/blog/opt-in-and-op-out/

“Providing people with notice, access, and the ability to control their data is key to facilitating some autonomy in a world where decisions are increasingly made about them with the use of personal data, automated processes, and clandestine rationales, and where people have minimal abilities to do anything about such decisions”

(Solove, 2013, p. 1899; emphasis added)

Image credit: http://www.mailbow.net/eng/blog/opt-in-and-op-out/

Privacy self-management – not a straightforward strategy…

“Secrets are lies”“Sharing is caring” “Privacy is theft”

Terms and Conditions –the length and the small

print

http://upload.wikimedia.org/wikipedia/commons/2/2c/Key_delete.jpg

(Eggers, 2013)

The right to be forgotten and the fragility of consent

The growth of ‘privacy enhancing technologies’ (PETs)

Privacy self-management in an age of sharing…

• “digital promiscuity” (Murphy, 2014)

• From surveillance to sousveillance (Kitchen, 2013)

• The more we give our information away for free and share indiscriminately, the more we are worried about privacy (Murphy, 2014)

• If we have not shared it on Facebook, did it really happen?

• Quantified selves versus/and/or qualified selves…

Privacy self-management and the (ir)rational individual

• The assumption of rational and informed individuals – far removed from reality

• “People are also more willing to share personal data when they feel in control, regardless of whether that control is real or illusory” (Solove, 2013, p. 1887)

• The exchange ratio: Exchanging huge amounts of personal data for small benefits

• The length, technical and legal terminologies, font type and size used in TOCs (Bellman, Johnson & Lohse, 2001)

Privacy self-management and the virtue of forgetting…

• Almost impossible to comprehend the scope of data collected, analysed and used, the combination with other sources of information, the future uses for historical information and the possibilities of re-identification of de-personalized data

• These various sources of information and combinations of sources start to resemble “electronic collages” and an “elaborate lattice of information networking” (Solove, 2004, p. 3)

• The fragility of consent… what may be innocuous data in one context, may be damning in another

What are the implications for higher education and our use of student data?

How do we respond?

What does our Terms and Conditions (un)cover?

An analysis of the Terms and Conditions of…

22 million* students in 3 years

10 million* students in 3 years

1 million* students in 2 years

* Figures are estimates

The analytical constructs used in the analysis included the following:

1. Length of TOC

1. Types of data collected – personally identifiable and non-personal information

1. Methods of data collected

1. Conditions for sharing the collected data

1. Uses of data

1. User access to, responsibility and control of data – opting out is not an option, duty of care, user responsibility for correctness of data, user concerns regarding privacy and data use

A. Length of Terms and Conditions

• Length: Between 13 pages (5,965 words) (Coursera) and 22 pages (8,565 words)(FutureLearn)

• Number of headings: Between 30 headings and subheadings (Coursera) to 41 in edX

• Font type (in bold and CAPS): 460 words (edX), 784 (Coursera) and no words in bold and CAPS in FutureLearn

B. Types of data collected

Personal Non-personal

edX Provides definition Registration/verification purposes

Collects and use whatever is provided

✔

Can be used to identify (e.g. IP addresses)

Coursera No definitionRegistration/verification purposes

Collects and use whatever is provided

✔

Can be used to identify(e.g. IP addresses)

FutureLearn No definitionRegistration/verification purposes

Collects and use whatever is providedMay also receive from 3rd parties

Will not use non-personal data to identify users

C. Methods of data collected

Cookies Other

edX ✔ No info

Coursera ✔ “From time to time we may also use additional methods

of collecting data” (no details provided)

FutureLearn ✔Separate Cookie Policy providing overview

of types and list of cookies used

No info

D. Conditions for sharing the collected data

With whom Conditions Type of info shared

edX With affiliated universities

On condition that the information is treated in a confidential manner and protected

Only personal information required to “fulfil the purpose stated at the time of collection” will be shared

Coursera ✗ ✗May use personally identifiable information collected on the Forums and “may publish this information via extensions of our Platform that use third-party services, like mobile applications”

FutureLearn ✗To users at a fee

✗

E. Uses of data

Improve learning/

service

Individualizelearning

Authentication Other

edX ✔ ✔ ✔ Research

Coursera(included under

uses)

✔ - ✔ BusinessIdentifiable info (e.g.

postings) may be published/reused

FutureLearn ✔ ✔ - ResearchSponsorship

F. User responsibility for correctness of data

All three providers make it clear that users have the responsibility to ensure that the required data provided is correct and current. Users can/must

• Edit/update• Maintain

If a user does not guarantee the correctness of information, the use of service is/may be suspended…

Interesting/controversial issues:

• edX states that any forum posts are fully owned by edX in perpetuity and may be later exploited in whole or in part

• FutureLearn insists that students use real names as identifiers and encourages users to openly share (with them and with other students) details of their location, gender and education history to “help other learners get to know you and help us to tailor the service to suit you”

• Opting out is not an option: All three providers permit users to disallow cookies, but warn that this may impact negatively on the quality of the service provided

• All three providers provide users an opportunity to raise concerns or question policy by sending an email

What are the implications for learning analytics?

1. The duty of reciprocal care

• Make TOCs as accessible and understandable (the latter may mean longer…)

• Make it clear what data is collected, when, for what purpose, for how long it will be kept and who will have access and under what circumstances

• Provide users access to information and data held about them, to verify and/or question the conclusions drawn, and where necessary, provide context

• Provide access to a neutral ombudsperson

What are the implications for learning analytics? (2)

2. The contextual integrity of privacy and data – ensure the contextual integrity and lifespan of personal data

2. Student agency and privacy self-management• The fiduciary duty of higher education implies a social contract of goodwill

and ‘do no harm’• The asymmetrical power relationship between institution and students

necessitates transparency, accountability, access and input/collaboration• Empower students – digital citizenship/care• The costs and benefits of sharing data with the institution should be clear• Higher education should not accept a non-response as equal to opting in…

What are the implications for learning analytics? (3)

4. Future direction and reflection• Rethink consent and employ nudges – move away from thinking just

in terms of a binary of opting in or out – but provide a range of choices in specific contexts or needs

• Develop partial privacy self-management – based on context/need/value

• Adjust privacy’s timing and focus - the downstream use of data, the importance of contextual integrity, the lifespan of data

• Moving toward substance over neutrality – blocking troublesome and immoral practices, but also soft, negotiated spaces of reciprocal care

(In)conclusion“The way forward involves (1) developing a coherent approach to consent, one that accounts

for the social science discoveries about how people make decisions about personal data;

(2) recognizing that people can engage in privacy self management only selectively;

(3) adjusting privacy law’s timing to focus on downstream uses; and (4) developing more substantive privacy rules.

These are enormous challenges, but they must be tackled”

(Solove, 2013)

THANK YOUPaul Prinsloo (Prof)Research Professor in Open Distance Learning (ODL)College of Economic and Management Sciences, Office number 3-15, Club 1, Hazelwood, P O Box 392Unisa, 0003, Republic of South Africa

T: +27 (0) 12 433 4719 (office)T: +27 (0) 82 3954 113 (mobile)

prinsp@unisa.ac.zaSkype: paul.prinsloo59

Personal blog:http://opendistanceteachingandlearning.wordpress.com

Twitter profile: @14prinsp

Sharon Slade (Dr) Senior Lecturer and Regional Manager, Faculty of Business and LawThe Open University, Walton Hall, Milton Keynes, MK7 6AA, United Kingdom

T: 01865 486250

Sharon.slade@open.ac.uk

Personal blog:http://odlsharonslade.wordpress.com/

Twitter profile: @SharonSlade

References

Bellman, S., Johnson, E.J. and Lohse, G.L. 2001. On site: to opt-in or opt-out?: it depends on the question. Communications of the ACM, 44(2), 25-27. Retrieved from http://dl.acm.org/citation.cfm?id=359241

Coursera. 2014. Terms and conditions. Retrieved from https://authentication.coursera.org/auth/auth/normal/tos.php

edX. 2014. Terms of service (including Privacy policy). Retrieved from https://www.edx.org/edx-terms-service

Eggers, D. 2013. The circle. Penguin, London, UK.

FutureLearn. 2014. Terms and conditions (including Privacy and Cookie Policy). Retrieved from https://about.futurelearn.com/terms/

References (cont)

Murphy, K. 2014, October 4. We want privacy, but can’t stop sharing. The New York Times.[Web log post]. Retrieved from http://www.nytimes.com/2014/10/05/sunday-review/we-want-privacy-but-cant-stop-sharing.html?partner=rss&emc=rss&smid=tw-nytopinion

Kitchen, R. (2013). Big data and human geography: opportunityies, challenges and risks. Dialogues in Human Geography, 3, 262-267.

Solove, D.J. (2004). The digital person. Technology and privacy in the information age. New York, NY: New York University Press.

Solove, D.J. 2013. Introduction: Privacy self-management and the consent dilemma. Harvard Law Review, 1880 (2013); GWU Legal Studies Research Paper No. 2012-141; GWU Law School Public Law Research Paper No. 2012-141. Available at SSRN: http://ssrn.com/abstract=2171018