Researching Data Privacy in eLearning

Researching Data Privacy Models in

eLearning

Malinka Ivanova, Technical University of Sofia Gabriela Grosseck, West University of Timisoara

Carmen Holotescu, University Politehnica Timisoara

ITHET 2015, IEETeL2015, 11-13 June, 2015, Caparica, Lisbon, Portugal

Aim

To develop a model of students’ data privacy supporting educators in educational settings and not harming the students’ privacy interests

Introduction

“e” world

BusinessFinanceHealthGovernmentJusticeSocietyLearning

collection of a vast amount of private data

IntroductionRegistration

personal data:full nameaddressphone numbergenderagesemail address

Profile

BackgroundPreferenceslearning progress

Tracking mechanisms

Adaptive technologiesAssistive technologies

Social networking in education

Learning analytics

eLearning

Questions

• What kind of privacy data is enough for educators to manage a successful learning process?

• What kind of data the students are predisposed to share in order to successfully accomplish their learning activities?

Privacy aspects in eLearning

Privacy aspects in eLearning

Privacy aspects in eLearning

Data privacy to protect learnersData privacy to protect learners

Data privacy to improve learningData privacy to improve learning

Privacy in health care and medicine

• Electronic health records - information is used for:• diagnosis and treatment• for improvement the existing healthcare system• for development of healthcare policy• for research in medical science

• This information is available for insurance companies, payment offices in medical organizations, for the purposes of several government initiatives, for statistical institutions

• The risks for patients: • from an internal agent who does not possess such privileges or from an external agent who

steals information from the information system • from an internal agent with privileges to process such data (Appari, Johnson, 2010)

Privacy in health care and medicine

• Security of data privacy could be achieved after applying a set of actions:• information systems security• public policy• intra- and inter-organizational productivity and quality

(Popoiu, Grosseck, Holotescu, 2012)

Privacy in Ecommerce

• Ecommerce activities:• Administration• Legislation for intellectual property protection• Confidentiality • Safety

• All these activities require user personal data that is stored in databases on web servers• Private information is collected automatically exploring the customer

preferences• Information is sold to commerce and advertising companies • Customers are in scope of spam and malware activities, hack and fishing attacks

(A. Cavoukian)

Privacy in Ecommerce

• From the side of selling and business companies, personal data can be protected through combination of security actions: • availability of policy about collection and usage of personal data• collection and storage just of needed data• passwords protection of business computers• firewall installation• restriction access to private data to authorized employees• sending advertising emails to customers after permission to contact them• using of privacy seal program• use of secure servers and SSL encrypting technology• securing of hosting services (e-Business Toolkit, 2013)

• Customer:• authorization, authentication, secure transactions• not just technical solutions, but also social, organizational, regulatory, economical (Ackerman, Davis), and

educational approaches

Privacy in eGovernment

• Steps for securing eGovernment systems: • development of policy strategy• realization of secure components and systems• institutional supervision of security• building a knowledge base “Privacy by Design”• applying anonymization techniques for minimal data usage• using of technical and legal approaches to avoid privacy risks when re-

identification of previously anonymized data is performed• achievement of interoperability of different security tools (Jacobi, Jensen, Kool,

Munnichs, Weber, 2013)

Privacy

• There are a wide variety of models proposing solutions for protection of private data and combining components of different measures and actions• It allows usage just of general data, hiding unnecessary information,

reaching pseudonymity or full anonymity

Measures to protect users’ privacy

Data privacy

Economic measuresEconomic measures

Social measuresSocial measures

Legal measuresLegal measures

Institutional measures

Institutional measures

Technical measuresTechnical measures

Operational measures

Operational measures

Privacy as an economic good, markets for private data

Privacy as an economic good, markets for private data

Collecting, storing and using just needed data, anonymity, social engineering

Collecting, storing and using just needed data, anonymity, social engineering

Legal rules, norms, regulations at national, European and international level

Legal rules, norms, regulations at national, European and international level

Legal rules, policy within the framework of companies, organizations

Legal rules, policy within the framework of companies, organizations

Information system, server security, restricted access, secure transactions

Information system, server security, restricted access, secure transactions

Suitable combination of different measuresSuitable combination of different measures

Educational measures

Educational measures

Educate to share just needed data, other to keep private

Educate to share just needed data, other to keep private

Privacy in eLearningPrivacy aspects

in eLearningPrivacy aspects

in eLearning

Data privacy to protect learners

Data privacy to protect learners

Data privacy to improve learning

Data privacy to improve learning

Learner keeps information private

Learner keeps information private

Third party keeps private data of others

Third party keeps private data of others

Privacy in eLearning

• Privacy risks • use of unsecure TCP/IP protocols• use of higher level of protocols like HTTP, SMTP, POP3, NNTP, browser’s

chattering, existing of invisible hyperlinks, cookies, implementation of browsers (Working document of EC)

• email communication mechanisms and web surfing process • privacy violations in organized Massive Open Online Courses (MOOCs)

initiatives where the enrolled students are subjects to a mass data collection• online applications and services, communications platforms and business

models in context of cloud computing, search engines, social networks, mobile Internet (Mendel, Puddephatt, Wagner, Hawtin and Torres, 2012)

Privacy in eLearning

• The violations: • unauthorized access to data, stored in records with learner history• unappropriated use of stored students’ generated content on institutional

servers• usage of antivirus program with possibility to collect students’ data (Weippl and

Ebner, 2008)

• Web 2.0 software, placed on different servers in different countries • records of students enrolled in MOOCs (Kolowichhttp,2014)

Privacy in eLearning• Solutions• eLearning environment to allow:

• pseudonymity• anonymity • information sharing based on trust • giving cues with information about the actor role in a given context• allowing cues with verbal and non-verbal information • system has to give signal when a user much information shares • to announce the right current author of the information• system should educate in privacy • bad behavior of students should be punished (Anwar, Greer, and Brooks, 2006)

Privacy in eLearning

• Collaborative and privacy-aware eLearning platform BluES is specially developed to recognize the privacy issues (Borcea-Pfitzmann, Liesebach and Pfitzmann, 2010)

• it guarantees private data to be processed from services in a minimal way• it keeps transactions with their data, allowing transparency

Privacy for learning improvement• All examples found in scientific papers - treat the role of anonymity to

stimulate and motivate learning• Anonymity possesses disadvantages – will not be discussed here• In the following learning scenarios: peer-to-peer learning, blended

learning, group and collaborative learning anonymity is an important factor for learning

Survey and Results

• The survey is designed with two goals: • to understand the students’ opinion whether their privacy is violated in a

learning process • the main factors that define privacy and successful learning to be extracted

Survey and Results

• The questions are grouped in four categories: (1) use of educational software (including social networks for

educational purposes) and sharing of private data (2) what private data an educator should know to manage a successful

learning process (3) the role of intelligent technologies in learning process and their

relationship with privacy(4) possibilities for students to decide what kind of private data to

share

Survey and ResultsStudents’ predisposition to share private data in educational software

Survey and ResultsStudents’ predisposition to share educational background

Survey and ResultsStudents’ predisposition to give information about learning preferences

Survey and ResultsStudents’ answers about whether intelligent technologies could support their learning

Survey and ResultsStudents’ answers about whether intelligent technologies violate their privacy space

Survey and ResultsStudents’ opinion about whether they have to possess an opportunity to decide what kind of personal data to share for educational purposes

Survey and ResultsStudents’ answers about the features of educational software allowing them to choose what kind of private data to share

Data Privacy Model in eLearning

Privacy in eLearning

Student side-what information share-what relationships make-how his computer / mobile device is protected

Student side-what information share-what relationships make-how his computer / mobile device is protected

Third parties side-University – keeps and shares just needed data with students’ agreement, secure information system and databases-Educator – operate with minimal personal data, knowing of learning preferences, styles, learning progress-Other students – use the shared data-Administrator – indirect involved, keeps private data

Third parties side-University – keeps and shares just needed data with students’ agreement, secure information system and databases-Educator – operate with minimal personal data, knowing of learning preferences, styles, learning progress-Other students – use the shared data-Administrator – indirect involved, keeps private data

Educational software

-Ensuring pseudonymity/ anonymity-Tools for sharing on trust-Options for choice of sharing-To educate in privacy-To give hint when much data are shared-Password protection-other technical issues

Educational software

-Ensuring pseudonymity/ anonymity-Tools for sharing on trust-Options for choice of sharing-To educate in privacy-To give hint when much data are shared-Password protection-other technical issues

Conclusion• Data privacy should be reached after applying a suitable combination of

measures• The main components in the model - proper attitudes of students and third

parties to data keeping and ensuring of secure computer and information systems• Educational software should offer several tools in support of data sharing,

tools for using just the necessary private data, tools for privileges protection• In eLearning privacy the principle: sharing on trust is important for the

organization of a successful learning• Students want to trust educators, third parties and used educational software• Then the educators use the students’ private data to organize a learning

process adequate to the student’s learning needs

• Thank you for your attention!

Thanks for pictures:http://healthworkscollective.com/keithtullyy/309681/how-technology-affecting-healthcarehttp://www.datadesigngroup.com/wp-content/uploads/2014/12/ecommerce.pnghttp://ec.europa.eu/digital-agenda/en/public-serviceshttps://e-estonia.com/wp-content/uploads/2014/04/eHealth.jpghttp://pedemonts.com.au/service-solutions/e-commerce/http://ucfretrolab.org/2012/09/29/anonymity-and-online-gaming/http://www.vi.net/blog/2013/04/could-cloud-computing-become-just-computing/http://www.truste.com/blog/