Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Recently I’ve been presenting our suggested legal framework for learning analytics to audiences involved in teaching, rather than legal people. For that I’ve been trying out a different visualisation, which considers the teaching process as involving three layers: Teaching itself (red): during which we process the personal data that’s needed to help students learn. The […]
Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications. In fact, particularly after it was amended in 2009, the ePD did a bit more than that, as it turned out to be a convenient place to insert […]
Over recent months the GDPR has given extra weight to concerns – originally expressed by regulators fifteen years ago – about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a […]
It’s only lunchtime on the first day of the FIRST Conference 2018, and already two talks have stressed the importance and value of reviewing incidents over both the short and long terms. In the very different contexts of an open science research lab (LBNL) and an online IPR-based business on IPR (Netflix), a common message […]
I’ve been trying to produce a visual image to capture the twelve steps to GDPR compliance. For details of the individual steps see: Awareness Data Protection by Design Information Lifecycle Audit Breach Notification Process [Article 29 Working Party guidance] Legal Basis [Information Commissioner guidance] Privacy Notices [Article 29 Working Party guidance] Individual Rights Processes (inc.subject […]
The Information Commissioner’s new guidance on Consent under the General Data Protection Regulation contains some useful guidance for universities and colleges in particular. On the question of which legal bases are available to universities and colleges – in particular whether they are included within the GDPR’s disapproval of consent and legitimate interests being used by […]
Learning analytics dashboards, like the class mark books that long preceded them, show tutors a lot of information about their students. That could be pretty intrusive, so should universities and colleges be asking students to consent before tutors look at their data? I don’t think so, both because the students most likely to benefit are […]
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches. One of the key tools in doing this is logfiles: the European Court of Justice in Breyer v Germany recognised the role of web server logs, the Article 29 Working Party guidelines mention logs and network flow data. […]
The Government has published the Network and Information Security Regulations 2018, which will implement the EU NIS Directive in the UK from May 9th. The education sector is not covered by either law. Where we might have been inadvertently captured was in the provisions for DNS Services. These cover both authoritative domain servers and DNS […]
Like the current Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply to any research involving data about identifiable living individuals. Also like the Act, the Regulation provides for adaptation in a couple of areas where this is needed to make such research possible. All processing of personal data needs a legal […]