Recently I’ve been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students’ consent. The resulting blog post is at https://analytics.jiscinvolve.org/wp/2017/02/16/consent-for-learning-analytics-some-practical-guidance-for-institutions/
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Last October the European Court of Justice confirmed that websites do have a legitimate interest in security that may justify the processing of personal data. That case (Breyer) overruled a German law that said websites could only process personal data for the purpose of delivering the pages requested by users. As far as I know, […]
[UPDATE: I’ve added links to the Codes of Practice that authorities will use when preparing each of the orders] Under the current Regulation of Investigatory Powers Act 2000 (RIPA), organisations that operate their own private computer networks may receive three different orders relating to those systems. Any organisation that receives an order is, subject to […]
Categories
Learning Analytics – an updated model
At Jisc’s Learning Analytics Network meeting last month I presented an updated version of my suggested legal model for Learning Analytics. The new version adds the data collection stage(s) and seems to me – both as a sometime system developer and privacy-sensitive student – to provide the kinds of guidance, choices and protections that I’d […]
Categories
Investigatory Powers Bill passes
According to Parliament’s website, “outstanding issues on the [Investigatory Powers] Bill were resolved on 16th November“. The Bill now passes to its final formal stage, Royal Assent, after which it will be the Investigatory Powers Act. Although the final text won’t be published till that happens, the Parliamentary stages don’t seem to have made any […]
Categories
GDPR: Twelve Steps, Sorted
Although the Information Commissioner’s “Twelve Steps to Prepare” is an excellent guide to what organisations need to do in the eighteen months before the General Data Protection Regulation becomes UK law in May 2018, following them in order from 1 to 12 may not be the best approach. Some of the steps depend on the […]
The recent European Court case of Breyer v Germany provides welcome support for those who wish to protect the security of on-line services. The case concerned two questions – whether a website’s logfiles (typically containing time, client IP address, URL requested and result) constituted personal data and, if so, whether data protection law allowed the […]
Categories
Prevent – updated HEFCE guidance
On the recent trial run of our new course on Filtering and Monitoring we invited students to discuss the Home Office requirement to “consider the use of filters as part of their overall strategy to prevent people being drawn into terrorism“. HEFCE’s recent update of their monitoring framework for Higher Education providers in England asks […]
Categories
Net Neutrality: BCP-38 Seems OK
The Board of European Regulators of Electronic Communications (BEREC) have now released the final version of their net neutrality guidelines, following a public consultation that received nearly half a million responses. These seem to have resulted in clarifications of the draft version, rather than any significant change of policy. Jisc’s response raised a concern that […]
Categories
Data exports: update in 2017
The latest announcement from the Article 29 Working Party on the US-EU Privacy Shield also suggests that there shouldn’t be any short-term surprises for those using the other justifications for exporting personal data to the USA. The European Court judgment that invalidated the Safe Harbor agreement in 2015 was concerned, among other things, with the […]