Privacy in LISA

A significant aspect of Learning Analytics is the collection of information based on the activities of users in a learning environment (in the case of LISA students). In this manner, the information gained from learning data is used by Learning Analytics to measure and improve the quality of the learning experience and environment. Despite this, however, many policy and ethical issues regarding the protection of personal data have been raised when designing the LISA system.

The most significant risks regarding the protection of users’ personal data include: lack of transparency concerning the purposes and methods of data processing (widespread lack of privacy policy), failure to obtain informed consent from users, poor security measures, failure to take into account the need for adequate data processing in relation to the purpose.

The guidelines for data collection and processing within the European Union are set out in the GDPR, which came in to effect on May 25, 2018, in all member states of the European Union. Data privacy has been regarded in every component of the LISA system namely the Smart-Monitor, including the wearable sensor device, the LISA backend, and the learning applications that use LISA services.
The following principles were considered in LISA system design in order to ensure trust, confidentiality and integrity as well as to guarantee a user-friendly Interface within an ethic and secure environment.

1. Privacy by Design

This concept has been around for many years, but it is only now a legal requirement due to the introduction of GDPR. The term privacy by design means that data privacy should be taken into account during the conception and development phase of a software.
The principles on which Privacy by Design as well as data protection are based can be summarized as follows.

Lawfulness, fairness and transparency
Transparency implies that data management procedures must be easily accessible and transparent, written in simple language, possibly through graphics and icons, so that those concerned are able to understand what will happen to their data. Moreover, this principle informs data subject of the possible risks that the treatment may involve.

Purpose Limitation
It means that the collected information obtained for explicit and legitimate purposes must not be processed for other purposes without the data subject’s consent.

Data mining
The concept of data mining is important for the privacy by default approach specified by the GDPR. The Data Controller should only process personal information which is strictly necessary and pertinent to the companies’ intended use, in this sense support and improve student learning context and performance. The collected data must be deleted as soon as they are not needed anymore.

Data security
In the collection and processing of personal data confidentiality and integrity are ensured. That means, that unauthorized access to personal data must be prevented by technical and organizational safeguards. Such measures can include authentication and authorisation mechanisms and the use of encryption.

According to these principles, companies must be able to demonstrate the purpose of the data collection and its effectiveness.

2. Privacy Notices & GDPR

A privacy notices usually provides users with information about the data that has been collected. Through such a text, the user can become aware of what information an organization will collect, how they’ll do it, who they’ll share it with and how they’ll use it

Layering privacy notices
Layered notices improve communication of complex or detailed information about privacy by first providing the reader with a clear sum- mary of key privacy points (the first layer). A second layer provides more detailed or specific information.

Provide User-Friendly Summaries
Whenever certain changes occur, it would be opportune to provide users with a clear and user friendly summary, rather than highlighting the importance of privacy in long texts.

3. Uncompromising Consent Forms

Obtaining consent by default does not reflect the new European regulations. Consent need to be freely given and explicit, i.e. the data subject must be given the possibility to agree or disagree with the collection and use of personal data and organizations should explain how and why the data will be processed, using concise and comprehensible legislative explanation.

Another method to ensure explicit consent is the use of so called just-in-time alerts. In this way users can give their consent only when it is necessary. Furthermore, the GDPR specifies that the user must be able to withdraw consent at any time.

Privacy settings in Smart-Monitor

The primary Smart-Monitor acceptance criteria is to ensure privacy on the collected sensor data, offering the user an interface that take into account ethical aspects as well as the new European Union data privacy regulations.