1. Researching Data Privacy
Models in eLearning
Malinka Ivanova, Technical University of Sofia
Gabriela Grosseck, West University of Timisoara
Carmen Holotescu, University Politehnica Timisoara
ITHET 2015, IEETeL2015, 11-13 June, 2015, Caparica, Lisbon, Portugal
2. Aim
To develop a model of students’ data privacy
supporting educators in educational settings
and not harming the students’ privacy
interests
4. Introduction
Registration
personal data:
full name
address
phone number
gender
ages
email address
Profile
Background
Preferences
learning progress
Tracking mechanisms
Adaptive technologies
Assistive technologies
Social networking in
education
Learning analytics
eLearning
5. Questions
• What kind of privacy data is enough for educators to manage a
successful learning process?
• What kind of data the students are predisposed to share in order to
successfully accomplish their learning activities?
6. Privacy aspects in eLearning
Privacy aspects in
eLearning
Data privacy to
protect learners
Data privacy to improve
learning
7. Privacy in health care and medicine
• Electronic health records - information is used for:
• diagnosis and treatment
• for improvement the existing healthcare system
• for development of healthcare policy
• for research in medical science
• This information is available for insurance companies, payment offices in
medical organizations, for the purposes of several government initiatives,
for statistical institutions
• The risks for patients:
• from an internal agent who does not possess such privileges or from an external
agent who steals information from the information system
• from an internal agent with privileges to process such data (Appari, Johnson, 2010)
8. Privacy in health care and medicine
• Security of data privacy could be achieved after applying a set of
actions:
• information systems security
• public policy
• intra- and inter-organizational productivity and quality
(Popoiu, Grosseck, Holotescu, 2012)
9. Privacy in Ecommerce
• Ecommerce activities:
• Administration
• Legislation for intellectual property protection
• Confidentiality
• Safety
• All these activities require user personal data that is stored in databases on
web servers
• Private information is collected automatically exploring the customer
preferences
• Information is sold to commerce and advertising companies
• Customers are in scope of spam and malware activities, hack and fishing
attacks (A. Cavoukian)
10. Privacy in Ecommerce
• From the side of selling and business companies, personal data can be protected
through combination of security actions:
• availability of policy about collection and usage of personal data
• collection and storage just of needed data
• passwords protection of business computers
• firewall installation
• restriction access to private data to authorized employees
• sending advertising emails to customers after permission to contact them
• using of privacy seal program
• use of secure servers and SSL encrypting technology
• securing of hosting services (e-Business Toolkit, 2013)
• Customer:
• authorization, authentication, secure transactions
• not just technical solutions, but also social, organizational, regulatory, economical (Ackerman,
Davis), and educational approaches
11. Privacy in eGovernment
• Steps for securing eGovernment systems:
• development of policy strategy
• realization of secure components and systems
• institutional supervision of security
• building a knowledge base “Privacy by Design”
• applying anonymization techniques for minimal data usage
• using of technical and legal approaches to avoid privacy risks when re-
identification of previously anonymized data is performed
• achievement of interoperability of different security tools (Jacobi, Jensen, Kool,
Munnichs, Weber, 2013)
12. Privacy
• There are a wide variety of models proposing solutions for protection
of private data and combining components of different measures and
actions
• It allows usage just of general data, hiding unnecessary information,
reaching pseudonymity or full anonymity
13. Measures to
protect users’
privacy
Data privacy
Economic
measures
Social measures
Legal measures
Institutional
measures
Technical
measures
Operational
measures
Privacy as an economic good, markets for
private data
Collecting, storing and using just needed data,
anonymity, social engineering
Legal rules, norms, regulations at national,
European and international level
Legal rules, policy within the framework of
companies, organizations
Information system, server security, restricted
access, secure transactions
Suitable combination of different measures
Educational
measures
Educate to share just needed data, other to
keep private
14. Privacy in eLearning
Privacy aspects
in eLearning
Data privacy
to protect
learners
Data privacy to
improve
learning
Learner keeps
information
private
Third party keeps
private data of
others
15. Privacy in eLearning
• Privacy risks
• use of unsecure TCP/IP protocols
• use of higher level of protocols like HTTP, SMTP, POP3, NNTP, browser’s
chattering, existing of invisible hyperlinks, cookies, implementation of
browsers (Working document of EC)
• email communication mechanisms and web surfing process
• privacy violations in organized Massive Open Online Courses (MOOCs)
initiatives where the enrolled students are subjects to a mass data collection
• online applications and services, communications platforms and business
models in context of cloud computing, search engines, social networks,
mobile Internet (Mendel, Puddephatt, Wagner, Hawtin and Torres, 2012)
16. Privacy in eLearning
• The violations:
• unauthorized access to data, stored in records with learner history
• unappropriated use of stored students’ generated content on institutional
servers
• usage of antivirus program with possibility to collect students’ data (Weippl and
Ebner, 2008)
• Web 2.0 software, placed on different servers in different countries
• records of students enrolled in MOOCs (Kolowichhttp,2014)
17. Privacy in eLearning
• Solutions
• eLearning environment to allow:
• pseudonymity
• anonymity
• information sharing based on trust
• giving cues with information about the actor role in a given context
• allowing cues with verbal and non-verbal information
• system has to give signal when a user much information shares
• to announce the right current author of the information
• system should educate in privacy
• bad behavior of students should be punished (Anwar, Greer, and Brooks, 2006)
18. Privacy in eLearning
• Collaborative and privacy-aware eLearning platform BluES is specially
developed to recognize the privacy issues (Borcea-Pfitzmann, Liesebach and
Pfitzmann, 2010)
• it guarantees private data to be processed from services in a minimal way
• it keeps transactions with their data, allowing transparency
19. Privacy for learning improvement
• All examples found in scientific papers - treat the role of anonymity to
stimulate and motivate learning
• Anonymity possesses disadvantages – will not be discussed here
• In the following learning scenarios: peer-to-peer learning, blended
learning, group and collaborative learning anonymity is an important
factor for learning
20. Survey and Results
• The survey is designed with two goals:
• to understand the students’ opinion whether their privacy is violated in a
learning process
• the main factors that define privacy and successful learning to be extracted
21. Survey and Results
• The questions are grouped in four categories:
(1) use of educational software (including social networks for
educational purposes) and sharing of private data
(2) what private data an educator should know to manage a successful
learning process
(3) the role of intelligent technologies in learning process and their
relationship with privacy
(4) possibilities for students to decide what kind of private data to
share
27. Survey and Results
Students’ opinion about whether they have to possess an opportunity to decide what kind of
personal data to share for educational purposes
28. Survey and Results
Students’ answers about the features of educational software allowing them to choose what
kind of private data to share
29. Data Privacy Model in
eLearning
Privacy in eLearning
Student side
-what information
share
-what relationships
make
-how his computer /
mobile device is
protected
Third parties side
-University – keeps and shares
just needed data with students’
agreement, secure information
system and databases
-Educator – operate with minimal
personal data, knowing of learning
preferences, styles, learning
progress
-Other students – use the shared
data
-Administrator – indirect
involved, keeps private data
Educational
software
-Ensuring
pseudonymity/
anonymity
-Tools for sharing
on trust
-Options for choice
of sharing
-To educate in
privacy
-To give hint when
much data are
shared
-Password
protection
-other technical
issues
30. Conclusion
• Data privacy should be reached after applying a suitable combination of
measures
• The main components in the model - proper attitudes of students and third
parties to data keeping and ensuring of secure computer and information
systems
• Educational software should offer several tools in support of data sharing,
tools for using just the necessary private data, tools for privileges
protection
• In eLearning privacy the principle: sharing on trust is important for the
organization of a successful learning
• Students want to trust educators, third parties and used educational
software
• Then the educators use the students’ private data to organize a learning
process adequate to the student’s learning needs
31. • Thank you for your attention!
Thanks for pictures:
http://healthworkscollective.com/keithtullyy/309681/how-technology-affecting-healthcare
http://www.datadesigngroup.com/wp-content/uploads/2014/12/ecommerce.png
http://ec.europa.eu/digital-agenda/en/public-services
https://e-estonia.com/wp-content/uploads/2014/04/eHealth.jpg
http://pedemonts.com.au/service-solutions/e-commerce/
http://ucfretrolab.org/2012/09/29/anonymity-and-online-gaming/
http://www.vi.net/blog/2013/04/could-cloud-computing-become-just-computing/
http://www.truste.com/blog/