PRIVACY
are surprised about how much information is collected about them. I would like to see students made aware, so they can pro- test, object or decide for themselves what they think about it.”
Working With IT Leadership at UC
The UC team has been meeting once a month for a few years to research both what other universities had done to address privacy issues as well as existing data privacy and security policies across UC itself. “We crafted a set of principles and recommended practices,” Kreher said. “The principles guide the practices. If the principle is that the student should have a say over how his or her data is being used, then the practice is that when you are negotiating with the vendor, you write into that agreement that the student has to opt in, not opt out. That was one of the key things we came up with.”
The group is now working with the IT leadership council, a university-wide group of CIOs, to formalize the best practices. “We are still in discussion about how these can be made more formal,” Kreher said, “but each campus is already using the recommended practices in negotiations with vendors.”
Kreher also said she applies the data privacy recommenda- tions to her own work every day. The UC’s Innovative Learn- ing Technology Initiative runs a central learning management system and it has a number of learning applications integrated with it. “We also run a cross-campus enrollment system, so students at any campus can enroll in online courses offered at
other campuses,” she explained. “So in our negotiations with vendors, we have data security addendums or exhibits, and we negotiate using these privacy principles. We look for opt-ins instead of opt-outs. We are about to go through another round of reviews of various legal agreements. My goal is by this fall to have them all updated with these principles.”
The MOOC Puzzle
When massive open online courses were developed, they raised new questions about the types of data they were generating, said Mitchell Stevens, director of the Center for Advanced Research through Online Learning (CAROL) at Stanford University (CA), who has convened several groups across higher education to look at the ethical issues sur- rounding student data.
Among those questions: Should participants taking Stan- ford MOOCs be considered Stanford students? If the an- swer is yes, then FERPA might apply. Are MOOC learners customers? If the answer is yes, then consumer protection laws apply. Are MOOC learners research subjects? If the answer is yes, then human subject protocols might apply.
“It was a new puzzle that was creating a lot of anxiety at Har- vard [MA], Stanford, MIT and other schools doing something like this for the first time,” Stevens said. With funding from the National Science Foundation, he helped convene a meeting in 2014. “We came out of that affirming the notion of MOOC
20
CAMPUS TECHNOLOGY | March/April 2018
UC LEARNING DATA PRIVACY PRINCIPLES
1) Ownership: The UC, faculty and students retain ownership of the data and have the right to determine how their data are used.
2) Ethical Use: Learning data are governed by pedagogical and instructional concerns.
3) Transparency: Data owners have a right to understand the particulars of how their data are collected and used, including transformative outputs (such as visualizations).
4) Freedom of Expression: Faculty and students retain the right to communicate with each other without the concern that their data will be mined
for unintended or unknown purposes.
5) Protection: Stewards will ensure learning data are protected in alignment with regulations regarding secure disposition.
6) Access and Control:
Data owners have the right to access their data in usable, transferable formats.
Vasabii/Shutterstock.com