DATA, ETHICS AND THE LAWSAMANTHA AHERNUNIVERSITY COLLEGE LONDON

• What are the ethical and legal considerations for the IoT and big data collection?• What is the GDPR and what will it mean for processing and

data collection?• What rights to privacy do we have and will we want?• Who should be making those decisions – technologists or end

users?

THE VOLUME, VELOCITY AND VARIETY OF DATA WE ARE GENERATING IS RAPIDLY INCREASING. WE CREATE DATA ON ALMOST ALL ASPECTS OF OUR LIVES, WHICH CAN BE HARNESSED AND ANALYSED TO PROVIDE POWERFUL INSIGHTS

INTO OUR BEHAVIOUR, OUR PREFERENCES AND OUR FUTURE ACTIONS.

From Bricks to Clicks: the Potential of Data and Analytics in Higher Education. Policy Connect. Higher Education Commission (2016)

REUTERS: YAHOO SECRETLY SCANNED CUSTOMER EMAILS FOR U.S. INTELLIGENCE

http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

DATA PROTECTION ACT (1998)

• used fairly and lawfully• used for limited, specifically stated purposes• used in a way that is adequate, relevant and not excessive• accurate• kept for no longer than is absolutely necessary• handled according to people’s data protection rights• kept safe and secure• not transferred outside the European Economic Area without adequate protection

https://www.gov.uk/data-protection/the-data-protection-act

PRIVACY SHIELD

• EU Commission fact sheet: http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_eu-us_privacy_shield_en.pdf

GENERAL DATA PROTECTION REGULATIONS (GDPR)• Will come into force in the UK on May 25 2018• The GDPR imposes restrictions on the transfer of personal

data outside the European Union, to third countries or international organisations.• Principles:

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/

WINDOWS 10

GDPR: INDIVIDUALS’ RIGHTS

The main rights for individuals under the GDPR will be: • subject access, • to have inaccuracies corrected, • to have information erased, • to prevent direct marketing, • to prevent automated decision-making and profiling, and • data portability.

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

METADATA AND AGGREGATION

• Where data is to be used anonymously particular care will be taken by institutions to avoid:• Identification of individuals from metadata• Re-identification of individuals by aggregating multiple data sources

https://www.jisc.ac.uk/sites/default/files/jd0040_code_of_practice_for_learning_analytics_190515_v1.pdf

THE UNIVERSITY ENVIRONMENT

•Recommendation 3 •Recommendation 4•Recommendation 5

BRICKS TO CLICKS RECOMMENDATIONS

From Bricks to Clicks: the Potential of Data and Analytics in Higher Education. Policy Connect. Higher Education Commission (2016)

RECOMMENDATION 3

• All HEIs should consider introducing an appropriate learning analytics system to improve student support / performance at their institution. • Any such decision should be fully informed by an analysis of

the benefits, limitations and risks attached.

RECOMMENDATION 4

• Institutions should put in place clear ethical policies and codes of practices that govern the use of student data in analytics and other digital systems. • These policies should, at a minimum, address student

privacy, security of data and consent.

RECOMMENDATION 5

• In particular, when introducing learning analytics, HEIs should seek fully informed consent from students to the use of their personal and learning data in analytics. • This should be sought again if new data is incorporated into

the system, or existing data is used in new ways.

By KylaBorg (Privacy) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons

QUESTIONS