ggmuk conf talk-samanthaahern
TRANSCRIPT
DATA, ETHICS AND THE LAWSAMANTHA AHERNUNIVERSITY COLLEGE LONDON
• What are the ethical and legal considerations for the IoT and big data collection?• What is the GDPR and what will it mean for processing and
data collection?• What rights to privacy do we have and will we want?• Who should be making those decisions – technologists or end
users?
THE VOLUME, VELOCITY AND VARIETY OF DATA WE ARE GENERATING IS RAPIDLY INCREASING. WE CREATE DATA ON ALMOST ALL ASPECTS OF OUR LIVES, WHICH CAN BE HARNESSED AND ANALYSED TO PROVIDE POWERFUL INSIGHTS
INTO OUR BEHAVIOUR, OUR PREFERENCES AND OUR FUTURE ACTIONS.
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education. Policy Connect. Higher Education Commission (2016)
REUTERS: YAHOO SECRETLY SCANNED CUSTOMER EMAILS FOR U.S. INTELLIGENCE
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
DATA PROTECTION ACT (1998)
• used fairly and lawfully• used for limited, specifically stated purposes• used in a way that is adequate, relevant and not excessive• accurate• kept for no longer than is absolutely necessary• handled according to people’s data protection rights• kept safe and secure• not transferred outside the European Economic Area without adequate protection
https://www.gov.uk/data-protection/the-data-protection-act
PRIVACY SHIELD
• EU Commission fact sheet: http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_eu-us_privacy_shield_en.pdf
GENERAL DATA PROTECTION REGULATIONS (GDPR)• Will come into force in the UK on May 25 2018• The GDPR imposes restrictions on the transfer of personal
data outside the European Union, to third countries or international organisations.• Principles:
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/
WINDOWS 10
GDPR: INDIVIDUALS’ RIGHTS
The main rights for individuals under the GDPR will be: • subject access, • to have inaccuracies corrected, • to have information erased, • to prevent direct marketing, • to prevent automated decision-making and profiling, and • data portability.
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
METADATA AND AGGREGATION
• Where data is to be used anonymously particular care will be taken by institutions to avoid:• Identification of individuals from metadata• Re-identification of individuals by aggregating multiple data sources
https://www.jisc.ac.uk/sites/default/files/jd0040_code_of_practice_for_learning_analytics_190515_v1.pdf
THE UNIVERSITY ENVIRONMENT
•Recommendation 3 •Recommendation 4•Recommendation 5
BRICKS TO CLICKS RECOMMENDATIONS
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education. Policy Connect. Higher Education Commission (2016)
RECOMMENDATION 3
• All HEIs should consider introducing an appropriate learning analytics system to improve student support / performance at their institution. • Any such decision should be fully informed by an analysis of
the benefits, limitations and risks attached.
RECOMMENDATION 4
• Institutions should put in place clear ethical policies and codes of practices that govern the use of student data in analytics and other digital systems. • These policies should, at a minimum, address student
privacy, security of data and consent.
RECOMMENDATION 5
• In particular, when introducing learning analytics, HEIs should seek fully informed consent from students to the use of their personal and learning data in analytics. • This should be sought again if new data is incorporated into
the system, or existing data is used in new ways.
By KylaBorg (Privacy) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
QUESTIONS