(SpringerBriefs in Business Process Management) Learning Analytics Cookbook_ How to Support Learning Processes Through Data Analytics and Visualizatio
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.6 Important Legal Regulations 27
3.6 Important Legal Regulations
The privacy and data protections that are regulated by national and international law
address the disclosure or misuse of private individuals’ information. It is out of the
scope of the book to provide a complete overview, but here are some main examples
of laws and policies that also affect learning analytics.
Regulations for online systems were driven by countries with high Internet usage
(Pardo and Siemens 2014). Examples are the European Union Directive on the
protection of individuals with regard to processing of personal data and the free
movement of such data (European Parliament 1995), the Canadian Personal Information
Protection and Electronic Documents Act (2000), the Australian Privacy Act
and Regulation (1988, 2013), and the US Consumer Data Privacy in a Networked
World (The White House 2012). The Family Educational Rights and Privacy Act or
FERPA (2004), a US federal law that applies specifically to the privacy of students’
education records, allows the use of data on a need-to-know basis and provides
parents with certain rights of access to their children’s education records. In parallel
with legislative efforts to protect data, nonprofit organizations have evolved that
defend users; digital rights, including the Electronic Frontier Foundation and Privacy
Rights Clearinghouse in the United States.
The European legislation plays a special role since it deals with the necessary
interplay of national, EU-based, and international regulations. The transfer of personal
data between countries in the EU is necessary in companies’ and public
authorities’ day-to-day business. Since conflicting data-protection regulations
might complicate international data exchanges, the EU has established common
rules for data protection, the application of which in each EU country is monitored
by national supervisory authorities.
The European data protection legislation considers the protection of personal data
a fundamental right. The current EU law is the 2018 General Data Protection
Directive, which applies to countries of the European Economic Area (EEA) (i.e.,
all EU countries plus Iceland, Liechtenstein, and Norway). The directive seeks a
high level of protection of individual privacy and to control the movement of
personal data within the European Union, whether the data is collected and
processed automatically (in a digital form) or in non-automated ways (traditional
paper files). Each member state is to apply the provisions nationally (cf. Steiner et al.
2016). The main purpose of the GDPR is to protect all EU citizens from privacy and
data breaches in an increasingly data-driven world.
In the context of schools and small- to medium-scale universities, data protection
might have played a subordinate role in the past, but this must change. If you want to
read more about data protection and ethics, in http://www.learning-analytics-tool
box.org/data-protection/ you can find Kickmeier-Rust and Steiner’s (2018) summary
of key aspects and advice for how to address the requirements in a
practical way.