Remote Teaching: Choosing Your Tools
The Back to Basics: Data Responsibility for Remote Teaching Series provides a foundation to base constructive dialogue regarding data privacy and protection for remote teaching. This series will get you up to speed on what you need to know on data privacy and responsibility. The first part of this series looked at Personal Data in Remote Teaching.
However easy or difficult the transition to online teaching may be, it’s critical to take stock of your data practices. Working in new education environments, using new technology, and adapting teaching processes can all have serious implications for your data responsibility. One of the main areas of change that have occurred during the Coronavirus (COVID-19) crisis is the introduction of new digital tools into the process of teaching.
This article covers the process of assessing data privacy and protection obligations when using digital tools. In large institutions digital tools are assessed and vetted by a dedicated team of experts and that is why it is always recommended that you use tools provided by the institution.
Whether or not you are a part of the team that is tasked with assessing the data privacy and protection of your institution’s digital tools, understanding the underlying elements and concerns will enable you to incorporate data responsibility into your teaching and daily life. It will also allow you to actively participate in discussions about the tools that you would like to use or have been provided. A key part of#dataresponsibility at the Centre for Innovation is empowering people to integrate it into their work.
What kind of personal or sensitive data can digital tools generate?
In our first piece of the Back to Basics Series we covered the definitions of personal, sensitive, and confidential data. We explored situations when teachers might encounter this data while remote teaching. Not only will remote teaching generate those data points but also metadata — the data generated about, or describing other data.
Metadata is the data that indicates when you sent a message or an email, for instance, but does not include the actual content of that message or email. Among other data points it includes the channel, when, who, and how of a communication. While these data points might feel initially superficial, they tell more than you’d think.
In general, the ways in which data are generated and might be collected can be broken down into three main categories:
- Volunteered data (e.g. actively submitted information)
- Behavioural data (e.g. how you use the tool)
- Other data (e.g. device and system data)
Be aware that these tools collect and generate more data than you think – keeping this in mind you can be more aware the next time you are using them.
Communication Platform Data
In our recent study on messaging platforms, the Secure Communications Report, the Centre for Innovation identified up to nine categories of data generated when using such platforms:
- Personal Data: Including data such as profile name, address book, profile picture etc.
- Usage & Log Data: Including performance logs, features used, last use of service etc.
- Device Data: Including hardware model, operating system, app version etc.
- LocationData: Including cell tower location, IP address geographical location, nearby devices etc.
- Network & Connection Data: Including mobile network, Internet Service Provider (ISP) etc.
- Payment & Transaction Data: Including payment receipts, credit card number, cardholder name, etc.
- Other Identifiers: Including other ID’s (OpenID, UnionID), Facebook Unique identifiers, etc.
- Cookies: Including collecting data from other cookies present on the device.
- Third Party Data: Including data from other users about the data subject, purchasing from other third-party providers, etc.
What happens to this data?
This data can be used for targeted advertising, optimised searches, data management and platform diagnostics. Additionally, collecting and storing metadata makes working with any data easier as it allows for efficient categorisation, sharing, searching and use of data.
Data Minimisation is a principle listed in the General Data Protection Regulation (GDPR) that explains that data should only be collected when it is adequate, relevant, and limited to what is necessary for the purpose.
Organisations can work together with companies to negotiate the amount of data they collect and reduce this through data processing agreements (DPAs). Strong agreements will ensure that any data collected is carefully stored and will be deleted upon request.
As a teacher you can implement data minimisation into your ways of working. For example, ask yourself whether you need to record a class or ask students to keep their cameras switched off. For more information about setting up your remote teaching you can look at the Teaching Support Gateway.
What can you do as a teacher when using digital tools to teach remotely?
If you believe you’ve found a tool that would be relevant for teaching at your institution, reach out to your relevant contact within your organisation and have them check the tool in regards to its usefulness for the organisation but also assess its privacy implications. There may be some processes in place at your organisation to procure new tools – make sure to follow them.
If you are a teacher at Leiden, you can ask all your remote teaching related questions via the ISSC HelpDesk Remote Teaching Tile.
The WIRED Guide to Your Personal Data (and Who Is Using It) (Wired)
Information about you, what you buy, where you go, even where you look is the oil that fuels the digital economy.
Tip Sheet on the Responsible Use of Online Conferencing Tools (ICRC)
Recent changes to working conditions have increased the use of online conferencing tools throughout the humanitarian sector. These conferencing technologies are invaluable when face-to-face meetings are impossible, but they also pose a significant information security and data protection risk when not used responsibly. The International Committee of the Red Cross (ICRC) Data Protection Office, the International Federation of Red Cross and Red Crescent Societies, and the Centre for Humanitarian Data have developed this tip sheet to support the responsible use of online conferencing tools by humanitarians around the world.
Secure Communications Platform Report (Centre for Innovation)
Developing a Framework for Assessing the Metadata of Communication Platforms
As a part of the Free Press Unlimited Publeaks project, the Centre conducted research into the metadata risks surrounding the use of communication platforms such as WhatsApp, Signal and Facebook Messenger.
Data Responsibility in Education - How can the Centre for Innovation help?
Staff trainings on sensitive/personal data and tool use in education
Virtual trainings on topics such as: “What is sensitive/personal data” or “How to use tools in a way that protects sensitive/personal data”
Personalised training and advice for management on data responsibility oversight
Topics include: How to empower your staff to make good decisions, how to use the Holistic Data Responsibility Framework in your workplace
Data Responsibility strategy drafting, advice and review
Could include: Reviewing existing strategy, identifying gaps in guidance & policies, recommendations for implementation
Get in with us touch at: c4idataprotection[at]sea[dot]leidenuniv[dot]nl