Abstract:

The aim of my contribution to the ICERI2014 conference will be to analyze the privacy issues in online learning systems and discuss them in relation to the legal framework in Europe, taking into account the next step forward.

The impact on learning systems of the proposal of new privacy regulation in Europe, along with the adoption of guidelines in cloud systems contracts, should be the core subject of this study.
Specific attention will be drawn on the contract and service license agreements between the institution (school or business) and the cloud providers and towards end-user (learners) and the use of privacy policy.

From the legal perspective, the intellectual property and privacy issues are the more relevant in this field nowadays: my analysis will the focus on the latter and its relations with security and trust.

The increasing demand of online learning systems as school and business tools is allowing service providers to develop sophisticated tools. While the technology is allowing more and more interaction between the pupils and the teacher, many of these aren’t aware of the issues related to security and privacy of their data. Furthermore, trust between co-learners and towards the institution that deliver the online course rely heavily on the security features embedded in the platform.

The availability and disclosure of information is also a matter of trust. Anonymity could offer a better privacy protection but could also diminish trust, mostly in collaborative work’s environment. The attribution and control of the identity of the parties involved is also important and will be increasingly complex to deal with the use of mobile devices to access the learning systems.

Nowadays are also available webcam or wearable sensor which allows simulated session in specific fields (e.g. health and surgery or aviation learning) and could gather a lot of sensible data, their application in online learning systems would necessitate to specific measures in order to avoid misuse or data-leaking.

The competing need of evaluation and tracking of the learner’s activity from one side can be fulfilled building systems privacy-compliant since their first development.

In the proposal of regulation from EU, which will replace the Directive 95/46, the EU Commission is willing to embrace the Privacy By Design approach (PBD): the implication on e-learning systems will be discussed in the final paper.

The use (and abuse) of cloud computing services is spreading in each sector of economic activity and learning field is no exception. The subtlety and specifications of this technology is particularly relevant since the easiness to interact also on mobile devices. Mobile devices access is a feature that poses many dangers in terms of privacy. The Art. 29 Working Group, gathers the privacy Authorities of the European member states, on Opinion 05/2012 on Cloud Computing published as document WP 196 in early July 2012, discussed the risks of this technology. On June 26, 2014 the EU Commission delivered the Cloud Service Level Agreement Standardisation Guidelines drafted by the Cloud Select Industry Group, which should be helpful to providers and users to fully explain and understand the legal content of their agreements. The impact of these different types of European initiative on e-learning systems needs to be fully deepened.

Keywords:

Privacy, trust, security, consent, identity, mobile devices, cloud computing.