scholarly journals For Learning Analytics to Be Sustainable under GDPR—Consequences and Way Forward

2021 ◽  
Vol 13 (20) ◽  
pp. 11524
Author(s):  
Thashmee Karunaratne

Personalized learning is one of the main focuses in 21st-century education, and Learning Analytics (LA) has been recognized as a supportive tool for enhancing personalization. Meanwhile, the General Data Protection Regulations (GDPR), which concern the protection of personal data, came into effect in 2018. However, contemporary research lacks the essential knowledge of how and in which ways the presence of GDPR influence LA research and practices. Hence, this study intends to examine the requirements for sustaining LA under the light of GDPR. According to the study outcomes, the legal obligations for LA could be simplified to data anonymization with consequences of limitations to personalized interventions, one of the powers of LA. Explicit consent from the data subjects (students) prior to any data processing is mandatory under GDPR. The consent agreements must include the purpose, types of data, and how, when and where the data is processed. Moreover, transparency of the complete process of storing, retrieving, and analysing data as well as how the results are used should be explicitly documented in LA applications. The need for academic institutions to have specific regulations for supporting LA is emphasized. Regulations for sharing data with third parties is left as a further extension of this study.

Author(s):  
Matthew G. Davey ◽  
John P.M. O’Donnell ◽  
Elizabeth Maher ◽  
Cliona McMenamin ◽  
Peter F. McAnena ◽  
...  

Abstract Background Europe’s General Data Protection Regulation, or GDPR, is a set of data protection rules on the acquisition, storage, use, and access of personal data. GDPR came into effect in May 2018 when it was introduced across all 27 European Union (EU) member states and the European Economic Area (EEA). Maintaining compliance with this legislation has presented significant new challenges for ongoing clinical research. Aims To evaluate the knowledge and expectations of patients and doctors regarding GDPR and implications for future clinical research. Methods An anonymous 12-item questionnaire was circulated to patients and doctors at a University Teaching Hospital. Data analysis included descriptive statistics. Results Five hundred nine participants were included: 261 females (51.3%) and 248 males (48.7%). Three hundred fifty were patients (68.8%) and 159 were doctors (31.2%). Three hundred thirty-four participants were aware of GDPR (65.7%): 116 doctors (73.0%) and 218 patients (62.3%, P = 0.018). 71.1% of doctors were willing to allow their personal data to be processed anonymously as part of a clinical research project compared to 43.4% of patients (P < 0.001). 80.2% of patients believed explicit consent is needed before using personal data in clinical research in comparison to 60.4% of doctors (P < 0.001). Level of education impacted awareness of GDPR (P < 0.001); a higher level of education among patients increased GDPR familiarity (P < 0.001), however failed to impact doctor familiarity (P = 0.117). Conclusion GDPR has introduced complexity to the processing and sharing of personal data among researchers. This study has identified differences in the perception of GDPR and willingness to consent to data being used in clinical research between doctors and patients. Measures to adequately inform prospective research participants on data processing and the evolving landscape of data protection regulation should be prioritised.


1976 ◽  
Vol 15 (02) ◽  
pp. 69-74
Author(s):  
M. Goldberg ◽  
B. Doyon

This paper describes a general data base management package, devoted to medical applications. SARI is a user-oriented system, able to take into account applications very different by their nature, structure, size, operating procedures and general objectives, without any specific programming. It can be used in conversational mode by users with no previous knowledge of computers, such as physicians or medical clerks.As medical data are often personal data, the privacy problem is emphasized and a satisfactory solution implemented in SARI.The basic principles of the data base and program organization are described ; specific efforts have been made in order to increase compactness and to make maintenance easy.Several medical applications are now operational with SARI. The next steps will mainly consist in the implementation of highly sophisticated functions.


Author(s):  
Raphaël Gellert

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.


2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
J Doetsch ◽  
I Lopes ◽  
R Redinha ◽  
H Barros

Abstract The usage and exchange of “big data” is at the forefront of the data science agenda where Record Linkage plays a prominent role in biomedical research. In an era of ubiquitous data exchange and big data, Record Linkage is almost inevitable, but raises ethical and legal problems, namely personal data and privacy protection. Record Linkage refers to the general merging of data information to consolidate facts about an individual or an event that are not available in a separate record. This article provides an overview of ethical challenges and research opportunities in linking routine data on health and education with cohort data from very preterm (VPT) infants in Portugal. Portuguese, European and International law has been reviewed on data processing, protection and privacy. A three-stage analysis was carried out: i) interplay of threefold law-levelling for Record Linkage at different levels; ii) impact of data protection and privacy rights for data processing, iii) data linkage process' challenges and opportunities for research. A framework to discuss the process and its implications for data protection and privacy was created. The GDPR functions as utmost substantial legal basis for the protection of personal data in Record Linkage, and explicit written consent is considered the appropriate basis for the processing sensitive data. In Portugal, retrospective access to routine data is permitted if anonymised; for health data if it meets data processing requirements declared with an explicit consent; for education data if the data processing rules are complied. Routine health and education data can be linked to cohort data if rights of the data subject and requirements and duties of processors and controllers are respected. A strong ethical context through the application of the GDPR in all phases of research need to be established to achieve Record Linkage between cohort and routine collected records for health and education data of VPT infants in Portugal. Key messages GDPR is the most important legal framework for the protection of personal data, however, its uniform approach granting freedom to its Member states hampers Record Linkage processes among EU countries. The question remains whether the gap between data protection and privacy is adequately balanced at three legal levels to guarantee freedom for research and the improvement of health of data subjects.


2021 ◽  
Vol 11 (10) ◽  
pp. 4537
Author(s):  
Christian Delgado-von-Eitzen ◽  
Luis Anido-Rifón ◽  
Manuel J. Fernández-Iglesias

Blockchain technologies are awakening in recent years the interest of different actors in various sectors and, among them, the education field, which is studying the application of these technologies to improve information traceability, accountability, and integrity, while guaranteeing its privacy, transparency, robustness, trustworthiness, and authenticity. Different interesting proposals and projects were launched and are currently being developed. Nevertheless, there are still issues not adequately addressed, such as scalability, privacy, and compliance with international regulations such as the General Data Protection Regulation in Europe. This paper analyzes the application of blockchain technologies and related challenges to issue and verify educational data and proposes an innovative solution to tackle them. The proposed model supports the issuance, storage, and verification of different types of academic information, both formal and informal, and complies with applicable regulations, protecting the privacy of users’ personal data. This proposal also addresses the scalability challenges and paves the way for a global academic certification system.


2007 ◽  
Vol 89 (2) ◽  
pp. 70-72
Author(s):  
CN Peck ◽  
MJ Fehily ◽  
DW Howcroft ◽  
DS Johnson

The Data Protection Act (DPA) 1998 became UK law in March 2000, with the purpose of preventing the misuse of sensitive personal data. It imposed legal obligations on all medical and surgical personnel and has implications for training logbooks, audit and research. Previous studies have shown a poor awareness of and compliance with the Act, which gives us rules to follow when handling patient data. The DPA has tighter controls over electronic data than paper-based data due to the rise in the use of computers for holding such information and their potential for abuse. The aim of this study was to assess compliance with the DPA, particularly with regard to electronic logbooks.


Author(s):  
Michael Veale ◽  
Reuben Binns ◽  
Lilian Edwards

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around ‘model inversion’ and ‘membership inference’ attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.


2018 ◽  
Vol 25 (3) ◽  
pp. 284-307
Author(s):  
Giovanni Comandè ◽  
Giulia Schneider

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.


Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.


Sign in / Sign up

Export Citation Format

Share Document