We presented a paper around student vulnerability as an interpretative lens for consideration of student control and choices around uses of their data within higher education. Background given on general lack of clarity and policy with HEIs. Range of consent options available (we use all your data and tell you nothing -> we tell you everything and cannot use your data unless you tell us we can). But consent is tricky to get right. Range of factors which impact on how students understand/engage with the issues: how consent is presented (opt in as opposed to opt out); transparency of issues/options; presentation of options (length, language, even font), etc.
Examination of TOCs of 3 major MOOC providers suggested a framework for discussion:
Questions posed 1) do workshop participants agree? 2) how can these be put into practice (at scale)?
1. Reciprocal care: about the power balance between students and their institution. The institution should be responsible and transparent about its purpose for using student data: TOCs must be visible/understandable. Students take responsibility for their own data being current/complete/correct.
2. Contextual integrity of privacy and data: must maintain a record of the original context and make this available for scrutiny. As data becomes aggregated and revised is important to retain the original context and purpose.
3. Student agency and privacy self management: there is an asymmetric power relationship between student and their institution. Student must be aware of the circumstances under which their personal information is used to tailor their curriculum and the services/support offered to them. Institutions must consider offering more than a basic process where registration = consent.
4. Rethinking consent/employing nudges: making consent more meaningful/valuable to students. Make clearer what benefits there are in sharing data. Are students willing to share with the right incentives?
5. Partial privacy self management: Define which services a student can/is opting into/out of – clarity of consent/purpose. Eg I can choose not to engage with ‘a’ but am happy to have my info used for ‘b’
6. Privacy timing/focus: data can be reused years after its original purpose. Institutions must be clear what data can be saved and reused later (and why). Setting clear restrictions with a specific focus on timeframe/purpose.
7. Substances v neutrality: rules/legislation can be constraining/incomplete/insufficient/too late but substance/clarity/boundaries always needed. Need to balance with flexibility to negotiate some issues (soft rules).
8. Moving toward the qualified self: students are more than the sum of their data (quantified self). How can we retain a layer of personal context to ensure that data remains meaningful/relevant/representative at scale? Challenge of sense-making