Date post: | 02-Jun-2015 |
Category: |
Education |
Upload: | christian-grune |
View: | 1,196 times |
Download: | 0 times |
Data Protection / Privacy in Moodle
Workshop @ 4th International Austrian Moodle Conference
Christian Grune | Humboldt-Universität zu Berlin
Aims / Agenda
• Present & discuss critical issues for data privacy in Moodle
• Discuss practical & economical solutions for customizing Moodle to meet various expectations
• Prepare a model and roadmap to additional configuration options at 2 levels:
• site level
• user level
What we do NOT
• Discussing the pros & cons of law issues and data protection practice
• Discussing local policies - they are and should be different!!
• We’re not afraid - Data protection don’t kills Moodle and configuration is possible!
Basics of Data Protection
• “right to be left alone” - users should decide, for what purpose the data is used (when not required for the service) and should have the ability to configure personal profile data and influence the apearance/presentation of the user in the system
• transparency - information about the use of the data from the service provider should be clear and understandable
• right to object - request for deleting data by users (but with the consequence of refusal of access)
• principle of adequacy - just track the data needed for service
• time limits for saving the data - “date of expiry” for saved data
Status Quo
• Moodle is prepared and transparent!
• The new right management is a good basement for further discussions
• Some things need to be done:
6 different types of data
• Log Data
• Activity Reports
• Statistics
• Real Time Data, Awarness and Status Information
• Grades
• Personal Profile
1
2
1) Prevent access to Logdata for Non-Admins
2) Prevent access to Live logs for Non-Admins
Activity Reports / Course View
3
3) Presentation for non-admins reduce to:Outline reportComplete reportStatistics
Activity Reports / Teilnehmersicht
Prevent non-admins from access to:Today’s logsAll Logs
User Profile
4
5
6
7
4) Don’t show courses
5) Don’t show last access
6) Don’t show roles
7) Don’t show “Login as” - (role management)
Statistics
8
8) Prevent non-admins from access to Links and access to logdata
Participants
9
10
9) Don’t show inactive users.
10) Don’t show last access for non-admins
Exclude logs from backup
11
11) Exclude logs form backup for non-admins
No access to backups at all
Block Online Users
12
12) Make Online Users customizable by users
- additional option in user profile ( a la email): Option im Profil ähnlich wie Email einfügen(Sichtbar Moodle-weit, für Kursteilnehmer, gar nciht)- additional checkbox at login: show online status
NOTE: If own status hidden, then status of other users should be hidden too!!
Administration/Modules/Block/Online Users
Block Recent Activities
13
13) Option for configuration: of online status is hidden, don’t show the user here!
Display Students in Course Lists
Configuration option: Show me in the course list to other users
Other Issues?
International Projects
(different policies)
How do we proceed?
• Up to U!
My proposition
• Sort things: What can be done with role definitions, what not?
• What options do we need at site level?
• What options do we need at user level?
• What options do we need at course level?
• Outline for a roadmap - how to integrate in Moodle
• Who ist responsible? Do we need money?
• Technical roadmap & non-technical Information