JISC

This study has investigated how the JISC Information Environment (IE) may make use (or should be developed to make use) of adaptive personalisation to enhance the user experience. It has specifically considered the ways in which infrastructure established to support the UK Access Management Federation (the UK federation) could support adaptive personalisation of JISC services, and the potential privacy and legal barriers to such use.

Executive Summary

This  final report brings together the various elements already conducted, and presents a coherent analysis and synthesis of the results. The audience for this document is wide; it includes JISC, the JISC content services, institutions, the JISC Advisory Services and further. The recommendations presented are primarily directed toward JISC.

This study comprised 3 key phases:

Landscape investigated the landscape of personalisation of online resources for education and research. It was undertaken based on a review of available literature and on interviews with key stakeholders from JISC services, institutions, JANET(UK) and other interested parties.

Foresight investigated how the environment surrounding privacy and personalisation may develop in future, covering both how current HE and FE students regard privacy and self-disclosure online, and how personalisation might be used in a range of future scenarios.

Analysis and reporting a range of use-cases for personalised services have been generated and expressed as proposed demonstrators, based on the results of the landscape and foresight elements. This report ties up all the related strands of the project, and presents an overall view.

We brought together a wide range of experts to collaboratively build a small number of future scenarios for the education and research sector. The intention was to explore, not predict, possible futures. The exercise was successful in that it led to some insight as to different ways that the use of personalisation to enhance services in the sector might transpire. Reading through the scenarios in Annex A (p. 89 of the report) and our analysis at sub-section 6.4 (p. 58 of the report) is the best way for the reader to consider their personalisation plans in different future scenarios.

A vision for JISC

It seems most appropriate for JISC to leave the development of personalisation to those who provide services currently, and to those who can develop useful functionality based on existing content.

The role of JISC should be to create an environment which is conducive to the development of personalisation, encouraging interfaces which allow others to easily re-use information in their own systems. Seeing personalisation as just another function, service providers will need to make balance-of-investment decisions to decide whether to develop personalisation functionality or any other functional improvements which will improve their services.

For this reason, the majority of the demonstrators which we propose (at Section 8) are intended to help build the infrastructure which will facilitate easier personalisation, rather than to develop personalised systems directly.

We believe that an environment which is conducive to the development of personalised services will have the following features:

• diverse and ubiquitous sources of data on resources and users, with standards to support interoperability
• flexible, extensible platforms for delivering services
• services with flexible/permissive objectives and funding to experiment with new functionality
• a clear approach to acknowledging and addressing privacy and disclosure concerns
• trustworthy services
• effective channels for sharing ideas, processes and good practice
• recognisable/identifiable users
• a relentless focus on defining, realising and measuring benefits, particularly end-user
  benefits

Concept of personalisation

Personalisation as a top-level concept (making the service adapt to the user, rather than forcing the user to adapt to the system) seems intuitively desirable. However, discussion of  'personalisation' - and even terms such as APOD, APUA and customisation2 - neglects important differences between similar functions, and the elements involved in delivering personal services.

We conclude that:

Personalised services should be considered in terms of their elements:

• a source of data about the user
• 2 Adaptive Personalisation based On Data held elsewhere (APOD), Adaptive Personalisation based on User Activity
  (APUA) – see sub-section 1.5
• a user model consisting of properties of a user, and the logic which infers properties from known data functionality which puts the user model to use

We recommend that:

• JISC should fund enhancements in functionality, rather than personalisation per se. (R1)
• Personalisation development should consider each element of the above model explicitly.
  (R2)
• JISC should consider overlap between development work and fundamental research in the fields of computer science and artificial intelligence. (R3)

Benefits of personalisation

This report has considered how to investigate the potential benefits of any planned development work, rather than to produce a complete set of possible benefits.

We conclude that:

• Broadly speaking, a range of direct benefits could be realised by delivering personalised services
• Personalisation is not a benefit in itself. Benefits should be considered in the context of specific developments - the desired outcome should not be "providing personalised services"
• It is necessary to link development to desired outcomes through direct benefits and strategic benefits
• Development work which is intended to deliver these benefits must consider how to evaluate whether they have been achieved.
• Development must be approached from the context of desired outcomes, which are often at a level which makes their direct measurement impossible.

We recommend that:

• Development projects and programmes should include a clear methodology for evaluating their benefits. (R5)
• JISC should actively compare proven benefits to forecast benefits to inform future work. (R6)
• Improved “user experience” or functionality should be explicitly linked to desired outcomes when planning development work. (R7)
• JISC should focus neither on attempting to tailor outputs from resources for users with specific disabilities, nor on asserting these disabilities through attribute sharing. Specific tailoring of resources is less useful than the provision of accessible resources (which can be used on any output device). (R8)

Students' perceptions of personalisation

Focus groups were conducted with students from colleges and universities to understand better their awareness and attitudes to personal information disclosure, and their views of the potential benefits of personalisation.

We conclude that:

• Most students do not immediately see the benefits of personalisation - a service provider will need to sell the benefits of personalisation functionality.
• Undergraduate and FE students had concerns regarding inappropriate categorisation; they observed that they had a broad range of courses; they did not believe that the profiling techniques employed by Amazon or eBay would be beneficial within the context of educational resources.
• Due to the narrower focus of research students, there appears to be a clearer benefit (to the individual) for developing profiles for them.

Students' privacy and disclosure concerns

The students questioned were typically familiar with internet resources for education. They have complex views of privacy, and take a range of approaches to maintaining their privacy online.

We conclude that:

• Since online activities play such a fundamental role in all aspects of their lives, students acknowledge that it would be impossible to remove all risks associated with disclosing personal information
• They had not yet personally been exposed to data misuse issues but thought they would be more concerned if they had.
• They are aware of the possible dangers and are careful about information release by making informed judgements
• They have concerns about data accumulation and data linking - but the concerns are only expressed when prompted, and so may be “off-radar”
• Importantly, students place their trust in their college or university. They either think that they have no alternative to disclosing information to their institution, or believe that the institution will not misuse the information
• Students are also willing to authorise their institution to make some further disclosure decisions. They also see a very clear division between the use of their personal information for academic as opposed to non-academic purposes.
  Execut

We recommend that:

• JISC should consider funding a scoping study for the development of privacy-enhancing technology, process and good practice. (R15)
• JISC should maintain an understanding of student perceptions and attitudes regarding privacy and trust. (R16)

Building trust for more personalisation

We have developed a set of key messages from our analysis of privacy and trust issues for personalisation, from the perspective of institutions, service providers, JISC and users. These are set out at sub-section 5.5 (p. 53). Useful sources of privacy guidance are given in Annex C.

We conclude that:

• Personalisation typically requires users to trade personal information for a service being more tailored to their needs, and trust facilitates this disclosure
• Personalisation is little different from other types of personal information disclosure
• Trustworthy behaviour from service providers, provision of user controls and requests for consent, and adept responses to incidents will help build trust.

We recommend that:

• JISC should develop a privacy policy with good practice guidance to advise projects and services. (R14)

The JISC Information Environment

The JISC IE was the focus of this project, and most of our conclusions and recommendations are applicable across it. JISC must address the level of control which they wish to assert over the development of personalisation, and whether the IE is a broad set of goals, or a technical infrastructure.

We conclude that:

• Within the education and research sector, there are currently very few examples of the use of personalisation based on inferential user models.
• The development of inferential user models is complex; providing functionality using them demands a detailed and specific understanding of the resource which the user is attempting to access. JISC-funded content services do not currently have this
  understanding.
• In the majority of cases, personalisation is about functionality of service providers, and has limited relevance for the wider IE – at least as far as the IE is seen as a collection of tools and standards which promote interoperability.
• Some approaches to delivering personalised services require a common approach to their implementation, when information is shared between services (or between the user and services by a central broker). For these-cases, it is helpful to consider the approach across the IE.
• Data which may be shared between services or between an IdP and an SP will be an additional data source for any complex user model; it will not by itself facilitate personalised services.
• The intent to make services more usable and more functional is a good one. Providing this should not be seen as “bolt-on” extra personalisation functionality, but should rather be viewed as an intrinsic part of ongoing service improvement.

We recommend that:

• At present, JISC should focus on the development of simple (rather than complex) personalisation, using limited and well-defined information about individuals. (R4)
• At present, JISC should not aim to develop complex “personalisation services”. (R9)
• JISC should focus on creating an environment which supports personalisation, rather than on developing personalised services directly. (R13)
• An IE-wide approach to personalisation should be considered only at the time when there is widespread demand for shared data. (R10)

The UK federation

The infrastructure developed to support the UK Access Management Federation for Education and Research has great potential for sharing user information between institutions and service providers, and for easy identification of returning users. This potential must be tempered by the privacy, legal, and cost/benefit issues surrounding such uses.

We conclude that:

• The UK federation has the potential to support personalisation, both through identifying users uniquely, and by transferring extended information regarding users.
• There is no current demand for extended attributes for personalisation, and consequently no current demand for the UK federation to standardise specific attributes for personalisation.
• Current UK federation rules and recommendations are highly averse to the sharing of extended user attributes, emphasising the risks without discussion of the potential mitigations. Leadership from JISC will be required to start a discussion on wider and more permissive sharing.
• Importantly, the line between recommendation and policy is blurred, and the edge of the sphere of responsibility for the federation is not clear: if, for example, two federation members undertake a bilateral transfer of information using technology which supports the federation, is this covered by the rules and recommendations?
• In many cases whether processing of personal information is permitted under the Data Protection Act comes down to a matter of judgement. Making these judgement calls entails a degree of risk/benefit trade-off; even after extensive legal advice it is always possible that an activity will prove to be illegal, or will prove controversial regardless of its legality. This flexibility and subjective decision-making is not adequately addressed within the federation documentation.
• There will be additional legal concerns considering the transfer of information internationally, especially outside of the European Economic Area. Such transfers are outside the scope of this project.

We recommend that:

• JISC should fund a project in academic year 2009-2010 to support the development of data protection policies within institutions in the context of federated access management (which should be well-established on this timeframe) and the increasing importance of shared services. (R11)
• User attributes shared through the UK federation should be restricted to clear and discrete properties of a user, rather than expressing preferences or compound properties. (R12)
• The UK federation should consider the limits