From the code of practice for learning analytics:
- “The data sources, the purposes of the analytics, the metrics used, who has access to the analytics, the boundaries around usage and how to interpret the data must be explained clearly to staff and students”
- “Collection and use of data for [new purposes] may require further measures, such as data protection impact assessments and obtaining additional consent”
Because health-related applications involve special category data, the legal standards for transparency and consent (if that is the chosen legal basis) are likely to be stronger than for learning analytics.
Individuals must be informed which data will be used for wellbeing and mental health purposes. This may be done through a privacy notice at the time of collection and/or through additional communications before data are used; where information is received from third parties individuals must be informed before it is used, and at the latest one month after it is received. Such notices and communications also provide an opportunity to explain that institutions have responsibilities beyond just teaching.
The Information Commissioner’s Office has guidance on the content of privacy notices. All notices and communications must be written so as to enable individuals to make informed choices. Special care is needed to ensure clarity and fairness when addressing those under 18: in particular, when providing information about the processing and its consequences, offering choices to individuals, and explaining the rights they have and how to exercise them.
As well as transparency to individuals, institutions can also build trust and confidence more widely by being transparent about how they design and review their processes and systems.
Publishing data protection impact assessments, purpose compatibility assessments and records of processing activity can demonstrate both that the institution is thinking very carefully about what it does, and that it is providing important support services while minimising the risk to individuals.
Whereas learning analytics will generally be based on data about the learning process, for wellbeing and mental health a wider range of data sources may contain relevant information.
This is likely to include both environmental indicators of when a student may be in a stressful situation and behavioural ones that suggest they may not be coping. Particular care must be taken to inform individuals if unexpected data (eg finance) are incorporated into wellbeing models or processes, and to enable them to check and correct this information.
Such data should always have a plausible, and explained, connection to wellbeing and mental health, not just a statistical correlation. For example, financial difficulties might well be a factor in reducing a student’s wellbeing. In addition, the original reason for collecting/obtaining the data must be compatible with the new purpose of offering wellbeing/mental health interventions.
This requirement is likely to be met where information is already used to provide individual academic or health support, but less so where information was originally collected for statistical, or other, purposes. For example, if you already provide additional support to students with no family experience of higher education then wellbeing support is more likely to be a compatible purpose than if you only collect that information for statistical reporting.
Where the original purpose is not compatible with wellbeing, the privacy notice must first be changed; only data collected after the notice is changed may then be used for the new purpose.
Transparency is likely to be a particular challenge where institutions receive information from third parties since these may offer limited, or no, control over privacy notices. Regular sharing of data with third parties should be covered by a data sharing agreement.
Annex B: purpose and transparency for wellbeing and mental health analytics (pdf) has a more detailed discussion of how to assess purpose compatibility and the need for notification.
Before including a particular data source into a wellbeing/health analytics model, institutions must therefore consider:
- How privacy notices will be provided
- (For existing data) whether wellbeing/health is compatible with the purpose(s) for which the data are currently collected
- How they will ensure the data are accurate (see validity)
- How students can exercise their legal rights over their data (see access)
Where a basis other than consent is used, institutions should have a policy document that sets out the legal basis/bases for the processing and describes how the processing satisfies the data protection principles. In particular, this document must state how long wellbeing/health data will be retained for, and how it will be erased. The institution must be able to demonstrate that it is complying with this retention and erasure policy, and that the policy document is being reviewed regularly and updated as necessary. The Information Commissioner’s guide to special category data has more information on when this “appropriate policy document” is required and what it should contain.
If consent is used as a basis for processing (eg for installing a wellbeing app, providing additional data, or informing a tutor of contact with a counselling service) there must be a separate “express statement of consent” to the use of health data for each purpose. So a student who volunteers health information in requesting special examination or lecture arrangements, for example, must have a separate choice whether or not that information is also used in wellbeing assessments.
Step four of Annex A: data protection impact assessment template for wellbeing and mental health analytics (pdf) discusses when consent will and will not be an appropriate basis for processing and the alternatives that exist.
Withdrawal or objection
Where the legal basis for wellbeing/health processing is consent, individuals always have the right to withdraw their consent at any time. Note, however, that so long as a statistical model does not contain personal data, such a withdrawal should not extend to requiring a model to be recalculated.
In other cases – except where institutions have a legal obligation to process health information, or when there is a threat to life and the individual is incapable of giving consent – individuals are likely to have a right to object.
Formally, this only requires the institution to consider whether the individual’s personal circumstances mean the processing places them at higher risk. Where the processing is intended to support the individual’s wellbeing and mental health, it may be better to treat such objections as a simple opt-out, and record that the individual’s data should not be used either for developing systems and processes or for providing personalised treatment. There is unlikely to be any benefit to the institution or to others that justifies continuing to process for wellbeing against an individual’s wishes. Since wellbeing support is designed to benefit the individual, institutions may wish to reflect on why such support was refused.