Processing of geo-location data to record presence and attendance at learning events:
- An opt-in approach to attendance recording is used to capture the geo-location of the device used by students to check in to each learning event, such as a lecture.
- Using a data minimisation approach the geo-location data is obfuscated on a regular basis and a measure of the student’s proximity in relation to other students attending the same event is calculated.
- The obfuscated proximity data is not stored in the Learning Data Hub (LDH). It is securely stored in the application database of the learning analytics architecture and used for data visualization purposes only.
- The obfuscated data can be requested via a support call to firstname.lastname@example.org, if required.
Opt-in for capture of geo-location data
The opt-in for capture of geo-location data happens at two levels:
- Institutional level - An institutional customer instructs us to capture geo-location data for attendance monitoring purposes.
- Individual user level - individual students allow the Study Goal app to access geo-location services on their device.
By enabling geo-location services, the student is giving their consent for this data to be used so that we can deliver a value-added service to them.
If a student does not activate geo-location services on their device, then there are alternative ways to record their attendance that do not require them to use the Study Goal app.
Because alternative ways of recording attendance are offered, we are confident that students are able to give their free and informed consent.
The geo-location data in the learning analytics service has been obfuscated so it is altered by a randomised value. This means that students who register for attendance at a lecture in Leeds may be recorded as being present in Paris, or further afield, depending on the obfuscation value that's used. The data therefore has referential integrity to show that a cluster of students were present in the same place at the same time, but the data does not bear any relation to their real-world location.
The obfuscated data can be returned to the customer in a readable format such as JSON, which can be opened in Excel or as a text file. The returned data would still have referential integrity so the institution would be able to see the location of students in relation to each other, but the data would not show students actual real-world location.
Storage and retention of obfuscated data
Obfuscated geo-location data is retained in line with our overall approach to retaining attendance register data, which is that we can hold it for a maximum of seven years. The seven year figure is because some degree course can take that long to complete. An institution can request that we delete obfuscated geo-location data and register data more regularly. An annual basis is most feasible.
We took the decision to store obfuscated geo-location data in the mongo application database rather than in the LDH because we recognised that geo-location data is some of the most sensitive data we hold. By storing this data in the application database we can more tightly restrict institutional user access to it. This would be more difficult to achieve if it was stored in the LDH where a larger range of institutional users would have access to it and could use it for purposes other than delivering a learning analytics service. We are not concerned at this point that an institution would use geo-location data for other purposes. If that situation did arise, we would obviously raise it as a non-compliance issue with them.
- 1 More details about data pseudonymisation: https://www.pseudonymised.com/
- 2 More details about data obfuscation: https://www.informatica.com/gb/services-and-training/glossary-of-terms/d...