Learning analytics privacy policy

How we will store and process your institution’s student data streams to provide your learning analytics solutions.

This is in addition to the standard Jisc privacy policy.

Geo-location data

Processing of geo-location data to record presence and attendance at learning events:

  • An opt-in approach to attendance recording is used to capture the geo-location of the device used by students to check in to each learning event, such as a lecture.
  • Using a data minimisation approach the geo-location data is obfuscated on a regular basis and a measure of the student’s proximity in relation to other students attending the same event is calculated.
  • The obfuscated proximity data is not stored in the Learning Data Hub (LDH). It is securely stored in the application database of the learning analytics architecture and used for data visualization purposes only.
  • The obfuscated data can be requested via a support call to help@jisc.ac.uk, if required.

Opt-in for capture of geo-location data

The opt-in for capture of geo-location data happens at two levels:

  • Institutional level - An institutional customer instructs us to capture geo-location data for attendance monitoring purposes.
  • Individual user level - individual students allow the Study Goal app to access geo-location services on their device.

By enabling geo-location services, the student is giving their consent for this data to be used so that we can deliver a value-added service to them.

If a student does not activate geo-location services on their device, then there are alternative ways to record their attendance that do not require them to use the Study Goal app.

Because alternative ways of recording attendance are offered, we are confident that students are able to give their free and informed consent.

Data obfuscation

The geo-location data in the learning analytics service has been obfuscated so it is altered by a randomised value. This means that students who register for attendance at a lecture in Leeds may be recorded as being present in Paris, or further afield, depending on the obfuscation value that's used. The data therefore has referential integrity to show that a cluster of students were present in the same place at the same time, but the data does not bear any relation to their real-world location.

The obfuscated data can be returned to the customer in a readable format such as JSON, which can be opened in Excel or as a text file. The returned data would still have referential integrity so the institution would be able to see the location of students in relation to each other, but the data would not show students actual real-world location.

Data obfuscation vs pseudonymisation

Pseudonymisation involves taking the most personally identifying fields within a dataset and replacing them with artificial identifiers, or pseudonyms. For example, a name can be replaced with a unique number.

Data that has been obfuscated retains the characteristics of the original dataset but it has been transformed so that no one viewing it would be able to reverse-engineer it.

Storage and retention of obfuscated data

Obfuscated geo-location data is retained in line with our overall approach to retaining attendance register data, which is that we can hold it for a maximum of seven years. The seven year figure is because some degree course can take that long to complete. An institution can request that we delete obfuscated geo-location data and register data more regularly. An annual basis is most feasible.

We took the decision to store obfuscated geo-location data in the mongo application database rather than in the LDH because we recognised that geo-location data is some of the most sensitive data we hold. By storing this data in the application database we can more tightly restrict institutional user access to it. This would be more difficult to achieve if it was stored in the LDH where a larger range of institutional users would have access to it and could use it for purposes other than delivering a learning analytics service. We are not concerned at this point that an institution would use geo-location data for other purposes. If that situation did arise, we would obviously raise it as a non-compliance issue with them.