Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier

As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property. Two parallel developments in academic data collection are converging: (1) open access requirements, whereby researchers must provide access to their data as a condition of obtaining grant funding or publishing results in journals; and (2) the vast accumulation of 'grey data' about individuals in their daily activities of research, teaching, learning, services, and administration. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities are exploiting these data for research, learning analytics, faculty evaluation, strategic decisions, and other sensitive matters. Commercial entities are besieging universities with requests for access to data or for partnerships to mine them. The privacy frontier facing research universities spans open access practices, uses and misuses of data, public records requests, cyber risk, and curating data for privacy protection. This paper explores the competing values inherent in data stewardship and makes recommendations for practice, drawing on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.Comment: Final published version, Sept 30, 201

An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies

A dominant regulatory model for web privacy is "notice and choice". In this model, users are notified of data collection and provided with options to control it. To examine the efficacy of this approach, this study presents the first large-scale audit of disclosure of third-party data collection in website privacy policies. Data flows on one million websites are analyzed and over 200,000 websites' privacy policies are audited to determine if users are notified of the names of the companies which collect their data. Policies from 25 prominent third-party data collectors are also examined to provide deeper insights into the totality of the policy environment. Policies are additionally audited to determine if the choice expressed by the "Do Not Track" browser setting is respected. Third-party data collection is wide-spread, but fewer than 15% of attributed data flows are disclosed. The third-parties most likely to be disclosed are those with consumer services users may be aware of, those without consumer services are less likely to be mentioned. Policies are difficult to understand and the average time requirement to read both a given site{\guillemotright}s policy and the associated third-party policies exceeds 84 minutes. Only 7% of first-party site policies mention the Do Not Track signal, and the majority of such mentions are to specify that the signal is ignored. Among third-party policies examined, none offer unqualified support for the Do Not Track signal. Findings indicate that current implementations of "notice and choice" fail to provide notice or respect choice

ePortfolios: Mediating the minefield of inherent risks and tensions

The ePortfolio Project at the Queensland University of Technology (QUT) exemplifies an innovative and flexible harnessing of current portfolio thinking and design that has achieved substantial buy-in across the institution with over 23000 active portfolios. Robust infrastructure support, curriculum integration and training have facilitated widespread take-up, while QUT’s early adoption of ePortfolio technology has enabled the concomitant development of a strong policy and systems approach to deal explicitly with legal and design responsibilities. In the light of that experience, this paper will highlight the risks and tensions inherent in ePortfolio policy, design and implementation. In many ways, both the strengths and weaknesses of ePortfolios lie in their ability to be accessed by a wider, less secure audience – either internally (e.g. other students and staff) or externally (e.g. potential employees and referees). How do we balance the obvious requirement to safeguard students from the potential for institutionally-facilitated cyber-harm and privacy breaches, with this generation’s instinctive personal and professional desires for reflections, private details, information and intellectual property to be available freely and with minimal restriction? How can we promote collaboration and freeform expression in the blog and wiki world but also manage the institutional risk that unauthorised use of student information and work so palpably carries with it? For ePortfolios to flourish and to develop and for students to remain engaged in current reflective processes, holistic guidelines and sensible boundaries are required to help safeguard personal details and journaling without overly restricting students’ emotional, collaborative and creative engagement with the ePortfolio experience. This paper will discuss such issues and suggest possible ways forward

The Platformisation of the European Mobile Industry

This paper argues that the structure of the mobile communications industry is being decisively affected by 'platformisation', yet in a present context of strong 'platform ambiguity'. It introduces the concept of gatekeeper roles to compare current mobile platform initiatives, and proposes a typology of platforms to characterise the various models encountered.Mobile Platforms, Business Models, Gatekeeping, Platform Typology

User-Generated Content and Virtual Worlds

Many legal commentators have claimed that virtual worlds owe their popularity to their focus on user-generated content and user creativity. While this is true in part and authorial freedom may draw consumers to virtual worlds, user-generated content can also pose risks to virtual world business from both an aesthetic and legal perspective. A significant tension exists between permitting participants to create content freely and building a successful virtual environment. In some instances, user-generated content can overwhelm virtual worlds. The future of user-generated content in virtual worlds is not clear, given the significant practical and legal problems that accompany user-generated content

A literature review of the use of Web 2.0 tools in Higher Education

This review focuses on the use of Web 2.0 tools in Higher Education. It provides a synthesis of the research literature in the field and a series of illustrative examples of how these tools are being used in learning and teaching. It draws out the perceived benefits that these new technologies appear to offer, and highlights some of the challenges and issues surrounding their use. The review forms the basis for a HE Academy funded project, ‘Peals in the Cloud’, which is exploring how Web 2.0 tools can be used to support evidence-based practices in learning and teaching. The project has also produced two in-depth case studies, which are reported elsewhere (Galley et al., 2010, Alevizou et al., 2010). The case studies focus on evaluation of a recently developed site for learning and teaching, Cloudworks, which harnesses Web 2.0 functionality to facilitate the sharing and discussion of educational practice. The case studies aim to explore to what extent the Web 2.0 affordances of the site are successfully promoting the sharing of ideas, as well as scholarly reflections, on learning and teaching