Eindhoven (NL), November 2018 – "Balancing Data Collection and Data Protection" is the topic of the session on Thursday, 06 December from 12:15 to 13:30. Speakers on this panel will discuss their journeys so far into data protection and privacy. They have built GDPR compliance into their systems and tools for higher education and invite you to learn from their tests and triumphs. Legal insights will be offered, too, including a review of the past six months since the new data protection regulation has been enforced, as well as advice on what to expect and how to prepare for 2019. Rens van der Vorst will speak about "The Quantified Student Project".
At OEB you’re going to present the "Quantified Student Project". Could you please tell us a bit about it and your impressions so far?
Rens van der Vorst: Quantified Student is a project based on some simple questions: Can we build a RunKeeper – App for studying? Can we collect quantitative data from students in a non-intrusive way and feed this data back to the students as information? Will this help the students to reflect on their behavior? Will they adapt and become more successful?
For the project, we created a lot of working prototypes. These concentrated on various aspects of student life, from sleep, to alcohol, to exercise, to screentime, to hours-on-campus, to online activity. Other prototypes focused on things like group behavior, Co2, heartrate, and noise. We’ve published information about the prototypes on www.quantifiedstudent.nl, and you can ask us for the code so you can access a better version.
In the project, we also started collecting all kinds of data concerning students and student behavior in a data lake. Think about data on temperature in buildings, on the number of students in the building, the weather, Co2, noise, the cafeteria – sales, water usage, wifi usage, Lux, public transport, and so on. We challenged students studying data science to use this data and our tools to find patterns or predict behavior that helps us improve the educational process.
We did some nice side projects in which we researched questions such as whether it’s possible to calibrate students; whether a prediction can be made about when their concentration is declining; whether they can be warned; whether the relation between sleep and study can be identified; whether interventions are possible, and so on.
All projects had some simple design principles:
- All projects are done by a combination of teachers, companies, students, the IT department, and professors. Even if a project fails, a lot of people have still learned a lot or even earned some ECTS points;
- Privacy is key. We work within the law;
- There’s no academic discussion at the start of the project. We just do it. We will learn as we go
- There’s no "big brother" or "big mother". All personal data that is collected is fed back to the students and the students only. We will never look at their data unless they decide to show it to us.
This year we are bringing some of the most promising prototypes and data lake solutions to our production environment. We will make them available to our 50k+ users.
How will Europe’s GDPR regulations affect your university, and what is your compliance strategy?
Rens van der Vorst: Well, of course we made sure our organization is compliant. We made sure we have the right people and procedures in place. However, our strategy is to challenge the people who have all the knowledge on GDPR and privacy to help us reach our ambitions. It is not like, "You cannot do this because it is against GDPR." No, it is more like, "I want to do this, how can I do it within GDPR?" At our university, we truly want to help students; we have high moral standards. How can we reach them and be GDPR compliant?
At this point, I personally think people and organizations are still adapting. This sometimes leads to unnecessary red tape and works against innovation and helping students. Together with fellow universities and SURF, we try to find out how we can create a tool set that helps universities reach their ambitions and be GDPR compliant. Furthermore, it is important to notice that we do not like the explicit consent model because students who take the effort to give consent are usually not the students who need our help the most. We have also found out we can do a lot by using non-personal data, by making data anonymous, and by making sure data is only available to the student.
How will the GDPR benefit students?
Rens van der Vorst: Within a university, I have no idea. I really think a student can trust us. We will use all our powers to help the student succeed. If we can help better by collecting data, the student should be happy. GDPR sometimes prevents us from collecting data or creates costly red tape that is not beneficial for students at all.
As a human, GDPR is great. I also work as a technophilosopher, and I often tell my students a dystopic story. If you are rich now, you can only buy stuff: a new car, a bigger house, a private jet. This is great, but it is still stuff. But at the rate biotechnology and information technology are merging, maybe in 25 years the rich will be able to buy things that truly are valuable, like immortality, space travel, wisdom, or strength.
A new race of superhumans may emerge. These superhumans will no longer need us, so we might become obsolete. And how do these people become rich? It’s because of data, data we are giving away mindlessly by using social media, by using Google, Uber, and so on. Why? Because WhatsApp is easy, or we look cool on Instagram. GDPR is a very important step in thinking about ownership of data. GDPR is a first step in not becoming obsolete. So I think not being obsolete must count as a benefit for students.
Will it impose any restrictions on instruction?
Rens van der Vorst: Yeah, sure. There will be some struggles between the innovation people and the legal people. However, as I mentioned before, the mindset has to be about purpose. Dear legal people, we want to do this, we can explain why we want to do this, we think this is justified. Now you find out how we can do this. Not the other way around.