Data Protection / Privacy in Moodle

Workshop @ 4th International Austrian Moodle Conference

Christian Grune | Humboldt-Universität zu Berlin

Aims / Agenda

• Present & discuss critical issues for data privacy in Moodle

• Discuss practical & economical solutions for customizing Moodle to meet various expectations

• Prepare a model and roadmap to additional configuration options at 2 levels:

• site level

• user level

What we do NOT

• Discussing the pros & cons of law issues and data protection practice

• Discussing local policies - they are and should be different!!

• We’re not afraid - Data protection don’t kills Moodle and configuration is possible!

Basics of Data Protection

• “right to be left alone” - users should decide, for what purpose the data is used (when not required for the service) and should have the ability to configure personal profile data and influence the apearance/presentation of the user in the system

• transparency - information about the use of the data from the service provider should be clear and understandable

• right to object - request for deleting data by users (but with the consequence of refusal of access)

• principle of adequacy - just track the data needed for service

• time limits for saving the data - “date of expiry” for saved data

Status Quo

• Moodle is prepared and transparent!

• The new right management is a good basement for further discussions

• Some things need to be done:

6 different types of data

• Log Data

• Activity Reports

• Statistics

• Real Time Data, Awarness and Status Information

• Grades

• Personal Profile

1

2

1) Prevent access to Logdata for Non-Admins

2) Prevent access to Live logs for Non-Admins

Activity Reports / Course View

3

3) Presentation for non-admins reduce to:Outline reportComplete reportStatistics

Activity Reports / Teilnehmersicht

Prevent non-admins from access to:Today’s logsAll Logs

User Profile

4

5

6

7

4) Don’t show courses

5) Don’t show last access

6) Don’t show roles

7) Don’t show “Login as” - (role management)

Statistics

8

8) Prevent non-admins from access to Links and access to logdata

Participants

9

10

9) Don’t show inactive users.

10) Don’t show last access for non-admins

Exclude logs from backup

11

11) Exclude logs form backup for non-admins

No access to backups at all

Block Online Users

12

12) Make Online Users customizable by users

- additional option in user profile ( a la email): Option im Profil ähnlich wie Email einfügen(Sichtbar Moodle-weit, für Kursteilnehmer, gar nciht)- additional checkbox at login: show online status

NOTE: If own status hidden, then status of other users should be hidden too!!

Administration/Modules/Block/Online Users

Block Recent Activities

13

13) Option for configuration: of online status is hidden, don’t show the user here!

Display Students in Course Lists

Configuration option: Show me in the course list to other users

Other Issues?

International Projects

(different policies)

How do we proceed?

• Up to U!

My proposition

• Sort things: What can be done with role definitions, what not?

• What options do we need at site level?

• What options do we need at user level?

• What options do we need at course level?

• Outline for a roadmap - how to integrate in Moodle

• Who ist responsible? Do we need money?

• Technical roadmap & non-technical Information