Content uploaded by Mohammad Khalil
Author content
All content in this area was uploaded by Mohammad Khalil on Mar 03, 2019
Content may be subject to copyright.
Learning analytics at the intersections of student trust, disclosure
and benefit
Sharon Slade†
The Open University
Walton Hall, Milton Keynes
United Kingdom
sharon.slade@open.ac.uk
Paul Prinsloo
University of South Africa
Unisa, 0003
South Africa
prinsp@unisa.ac.za
Mohammad Khalil
University of Bergen
Christiesgate 13, Bergen
Norway
mohammad.khalil@uib.no
ABSTRACT
Evidence suggests that individuals are often willing to exchange
personal data for (real or perceived) benefits. Such an exchange
may be impacted by their trust in a particular context and their (real
or perceived) control over their data.
Students remain concerned about the scope and detail of
surveillance of their learning behavior, their privacy, their control
over what data are collected, the purpose of the collection, and the
implications of any analysis. Questions arise as to the extent to
which students are aware of the benefits and risks inherent in the
exchange of their data, and whether they are willing to exchange
personal data for more effective and supported learning
experiences.
This study reports on the views of entry level students at the Open
University (OU) in 2018. The primary aim is to explore differences
between stated attitudes to privacy and their online behaviors, and
whether these same attitudes extend to their university’s uses of
their (personal) data. The analysis indicates, inter alia, that there is
no obvious relationship between how often students are online or
their awareness of/concerns about privacy issues in online contexts
and what they actually do to protect themselves. Significantly
though, the findings indicate that students overwhelmingly have an
inherent trust in their university to use their data appropriately and
ethically.
Based on the findings, we outline a number of issues for
consideration by higher education institutions, such as the need for
transparency (of purpose and scope), the provision of some element
of student control, and an acknowledgment of the exchange value
of information in the nexus of the privacy calculus.
CCS CONCEPTS
• Social and professional topics~Privacy policies • Security and
privacy~Privacy protections
KEYWORDS
Learning analytics, privacy, boundary management, surveillance,
informed consent
1 INTRODUCTION
From an initial focus on research and practice, learning analytics is
beginning to lay claims to its potential to increase the effectiveness
of pedagogical strategies and student support, and also to increase
students’ self-efficacy and control of their learning [31]. Central to
learning analytics is the collection, analysis and use of student data.
However, it is not clear how aware nor how comfortable students
are about the scope and use of their personal and behavioral data to
improve the effectiveness of learning and the support they receive.
For example, a study in 2015 provided evidence that 93% of
respondents indicated that they wanted to control who has access to
their digital data and 90% wanted control over what data is
collected about them [22,23]. Theoretical and practical responses
to the increasing harvesting, analysis and use of personal data by a
range of stakeholders (e.g., governments, commercial entities and
data brokers) include reconsidering privacy as construct [10];
exploring frameworks to ensure transparency, data protection and
due process [8,9]; the ethics of the collection, analysis and use of
data [32,41] and increasingly, user agency [37,40].
Higher education institutions (HEIs) have access to more
student data than ever before [5,39], and there are growing concerns
that the increasingly pervasive gaze of HEIs is “creepy” [15].
Students are also demanding greater clarity regarding the scope of
data collected from them, the control they have pertaining to the
scope and purpose of the collection and analysis, and how the
collection of their data benefits them [1]. We should not
underestimate recent legal and regulatory developments protecting
personal data privacy [11] and specifically students’ right to data
privacy [30]. (Also see [33,46].
While research into institutional responsibility and the ethical
use of student data is well established, less researched is students’
understanding and perceptions of control of their data and the
practices flowing from their privacy self-management literacy [28].
Central to institutional attempts to inform users of the scope and
use of collected data is the Terms and Conditions (T&Cs) of use.
Research shows that individuals do not engage with website T&Cs
Permission to make digital or hard copies of all or part of this work for personal
or classroom use is granted without fee provided that copies are not made or
distributed for profit or commercial advantage and that copies bear this notice
and the full citation on the first page. Copyrights for components of this work
owned by others than ACM must be honored. Abstracting with credit is
permitted. To copy otherwise, or republish, to post on servers or to redistribute
to lists, requires prior specific permission and/or a fee. Request permissions
from Permissions@acm.org.
LAK19, March 4–8, 2019, Tempe, AZ, USA
© 2019 Association for Computing Machinery.
ACM ISBN 978-1-4503-6256-6/19/03…$15.00
https://doi.org/10.1145/3303772.3303796
LAK’19, March 2019, Tempe USA
S. Slade et al.
2
[3,12] and in general find it very hard to manage privacy settings
[17]. While individuals might appear to worry about who has
access to personal data and how that data is used, they will also
share data and information on an unprecedented scale - resulting in
the notion of “digital promiscuity” [17,27]. Despite students’
expressed concerns [1,33] about the collection of both generated
and self-provided data, their own sharing of (often intensely)
personal information without regard to who has access and how it
is used suggests individuals’ exchange of data for real or perceived
benefits, their trust in the provider and their understanding of the
risks is more complex than just reading T&Cs.
In an attempt to be more transparent regarding the collection,
analysis and use of student data, but also to increase students’
awareness and agency, the Open University (OU) [26] adopted a
policy on the ethical use of student data in learning analytics. The
policy sets out eight core principles and proposes a framework for
considering the ethical implications and practices in the gathering,
analysis and use of student data (also see [32]). Despite the
considerable advances in providing this ethical framework, the
policy assumes a position of informed consent, that is, the policy is
in the public domain, enquirers may be assumed to have read it, and
may then proceed to registration. There is no further opportunity
for students to opt out of having their personal learning histories
collected, analyzed and used (other than for research or marketing
purposes which require separate permissions). Students have little
control over the scope of data collected, although some
demographic information may be withheld. Data collection is
significant at the OU. Like many HEIs, much of this data will
initially be collected for reporting or normal operational purposes
– however, research suggests that many datasets are significant in
predicting student outcomes. Broad demographic data, funding
data, previous academic history, employment status, health-related
indicators etc are all collected and used to identify students who
may benefit from additional support or guidance. Learning
analytics at the OU also includes predictive tools which analyse
combinations of personal and learning data (such as online
behaviors) and suggest students who are potentially at risk of non
completion, for example.
In this context, the researchers decided to explore student
perceptions and practices of online privacy in general and, more
specifically, in the context of their studies, via a survey of entry
level students. This study aims to contribute to a better
understanding of students’ awareness of the collection, analysis
and use of their digital data in relation both to how deeply they use
online services and media and to their own practices of privacy self-
management. The findings are then related to students’ perceptions
of and concerns about the use of their digital data in the context of
learning analytics and the OU.
We firstly explore individual online privacy against the
backdrop of negotiating boundaries of trust, disclosure and benefit.
This is followed by an overview of the research methodology,
design, respondent profiles and ethical considerations. After
providing an overview of the analysis and findings, we briefly
discuss the main findings before proposing a number of
considerations and recommendations.
2 INDIVIDUAL ONLINE PRIVACY:
NEGOTIATING BOUNDARIES OF TRUST,
DISCLOSURE AND BENEFIT
Higher education is but one role-player in an increasingly complex
and fluid context where governments, commercial entities and data
brokers collect, analyze and exchange databases [35,46] resulting
in a fracturing of individuals’ “control zone” over their data [20].
The unprecedented collection and combination of disparate
sources of personal data heralds a possible breakdown in the
adequacy of legal and regulatory frameworks to protect individuals.
Young [46] states that “Data from … individual sources seem
innocuous when standing alone, but when these data collections are
aggregated they can reveal a surprisingly complete picture of a
person and may even generate unexpected inferences” (p. 559). The
notion of anonymity as a “placeholder for privacy” (Ibid., p. 560)
is becoming increasingly questionable, such that existing consent
to the collection, analysis and use of personal data is “effectively
illusory” (Ibid., p. 561). It is fair to suggest then that not only are
current T&Cs inadequate to foresee or foreclose how personal data
may be used and/or combined with other data sources in future, but
there is also no empirical evidence that suggests that “de-
identification works either in theory or practice” (Ibid., p. 561).
While most of the collection and use of data can be classified as
benign, “as processing power increases and data capabilities
improve, the insights into and applications of online user data may
evolve to have a more serious impact” (Ibid., pp. 551-552). Though
the current practices do not quite resemble the “stuff of Orwellian
nightmares” (Ibid., p. 552), there is existing evidence that
individuals have already been erroneously misclassified [46] or
excluded from benefits [14,16].
Similarly, though there is an increasing body of research on
users’ privacy calculus or privacy self-management, there is a
relative lack of comparable research in the context of higher
education and learning management systems. Examples of broader
studies exploring individuals’ privacy online management have
included users’ privacy behaviors on Twitter and Facebook [6],
students’ privacy concerns on Facebook [2], privacy concerns of
millennials in the context of the adoption of location-based services
in Germany [10], the issue and practice of trust in social networks
[4], self-disclosure in online social networks [19], the
personalization privacy paradox [21,45], and the development of
an “online privacy literacy scale” [40]. For the sake of this study,
we have relied on three approaches, namely the “taxonomy of
perceived consequences of privacy-invasive practices” [13], a
review of current research on the “privacy paradox phenomenon”
[18], and the “privacy boundary management model” [7].
Kokolakis [18] points to privacy concerns being understood in
the context of individuals who are willing to exchange personal
information for the benefit (or even perceived benefit) of services
or products whilst expressing apparent concerns about how their
personal data is collected, analyzed and used – a phenomenon he
calls the “privacy paradox” (p. 1). Of interest here is the notion of
the privacy calculus theory which posits that “individuals perform
a calculus between the expected loss of privacy and the potential
gain of disclosure” based on perceived trade-offs which “often
Learning analytics at the intersections of student trust, disclosure
and benefit
LAK’19, March 2019, Tempe, USA
3
seem unreasonable and inconsistent with their privacy concerns”
but become more understandable if we include consideration of
intangible rewards (Ibid., p. 7). In the context of online social
networks (an issue we return to later) the risks and benefits
associated with self-disclosure are often portrayed as the agency of
rational agents, but Kokolakis [18] suggests that human decision-
making is fraught with cognitive biases and heuristics such as
“optimism bias, overconfidence, affect bias, fuzzy-boundary and
benefit heuristics, and hyperbolic discounting” (p. 8).
Certainly, at the moment of calculating the risks and awards of
disclosure, individuals are unlikely to have access to all of the
necessary information and may have limited time to make a rational
choice. As users, they may also be faced with information
asymmetries with little information about how their data will be
used in future, or that data shared for a particular purpose and in
one particular context might later be combined with other (past,
present and future) databases. (Also see [23,24]).
Kokolakis [18] concludes that the seeming dichotomy between
privacy attitude and behavior should perhaps “not be considered a
paradox anymore” (p. 9) since other recent research has provided a
range of explanations for the trade-offs which individuals make in
the context of self-disclosure. Despite having a better
understanding of the reasons individuals trade privacy and
information, the privacy decisions of individuals remain a
“complex phenomenon that has not been fully explained yet” (p.
9).
Linking to this is research by Chang, Wong and Lee [7] on the
notion of “perceived privacy” and their “privacy boundary model”
which flows from communication privacy management (CPM)
theory. Their basic proposition is that the privacy boundary of
individuals is based on the belief (whether real or perceived) that
they have control over their own personal information and can
determine both who else has access and how the information will
be used. Individuals’ privacy boundaries range from ‘thick’
(perceived absolute control over their information) to ‘thin’ and
even to porous boundaries (information is shared with others, often
in trade-offs for (perceived) benefits). Once shared, the ‘ownership’
of that data also becomes shared along with “both rights and
obligations” (par. 6). Based on the principles of Fair Information
Practices (FIPs) of notice, choice, access, security, and
enforcement; individuals coordinate and manage their own
individual privacy boundaries as well as the resulting turbulence
when conflicts arise. It is appropriate then to refer to individual and
communal boundary assurance in the nexus of information
ownership [7]. Crucial here is the proposal that privacy concerns
and practices are “domain-specific and must be studied in that
context” (par. 26).
So, individuals engage with privacy trade-offs depending on
context, perceived risks and benefits. Hauff, Veit and Tuunainen
[13] extend this thinking by proposing that individuals respond to
the various forms of privacy-invasive practices (such as the
collection, improper access, unauthorized secondary usage and
errors) by considering the consequences of having their privacy
invaded or compromised. Hauff et al [13] developed a taxonomy of
perceived consequences of privacy-invasive practices listed as
physical, social, independence-related, resource-related, legal and
psychological consequences. Social consequences include the fear
of being judged, loss of respectability and the fear and potential of
calumny/mobbing. Resource-related consequences include
financial and time issues while psychological consequences include
feelings of being surveilled, the pressure of constant mindfulness
and being on the alert, feelings of loss of control and feelings of
uncertainty.
This study continues research described in Slade and Prinsloo
[33] which examined student perceptions on the use of their
(digital) data. Among the issues explored were the need for
accurate information and shared responsibility, transparency of
purposes, targeted student support, and issues surrounding the
collection, storage and analysis of data. From this research there
were glimpses of students’ opinions that they wanted more control
over what data is collected and for which purposes, as well as a
clear indication that they wanted to consent to specific data
collections and analyses. There was a clear dichotomy and paradox
between students’ expressed need and preference to receive
personalized attention from the OU and concerns about having their
digital data collected and analyzed. In this study, the aim is to
explore whether there are differences between stated attitudes to
privacy and online behaviors, and whether these same attitudes
extend to their university’s uses of their (personal) data.
3 METHODOLOGY
Survey questions were designed to explore constructs relating to
(i) awareness of uses of personal data (7 items), (ii) use of social
media (11 items), (iii) the protections of privacy online (28 items)
and (iv) online data and practice at the Open University (11 items).
A single four-point intensity scale, anchored at extreme ends, was
used to measure the responses.
Excluding one categorical question, all other questions provided
students with a Likert scale of 1-4 with a fifth option of “Not sure”
(following other research, see [29] and [22]). Respondents were
provided with the opportunity to add open comments to items to
clarify their position or response.
In this paper we focus on a preliminary analysis of the
quantitative part of the survey and use a sample of respondents’
comments to illustrate early findings.
A draft survey was evaluated by the statistical survey team at
the OU and suggested changes were accepted. The target
population comprised registered and active Level 1 OU students
stratified according to age (explicit and possibly oversampled), UK
vs non-UK (implicit) and highest educational qualification
(implicit). In order to ensure a valid sample size, the survey was
mailed to 8,000 students via email on 11 July 2018 and the survey
remained open until 9 August 2018, during that time 286 students
responded, of which 71 responses were incomplete, a 2.7%
response rate.
We have confirmed that our sample is randomly drawn and does
not reflect upon specific population. Despite the low response rate
LAK’19, March 2019, Tempe USA
S. Slade et al.
4
- possibly due to the timing and the length and relative complexity
of the survey - the number of items surveyed and the sample size
should allow some generalizations to be applied. Partially
completed responses were excluded from the initial construct
analysis but have been included in the overview of student profiles.
This research received institutional clearance from the Student
Research Project Panel (SRPP) at the OU. Participants were given
a full project outline and by returning the survey consented to the
use of its data, and were de-identified by survey staff. A de-
identified database and an initial analysis were provided to the
authors. Participation in this study posed no risk for participants
and the analysis and findings may contribute to further refinement
to OU policy [26] and the ways in which ongoing learning analytics
practice is communicated to students.
3.1 Survey design
The questionnaire consisted of 57 items divided into four parts.
Table 1 provides and overview of the sections and questions. More
detail can be found at https://doi.org/10.6084/m9.figshare.7150853
Table 1: Overview of Survey questions
Part 1 –
Awareness
of uses of
personal
data
Exploring students’ general sense and awareness
that their personal data is collected whenever they
are online (Q1), how they feel about the collection
and use of their personal data when visiting online
sites (Q2), and whether they would stop using
online media when their data is shared with third
parties (signifying a breakdown of trust and
control) (Q3).
Part 2 –
Use of
social
media
Exploring students’ use of social media as a proxy
for the depth of their engagement in online
activities. Q4 and Q5 explored students’ intensity
and range of online activity
Part 3 –
Actions
taken to
protect
online
privacy
In the context of research which indicates terms of
service as a proxy for users’ agreement to having
their data collected and used is anything but
straightforward [28], it was important to explore
students’ engagement with the terms of service of
the online social media they use (Q6). Q7
established the extent to which students had
experienced breaches of trust in the form of
hacking or privacy invasions. Q8 explored
students’ agency in protecting their online privacy
through a range of conscious activities, e.g.,
deleting their search histories, etc. A central part of
online privacy self-management is the increasing
use of installed software such as DoNotTrack,
Ghostery or the use of DuckDuckGo as a search
engine (Q9), as well as students’ acceptance of
cookies in exchange for services (Q10). Q11 asked
about anonymous use of the Internet. Q12-14
explored issues of control and permission (as in
boundary management, e.g. [7].
Part 4 –
The Open
University
The use of student digital data by the OU (Q15-
17). In following Chang et al [7] and in the context
of previous research [33] this explored students’
perceptions about their perceived levels of trust in
the context of engaging online at the OU by the
institution, their peers, their own practices of
sharing and disclosure, the locus of control, and
their digital ‘after-life’ at the OU.
3.2 Data analysis method
The data analysis method of this research study followed a
quantitative analysis primarily based on descriptive, correlational
(inferential statistics), and dimensionality reduction analytical
approaches. To help describe, understand, and reprocess the
quantitative insights, descriptive statistics are provided in terms of
mean, standard deviation, and percentages. In addition, crosstab
analysis was used as a part of the descriptive statistics and was
carried out on specific questions where we wanted to show
frequencies of the questions.
On the other hand, Spearman correlation was used as the most
convenient rank correlation analysis since the questionnaire
includes Likert scale and Likert type questions. Spearman's rho was
selected over Pearson correlation because the module does not
depend on linearity and is meant for more general monotonic
relationships between two or more variables.
Finally, the correspondence analysis was employed as a part of
the dimensionality reduction approach on the categorical question
from the questionnaire. Our purpose of utilizing it in our analysis
returns to its potentiality in discovering relationships among
categorical variables [38].
3.3 Clustering
According to the survey design, we grouped questions into clusters
based on i) the general theme of the questions, and ii) Cronbach’s
alpha coefficients and correlations. Clusters that scored an alpha
value < 0.70 were excluded from the clustering and were
considered unreliable. Four clusters were reliable and considered
as internally consistent as the following:
• (Q4, Q5, & Q7 – cluster 1) were classified as a ‘Privacy
intro’ cluster (Cronbach’s α = .705)
• (Q2, Q3, Q12, Q13, & Q14 – cluster 2) were grouped
under the ‘privacy calculus’ cluster (Cronbach’s α =
.781)
• (Q6, Q8, Q9, & Q10 – cluster 3) were classified as an
‘online behavior’ cluster (Cronbach’s α = .805)
• (Q4 & Q5 – cluster 4) were classified as a ‘depth of use’
cluster (Cronbach’s α = .701)
Other questions, i.e., Q1 and Q11 (background/awareness
questions – cluster 1), Q16 and Q17 (relating to the institution’s use
of their data) were treated separately. Q15 was a categorical
question.
4 ANALYSIS AND FINDINGS
4.1 Respondent profile
The respondent profile is based on information shared at
registration. Provision of some information, such as age is
compulsory, whilst other information, such as ethnicity, disability
and employment status, is voluntary. More than half (55%) of
respondents had studied at least one previous module at the Open
University with others as first-time registrations. With regard to age
Learning analytics at the intersections of student trust, disclosure
and benefit
LAK’19, March 2019, Tempe, USA
5
as variable, 39% of students were younger than 36 and 21% of
students over the age of 55. Females constituted the majority of the
respondents (61%). A third of respondents (33%) declared existing
higher education or postgraduate qualifications. Almost two-thirds
of the respondents, 63% were full-time or part-time employed and
10% had ‘retired from paid work.’ A majority of respondents,
(67%) declared that they were online several times a day or most
days (30%).
4.2 Respondent online user profile
With regard to online services, 61% do not use Twitter at all, 63%
do not use LinkedIn, and 68% do not use any picture-sharing
services. A majority of users (68%) use Facebook, 98% regularly
use online search engines, and almost 100% of respondents
regularly use email. Of the total of respondents, 70% regularly use
online shopping services and 77% regularly use online banking. It
falls outside the scope of this article to explore the results in terms
of the broader discourses of digital residents and visitors [43,44].
4.3 Descriptive statistics
In the following section we present an initial analysis of the
findings.
4.3.1 Awareness of uses of personal data. The first question
explores initial thoughts around the collection, analysis and use of
personal data. Somewhat surprisingly, in the context of other
studies [22], the respondents seemed fairly relaxed - 13% indicated
that they were not at all worried and 40% only a little worried.
Q2 explored the acceptability of how and why their data might
be collected online. Though the first question suggested that around
half of the respondents had no particular concerns, the provision of
more specific scenarios led to an apparent increase in concern.
Almost a quarter (25%) now indicated that the collection of
personal data in order to offer a better service would be ‘not at all
acceptable’, and 38% only a ‘little acceptable’. A large majority
(83%) indicated that the sharing of personally identifiable
information with third parties would be totally unacceptable,
although this fell to under half (43%) if the information shared was
anonymized. In terms of the privacy calculus, roughly equal
numbers thought it ‘unacceptable’ (34%) versus ‘quite’ or ‘very
acceptable’ (32%) to collect personal information in exchange for
services.
When the extra services rendered in exchange for data entail a
sharing of this personal information with third parties, the numbers
objecting rose, with 70% indicating that it was not at all acceptable.
Almost a third (29%) state that they would delete their accounts if
their personal information was shared with third parties even when
that means they will be excluded from the benefits in the
information exchange, while a further 42% of respondents would
“think about” deleting their accounts. The responses here perhaps
demonstrate a general lack of familiarity with current data sharing
practice.
In the open comments section to this question, the following
remarks were significant:
I would prefer that personal data collecting and particularly
sharing by an organisation should only be done after the user has
specifically opted in, and that opting in should not be linked to any
benefits, e.g. ability to use the site, etc.
My default position would be to delete my profile/account - but
I might be persuaded otherwise if the benefits of not deleting
significantly outweighed those of deleting.
I do not like my data shared with any party without my consent.
I am under the belief that my data is protected under the Data
Protection Act.
4.3.2 User engagement with terms and conditions. It possibly
comes as no surprise that the majority of respondents had not
engaged with (fully read nor skim read) the terms of service of the
online sites used. Interesting however are the exceptions to this -
60% reported that they engage with the Terms and Conditions
(T&Cs) of online service sites (e.g., banking), and 52% for online
shopping sites. Fewer review the T&Cs of social media sites (with
Facebook at 45% as perhaps the unsurprising exception given
recent publicity). This finding is consistent with Hauff et al’s
taxonomy of perceived consequences [13].
4.3.3 Protecting online privacy. Over a third (38%) reported
having had their online accounts breached at least once, while 50%
had never experienced a breach (or were unaware) – the remainder
were unsure.
So, it is interesting that fewer than half (44%) regularly delete
their search histories. This latter finding is in stark contrast to that
of Rainie et al [29] who found that 64% of respondents deleted
cookies and search histories on a regular basis. 66% of the survey
respondents don’t use temporary email addresses for specific online
activities, and only a few (3%) often encrypt their email. The latter
finding is more in line with the findings of Madden and Rainie [22]
who found that only 10% of American adults encrypt their online
communication. Around a third (35%) have deliberately provided
false personal information online, and 38% suggest that they would
refuse to provide personal information if the request was not
relevant or pertinent to the service rendered. Having said that,
almost 80% of respondents have not installed software on any
device to prevent online service providers from tracking their
online activities. A majority of respondents (58%) often or always
routinely accept cookies from online providers.
The following open comments illustrate some respondents’
views:
It is the reported use of data that causes me not to use social
media, but online services are essential these days…
When required to provide my data online, I sometimes provide
false data.
I expect my data to be protected.
Interestingly, despite the low proportion of respondents who
installed non-tracking software, over half (55%) stated (Q11) that
individuals should be allowed the opportunity to use the Internet
anonymously (16% of respondents stated that using the Internet
should never be anonymous). This confirms the findings of Madden
and Rainie [22] who found that 55% of American adults supported
the idea of browsing the Internet anonymously.
In light of the privacy calculus and privacy boundary
management, it is interesting that 93% of respondents indicated that
LAK’19, March 2019, Tempe USA
S. Slade et al.
6
it is “quite” or “very important” to be in control of who gets access
to information shared online. This finding is consistent with the
findings of Madden and Rainie [22] who indicated that 93% of
respondents wanted control over who has access to their digital data
and 90% wanted control over the scope of data being collected.
Some of the respondents’ comments are as follows:
I am the gatekeeper of my personal identity - the same way I
filter what I say in a verbal conversation and tailor it to my
audience.
Anonymized data is probably not a problem, but assigning data
to individual can be.
My life shouldn't be available to anyone.
Too many companies [are] making money from mining our
data, would we want someone looking over our shoulder at
everything we did, or listen in to every conversation in everyday
life?
4.3.4 Attitudes to the university’s collection of personal data.
The first 14 questions explored general perceptions of privacy and
online agency. Questions 15-17 explored respondents’ perceptions
about control, safety and trust in the specific context of their use of
the OU’s LMS. It is interesting in terms of the social contract
between students and the institution, and of the duty of fiduciary
care of the institution to its students that there is an apparent high
level of trust relating to their personal digital information. Close to
75% of all respondents indicated that they “trust the OU with the
information I share.” This level of trust is remarkable and can
possibly be related to the brand of the institution and its reputation
to really care about its students (see [28,36,42]).
The majority of respondents expressed the view that it is “very
important” to be in control of who can get access to information
about them (69%); that no one follows their online activities
without their explicit permission (72%); and being in control of
what information is collected about them (67%). This appears in
stark contrast to the number of respondents who have actually read
the terms of service, installed anti-tracking software or who support
the notion of the anonymous use of the Internet.
In this regard there is a discrepancy between the notion of
personal privacy as it applies to a respondent as an individual and
the concept of privacy as applied more broadly.
When asked to rank control (over which data is added) against
privacy (who sees and uses the data) and safety (how secure the site
feels) – almost half of the participants chose privacy as most
important (48%), followed by safety (32%) and finally control
(20%). This seems a little surprising – respondents are saying that
they care much less about what is collected and more about who
sees that information. This might have potential implications for
learning analytics in terms of students’ concerns around who can
access and interpret their data (and thus influence their learning
choices). In the comment section to this set of questions, some of
the interesting responses are:
Online privacy is being slowly eroded by well-meaning people
that simply don't understand the platform and how dangerous and
compromising mass-collection of data could be.
I work in the area of data privacy...I know how rife sneaky data
collection is.
Q16 moves from more generic uses personal data to the analysis
and use of the collected information to improve the effectiveness of
the services and learner support by their higher education provider.
The majority of respondents (79%) felt comfortable with the fact
that the OU can collect personal information to do this. Significant
in the open comments section to this question was the number of
times that the notion of “trust’ was raised, e.g.
I trust the Open University. They are a type of organisation that
has a clear and specific purpose in collecting the data and using it
to help students
It is a trusted service with a positive use for data
Similarly, many suggested that they expected that the data
would be used to benefit themselves directly and/or to help other
students:
It will benefit me and future students.
By gathering information about students’ performance on the
modules … the university can detect where to improve or modify in
order to give a better experience to their students.
A small minority mentioned their reasons for not wanting to
share their data for learning analytics purposes:
I don't want things tailored to me; I can choose my own path.
I do not trust institutions.
Overwhelmingly the sense was that, however they might feel
and act outside of an educational context, their (positive)
relationship with the University provided sufficient trust to create
broad acceptance of learning analytics.
4.3 Correlations and correspondence analysis
As part of the analysis, we looked for correlations between the
clusters, and between clusters and individual questions (see Table
2). The four clusters maintain an acceptable level of internal
consistency at levels of Cronbach’s α greater than .70 and less than
.81 indicating a fine given construct of the clusters.
Correlations varied among the selected variables in Table 1.
Analysis showed a weak negative correlation between cluster 4
(depth of use) and the other clusters, The result of the Spearman
correlation coefficient shows that there is a weak negative
statistically significant relationship between the depth of use (M=
2.73, SD= 0.44) and the privacy calculus cluster (M= 3.34, SD=
0.49) (r = -0.186, p<.01), two-tailed suggesting that as online use
increases, there is a corresponding decrease in privacy concerns.
On the other hand, the correlational analysis showed no significant
correlation between cluster 4 (online behaviors) and clusters 3
(depth of use) and, i.e., there was no real relationship between how
often respondents were online and what they did to protect
themselves. Further, there appears to be no correlation between
clusters 2 and 3, that is, there is no obvious relationship between
the privacy awareness of respondents and what they do to protect
themselves.
Unsurprisingly the result of the Spearman correlation
coefficient shows a moderate positive statistically significant
relationship between how worried students are about collection/use
of their data (Q1) (M= 2.53, SD= 0.96) and the privacy calculus
Learning analytics at the intersections of student trust, disclosure
and benefit
LAK’19, March 2019, Tempe, USA
7
cluster (M= 3.34, SD= 0.49) (r= 0.331, p<.01), two-tailed by which
implies the more worried they are, the more important privacy is.
Comparing responses to Q16 to responses for other questions,
it was noted that there was a weak negative correlation with Q8 and
Q9, that is, students who actively protect their privacy via password
changes, etc and students who install software to block tracking are
less happy to share their data for learning analytics purposes.
Similarly, students who like to control personal data collection in a
broader sense also do not feel comfortable having their data tracked
and processed for learning analytics purposes LA purposes (Q14 vs
Q16).
On a more positive note, respondents who are happy to
exchange data online for benefits are also happy to do this in a
higher education context in order to receive more effective services
and support (Q2 vs Q16, r= .354, p<.01).
Further analysis was carried out on the privacy calculus
questions and Q15 where students select one of the safeguarding
data elements, i.e. control (what data is shared), privacy (who sees
and acts on data), and safety (site security) (See Table 3).
Since the privacy calculus cluster covers 5 questions, we
reduced dimensions to better understand any relationships with
Q15. Figure 1 depicts these connections and shows four main
clusters close to the results in Table 3. The first cluster shows that
students who score most highly on the privacy calculus questions
select ‘privacy’ - who accesses their data and analyses - over
control and safety from Q15. The second cluster represents those
for whom safeguarding data issues are ‘quite important’ opt for
‘safety’. The third cluster is those who answered ‘a little important’
and their choice of selecting ‘control’. Students who chose ‘Not
important’ have no interest in any of the three options (fourth
cluster). For those students who appear to care, it is most important
to control who sees and acts on their data than the actual data that
is shared.
Back to the descriptive results, a major issue in the context of
having control over one’s personal information is the timing and
frequency of when they are informed. Many respondents (46%)
indicated that they would like to be informed as part of every
module (course) registration, and 47% of respondents wanted to be
informed only as part of the initial registration to study. This stands
in somewhat stark contrast to the very low percentage of
respondents who read and engaged with the terms of service of
online service providers (Q6).
Table 3: Correspondence analysis between the mean value of
the privacy calculus cluster and Q15 (n=221)
Privacy calculus
(mean value)
Q15 elements (C= Control, P= Privacy,
S= Safety)
C
P
S
Active Margin n
(%)
Not Important
0
1
1
2 (0.9%)
A little important
7
7
4
18 (8.14%)
Quite important
16
36
31
83(37.58%)
Very important
20
63
35
118 (53.39%)
Active Margin (n)
43
107
71
221
Table 2: Descriptive statistics and Spearman correlations for selected variables (n=286)
1
2
3
4
Q1
Q2
Q8
Q9
Q14
Q16
1. Privacy intro
-.074
-.005
.607**
.017
.142*
.117
.031
.033
.143*
2. Privacy calculus
-.045
-.186**
.331**
-
.111
.065
.521**
-.296**
3. Behavior
-.007
.086
.058
.651**
.177**
.067
-.190**
4. Depth of use
-.126
.207**
.100
.073
-.031
.221**
Q1
-.273**
.229**
.169*
.358**
-.103
Q2
-.060
-.020
-.235**
.354**
Q8
.244**
.225**
-.215**
Q9
.136*
-.171*
Q14
-.157*
Q16
M
2.21
3.34
1.90
2.73
2.53
1.74
1.80
1.28
3.60
3.15
SD
.48
.49
.42
.44
.96
.59
.42
.67
.67
.90
Cronbach’s α
.705
.781
.805
.701
-
-
-
-
-
-
* p < .05; ** p < .01
LAK’19, March 2019, Tempe USA
S. Slade et al.
8
Figure 1: Dimension reduction shows four main clusters
(n=221)
The following comments in the open comment section reveal
more:
Be clear and transparent - provide bullet points of the data and
what it will be used for, don't use 'tech speak' or 'corporate speak'.
Perhaps a website that shows how my data is used, that I can
visit when needed.
More specifics about what is collected and what happens to that
information.
5 DISCUSSION
5.1 In general
In general, respondents to this study showed lower levels of
concern regarding the pervasive collection and use of personal data
than those in research done by Rainie et al [29] – 45% compared to
86%.
5.2 The exchange value of information
While only 34% of respondents had indicated that they would be
comfortable to exchange personal data for personalized benefits
from an ‘online provider’, in the context of the OU, 74% of
respondents indicated that they are comfortable with collection of
personal data in exchange for more effective, personalized support
and services. This may be related to the high levels of trust
respondents expressed in the OU and reflects the privacy paradox
identified by Kokolakis [18] amongst others.
5.3 Having control
Having control over what data is collected and for what purposes is
important for the majority of respondents (very important, 67%,
quite important – 26%), despite a general low engagement with the
terms of service of online providers (see next point). The expressed
need to be (or feel) in control is, however, in stark contrast to the
low levels of risk prevention behaviors and agency. In an
educational context, the results of our survey most closely related
to the independence-related consequences identified in Hauff et al’s
[13] taxonomy of perceived consequences of privacy-invasive
practices. In this regard, students were more concerned that
analysis of their data might constrain their ongoing/future study
options.
5.4 Context matters
Respondents’ risk behavior and engagement with terms of service
differ between contexts. In situations more obviously related to
financial risk, respondents are more likely to engage with the
T&Cs. For other online sites with a lesser perceived risk, such as
LinkedIn, fewer than one in 5 respondents (18%) engaged with the
T&Cs. The exception here was Facebook – possibly due to recent
revelations on how Facebook uses and experiments with the
information provided by users [34].
5.5 Trust
Trust in the service provider seem to be a crucial factor in
respondents’ sense of privacy, risk and privacy self-management.
A large majority of respondents expressed trust in the OU to not
use their personal data inappropriately or to share their data with
third parties. It is reassuring, relating to the psychological category
of Hauff et al’s taxonomy [13], trust in the University appears to
outweigh other more general privacy concerns.
6 RECOMMENDATIONS
It is clear that privacy self-management is context-dependent and
context-appropriate and that negotiation of boundaries of trust,
disclosure and benefit are found in the nexus of users’ sense of
control, their need for the service, the reputation of the site/service,
and the exchange value of their data.
Despite the apparent high levels of trust and low levels of
privacy self-management strategies and capabilities shown in this
study, HEIs should not underestimate the reputational value of
bestowed trust, nor the need for transparency and good governance.
Just because we have access to student data, does not make it ethical
[25]. In order to move the discourses and practices in the collection
and use of student data forward the following recommendations
might be considered:
• Transparency: Despite evidence that users do not
engage with T&Cs of online services, higher education institutions
should strive to be transparent. Students should know what data are
collected, by whom, for what purposes, who will have access to this
data downstream and how data might be combined with other
datasets (and for what purposes). Students should be better
informed about the potential benefits that they may access in
exchange for their data. Creating a greater sense of the benefits
arising from the collection and analysis of their data should lead to
students as more active participants in student-centered learning
analytics.
Transparency extends also to student access to, and feedback
on, the analyses that result from collection of their data. This is
especially important if those analyses suggest a reduced or altered
set of options. Enabling feedback will support learning analytics in
its goal of not only providing institutions with a clearer
understanding of how students learn, but also what students find
useful and how it may best be communicated.
Learning analytics at the intersections of student trust, disclosure
and benefit
LAK’19, March 2019, Tempe, USA
9
Increased transparency might extend further to shared data
regarding instructor teaching patterns and behaviors; operational
issues such as changes in the learning management system; factors
impacting on instructor: student ratios; the rationale for
pedagogical decisions and design elements, etc. In this way
learning analytics moves away from potential accusations of
creating a one-sided panopticon and surveillance architecture, and
emerges as a reciprocal, transparent engagement intent on
improving learning, and teaching.
• Control: Students should be given access to their digital
dossiers and the rationales for decisions taken based on the
collected information, and be able to add information or context to
collected data. Control involves more than the binary of opting in
or out. In an educational context, and perhaps related to a fairly low
level of transparency around the uses of student data in many
institutions, the need to control their data is not always something
that students are even aware of. In Chang et al’s terms [7], students’
privacy boundaries may be based on an incomplete understanding
of learning analytics activities. Increasing both transparency and
student control could lead to shared and understood boundaries, and
a greater willingness to share information in exchange for known
individual and/or joint benefits. The desire to maintain control
(even if largely perceived) lessens when there is a relationship of
trust and care. Students should not feel alienated from the collection
and analysis of their data. They should be able to record their
preferences in terms of frequency and type of analysis. It might be
argued that students should also be allowed to make seemingly
irrational decisions if personal preferences conflict with options
suggested as a result of analytics. This moves learning analytics
forward from a one-way institutional voice-over on students’
learning journeys.
• The exchange value of information: Given that students
negotiate decisions regarding the sharing of information based on
the exchange value, perceived risks and perceived and real benefits,
it is important that higher education institutions make clear
benefits, possible biases, risks and unintended consequences.
• The fiduciary duty of higher education and graduate
outcomes: Within the ambit of the fiduciary duty and social
contract of higher education and students [32], higher education
cannot collect, analyze and use student data, despite concerns.
There is, however, a duty to increase students’ awareness of the
practices and consequences of their sharing of personal information
and to empower them to make informed context-appropriate
decisions.
7 LIMITATIONS AND FURTHER RESEARCH
While the validity and reliability of this research has been
established, we acknowledge the sample was small and limited to
entry-level students at the OU. We further acknowledge the many
conceptual constructs regarding privacy and privacy self-
management that may inform research. It may also be the case that
survey questions of this type attract a non-neutral set of
respondents, that is, those with a keener interest in such issues.
Follow up research may include comparison to an earlier survey to
assess changed attitudes in the light of recent (EU) legislative
changes, etc.
8 (IN)CONCLUSIONS
While the phenomenon of information privacy is not new, there has
been an increased public and scholarly interest in recent years. This
extends to awareness of the real dangers of discrimination and bias,
and individuals’ awareness of and responses to the collection,
analysis and use of their own data. There is a wealth of research on
the lack of impact and scope of regulatory and legal frameworks
and the need to think ethically about user data. In the context of
higher education, there is a relative dearth of research on student
awareness, privacy self-management practices and their
perceptions regarding the collection, analysis and use of their data
to drive cost-effective and appropriate teaching, learning and
student support.
Although this research was limited to one institutional and
national context, the findings suggest a need to think about and
include students in the collection, analysis and use of their data.
In this initial analysis we found that, in general, there was a
lower level of awareness and concern about the collection, analysis
and use of personal digital data in the sample population than in
other populations (e.g. [22]). Furthermore, the findings indicate that
individuals make context-specific choices regarding their strategies
for privacy self-management, confirming research by Kokolakis
[18]. Respondents choose strategies for privacy self-management
on their evaluation of the trustworthiness of the site, risks of
material or reputational loss and the real or perceived value of
services received in exchange for personal information. This
research therefore confirms the notion of the “privacy calculus” as
explored by Kokolakis [18] and various authors exploring privacy
boundary management such as Chang et al [7].
Learning analytics offers a unique opportunity to create a
trusted relationship between institutions and students where the
reciprocal benefits of the exchange of data more clearly informs
students’ choices and learning behaviors.
9 REFERENCES
[1] Abamu, J. 2017, Jun 13. From high school to Harvard, students urge for clarity
on privacy rights. EdSurge. https://www.edsurge.com/news/2017-06-13-from-
high-school-to-harvard-students-urge-for-clarity-on-privacy-rights?
[2] Al-Dheleai, Y. M., & Tasir, Z. 2015. Facebook and education: students’ privacy
concerns. International Education Studies, 8(13), 22-26.
[3] Bellman, S., Johnson, E.J. and Lohse, G.L. 2001. On site: to opt-in or opt-out?:
it depends on the question. Comms of the ACM, 44, 2, (2001), 25-27.
[4] Bitter, S., & Grabner-Kräuter, S. 2013. Customer engagement behavior:
interacting with companies and brands on Facebook. In Advances in Advertising
Research (Vol. IV) (pp. 3-17). Springer Fachmedien Wiesbaden.
[5] Briggs, S. 2014, January 13. Big data in education: Big potential or big mistake?
http://www.opencolleges.edu.au/informed/features/big-data-big-potential-or-
big-mistake/
[6] Buccafurri, F., Lax, G., Nicolazzo, S., & Nocera, A. 2015. Comparing Twitter
and Facebook user behavior: privacy and other aspects. Computers in Human
Behavior, 52, 87-95.
[7] Chang, Y., Wong, S. F., & Lee, H. 2015. Understanding perceived privacy: A
privacy boundary management model.
https://pacis2015.comp.nus.edu.sg/_proceedings/PACIS_2015_submission_47
3.pdf
[8] Cormack, A. 2016. A data protection framework for learning analytics.
https://doi.org/10.18608/jla.2016.31.6
LAK’19, March 2019, Tempe USA
S. Slade et al.
10
[9] Crawford, K., & Schultz, J. 2014. Big data and due process: Toward a
framework to redress predictive privacy harms. BCL Rev., 55, 93-128.
[10] Fodor, M., & Brem, A. 2015. Do privacy concerns matter for Millennials?
Results from an empirical analysis of Location-Based Services adoption in
Germany. Computers in Human Behavior, 53, 344-353.
[11] GDPR. 2018. GDPR Key Changes. https://eugdpr.org/the-regulation/
[12] Gump, J.E. 2001. The readability of typefaces and the subsequent mood or
emotion created in the reader, Journal of Education for Business, 76, 5, (2001),
270-273. DOI: 10.1080/08832320109599647
[13] Hauff, S., Veit, D., & Tuunainen, V. 2015. Towards a taxonomy of perceived
consequences of privacy-invasive practices. In Proceedings of 23rd European
Conference on Information Systems (ECIS), Münster, Germany, May 26-29,
2015.
[14] Henman, P. 2004. Targeted!: Population segmentation, electronic surveillance
and governing the unemployed in Australia. International Sociology, 19, 173-
191. DOI: 10.1177/0268580904042899
[15] Jutting, C. 2016, Aug 3. Universities are tracking their students. Is it clever or
creepy? The Guardian. https://www.theguardian.com/higher-education-
network/2016/aug/03/learning-analytics-universities-data-track-students
[16] Kitchin, R. 2013. Big data and human geography: Opportunities, challenges and
risks. Dialogues in Human Geography, 3, 262-267.
[17] Knijnenburg, B. P., & Kobsa, A. 2014. Increasing sharing tendency without
reducing satisfaction: Finding the best privacy-settings user interface for social
networks. http://aisel.aisnet.org/icis2014/proceedings/ISSecurity/4/
[18] Kokolakis, S. 2015. Privacy attitudes and privacy behaviour: A review of
current research on the privacy paradox phenomenon. Computers & Security, 1-
13.
[19] Krasnova, H., Kolesnikova, E., & Guenther, O. 2009. "It won't happen to me!":
Self-disclosure in online social networks. Amcis 2009 Proceedings, 343, 1-9.
[20] Lagoze, C. 2014. Big Data, data integrity, and the fracturing of the control zone.
Big Data & Society, 1(2), 1-11.
[21] Lee, C. H., & Cranage, D. A. 2011. Personalisation–privacy paradox: The
effects of personalisation and privacy assurance on customer responses to travel
Web sites. Tourism Management, 32(5), 987-994.
[22] Madden, M., & Rainie, L. 2015. Americans’ attitudes about privacy, security
and surveillance. http://www.pewinternet.org/files/2015/05/Privacy-and-
Security-Attitudes-5.19.15_FINAL.pdf
[23] Miltgen, C. L., & Smith, H. J. 2015. Exploring information privacy regulation,
risks, trust, and behavior. Information & Management, 52(6), 741-759.
[24] Nissenbaum, H. 2015. Respecting context to protect privacy: Why meaning
matters. Science and Engineering Ethics, 1-22.
[25] Qiu, J. L. 2015. Reflections on Big Data: ‘Just because it is accessible does not
make it ethical’. Media, Culture & Society, 37(7), 1089-1094.
[26] Open University. 2014. Ethical use of student data for learning analytics policy.
http://www.open.ac.uk/students/charter/essential-documents/ethical-use-
student-data-learning-analytics-policy
[27] Payne, R. 2014. Frictionless sharing and digital promiscuity. Communication
and Critical/Cultural Studies, 11(2), 85-102.
[28] Prinsloo, P., & Slade, S. 2015. March. Student privacy self-management:
implications for learning analytics. In Proceedings of the Fifth International
Conference on Learning Analytics And Knowledge (pp. 83-92). ACM.
[29] Rainie, L., Kiesler, S., Kang, R., & Madden, M. 2013. Anonymity, privacy, and
security online. http://www.pewinternet.org/2013/09/05/anonymity-privacy-
and-security-online/
[30] Raths, D. 2018, Feb 5. When learning analytics violate student privacy.
CampusTechnology. https://campustechnology.com/articles/2018/05/02/when-
learning-analytics-violate-student-privacy.aspx
[31] Siemens, G. 2013. Learning analytics: The emergence of a discipline. American
Behavioural Scientist, 57(10), pp. 1380-1400.
[32] Slade, S., & Prinsloo, P. 2013. Learning analytics ethical issues and dilemmas.
American Behavioral Scientist, 57(10), 1510-1529.
[33] Slade, S., & Prinsloo, P. 2014. Student perspectives on the use of their data:
between intrusion, surveillance and care. http://oro.open.ac.uk/41229/
[34] Soczka, L., Brites, R., & Matos, P. (2015, July). Personal Information
Disclosure and Perceptions About Data Usage by Facebook. In Proceedings of
the 2nd European Conference on Social Media 2015: ECSM 2015 (p. 413).
Academic Conferences Limited.
[35] Solove, D.J. 2004. The digital person. Technology and privacy in the
information age. New York, NY: New York University Press.
[36] Solove, D. J. 2012. Introduction: Privacy self-management and the consent
dilemma. Harv. L. Rev., 126, 1880-1902.
[37] Solove, D.J. 2013. Introduction: Privacy self-management and the consent
dilemma. Harvard Law Review 1880 (2013); GWU Legal Studies Research
Paper No. 2012-141
[38] Sourial, N., Wolfson, C., Zhu, B., Quail, J., Fletcher, J., Karunananthan, S. &
Bergman, H. 2010. Correspondence analysis is a useful tool to uncover the
relationships among categorical variables. Journal of clinical epidemiology,
63(6), 638-646
[39] Thebault, R. 2015, August 2. Student data give colleges new tools. The
Columbus Dispatch .
http://www.dispatch.com/content/stories/local/2015/08/02/student-data-give-
colleges-new-tools.html
[40] Trepte, S., Teutsch, D., & Masur, P. 2014. Do people know about privacy and
data protection strategies? Paper delivered at the 7th International Conference on
Computers, Privacy and Data Protection, January 23rd, Brussels, Belgium.
[41] Vitak, J., Shilton, K., & Ashktorab, Z. 2015. Beyond the Belmont principles:
Ethical challenges, practices, and beliefs in the online data research community.
Proceedings of the 19th ACM Conference on Computer Supported Cooperative
Work and Social Computing. New York: ACM
[42] Westin, A. F. 2003. Social and political dimensions of privacy. Journal of social
issues, 59(2), 431-453.
[43] White, D. S., & Le Cornu, A. 2011. Visitors and Residents: A new typology for
online engagement. First Monday, 16(9).
[44] Wright, F., White, D., Hirst, T., & Cann, A. 2014. Visitors and Residents:
mapping student attitudes to academic use of social networks. Learning, Media
and Technology, 39(1), 126-141.
[45] Xu, H., Luo, X. R., Carroll, J. M., & Rosson, M. B. 2011. The personalization
privacy paradox: An exploratory study of decision making process for location-
aware marketing. Decision Support Systems, 51(1), 42-52.
[46] Young, E. 2015. Educational privacy in the online classroom: FERPA, MOOCs,
and the big data conundrum. Harvard Journal Law & Technology, 28, 549-593.