1. Data Protection /
Privacy in Moodle
Workshop @ 4th International Austrian Moodle
Conference
Christian Grune | Humboldt-Universität zu Berlin
2. Aims / Agenda
• Present & discuss critical issues for data privacy in Moodle
• Discuss practical & economical solutions for customizing
Moodle to meet various expectations
• Prepare a model and roadmap to additional configuration
options at 2 levels:
• site level
• user level
3. What we do NOT
• Discussing the pros & cons of law issues and
data protection practice
• Discussing local policies - they are and
should be different!!
• We’re not afraid - Data protection don’t kills
Moodle and configuration is possible!
4. Basics of Data
Protection
• “right to be left alone” - users should decide, for what purpose
the data is used (when not required for the service) and should
have the ability to configure personal profile data and influence
the apearance/presentation of the user in the system
• transparency - information about the use of the data from the
service provider should be clear and understandable
• right to object - request for deleting data by users (but with the
consequence of refusal of access)
• principle of adequacy - just track the data needed for service
• time limits for saving the data - “date of expiry” for saved data
5. Status Quo
• Moodle is prepared and transparent!
• The new right management is a good
basement for further discussions
• Some things need to be done:
6. 6 different types of data
• Log Data
• Activity Reports
• Statistics
• Real Time Data, Awarness and Status
Information
• Grades
• Personal Profile
7. Activity Reports / Course View
1
2
1) Prevent access to Logdata for Non- 2) Prevent access to Live logs
Admins for Non-Admins
8. Activity Reports / Teilnehmersicht
3
3) Presentation for non-admins reduce to: Prevent non-admins from access to:
Outline report Today’s logs
Complete report All Logs
Statistics
9. User Profile
4
5
6
7
7) Don’t show “Login as” - (role management) 4) Don’t show courses
5) Don’t show last access
6) Don’t show roles
10. Statistics
8
8) Prevent non-admins from access to
Links and access to logdata
11. Participants
9
10
9) Don’t show inactive users.
10) Don’t show last access for non-
admins
12. Exclude logs from backup
11
11) Exclude logs form backup for non-admins
No access to backups at all
13. 12) Make Online Users customizable by
Block Online Users users
- additional option in user profile ( a la
email):
Option im Profil ähnlich wie Email
einfügen
(Sichtbar Moodle-weit, für
Kursteilnehmer, gar nciht)
- additional checkbox at login: show
online status
12
NOTE: If own status hidden, then
status of other users should be hidden
too!!
Administration/Modules/Block/Online Users
14. Block Recent Activities
13) Option for configuration: of online
status is hidden, don’t show the user
here!
13
15. Display Students in Course Lists
Configuration option: Show me in the course list to other users
16. Other Issues?
International
Projects
(different policies)
18. My proposition
• Sort things: What can be done with role definitions, what not?
• What options do we need at site level?
• What options do we need at user level?
• What options do we need at course level?
• Outline for a roadmap - how to integrate in Moodle
• Who ist responsible? Do we need money?
• Technical roadmap & non-technical Information