Media coverage of MOOCs and data protection (updated)

There was this week some coverage in the news of privacy issues in MOOCs, particularly around the startup Coursera.

The journalists asked a data protection official of a Lander in Germany and of the Canton of Zurich, who confirmed that Coursera could do anything they want with the data collected.

I was most surprised by how tone deaf the Munich academic was at those concerns. Then I saw that he is a professor of computer science and economics. From my experience discussing with dozens of professors about MOOCs, this is definitely a two-culture issue, with the CS people at one end of the spectrum. (update: judging from the response of the vice-rector of the University of Zurich, a jurist, there goes my theory...)

Of course privacy is a very narrow framing of the issues that MOOC platforms raise, particularly when they are based in the US. For a quick recap, you can consult a Storify I made a while back, or if you have more time watch for instance my talk in DC from a few weeks ago.

OpenEdXUniversities conference in Washington DC, at GWU

On November 11 2015, I gave a talk at the OpenEdX Universities conference at George Washington University in Washington DC. The tile was "Educators as pathetic dots -- Why we need collaborative models in education".

The talk was filmed. You can access it as a dual video stream here (Session 4), or below as an embedded YouTube of just the slides (first 30 minutes or so).

The slides are downloadable here.

Tequila, U.S. surveillance and me

Do we all have something to hide? Hopefully so.

My life was scheduled to change on September 12th 2001. I was supposed to move to the US, through New York, to study at Stanford for my PhD. That didn't happen, of course. The day before, as I was saying goodbyes to friends at home, we watched horrific images on television. We learned through the TV ticker tape that all transatlantic flights were grounded. I remember staying in bed for the whole week after that, sick from egoistic stress: it felt as if World War III was about to erupt, and I was moving across the world in the middle of all that. Still, in the days that followed, I tried day after day to get a seat on a plane so I could move on time for my classes. Eventually, I flew in on September 17th, still routed through New York. I remember feeling relief when we took off. When we arrived though, we circled around the long plume of smoke and I felt overwhelmed with what had actually happened. Around me, all the passengers were New York residents, sobbing as they discovered the changed landscape of their city.

I flew on, and landed in California. Like everyone else, I rushed to buy a bike after realising how humongous the campus is. I remember making all the efforts to settle in: social security number, campus card, bank account, etc. Bought a phone and all the other dorm essentials. The general impression (on campus) was that the "events" were an East Coast thing, still far from the relatively peaceful West. Anyways, there was little time to reflect: it was the first week of classes, where I quickly understood how hard my first year would be leading up to my qualification exams. It was my 20th birthday that week. The older grad students had organised a party at the end of the first week, so I celebrated with them.

(Click to read the rest of this post)

How to file a Safe Harbor request for your personal data

This is a short practical guide for Europeans and Swiss residents to file a Safe Harbor request for their personal data from a US company.

What is Safe Harbor?

The International Safe Harbor Privacy Principles are a set of regulations between the United States and either the European Union or Switzerland, which allow individuals based in those countries to claim back their personal data from US-based corporations.

Copy-pasting from wikipedia, these principles must provide:

  • Notice - Individuals must be informed that their data is being collected and about how it will be used.
  • Choice - Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
  • Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  • Security - Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
  • Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement - There must be effective means of enforcing these rules.

This is meant to replicate a level of privacy protection similar to that enjoyed at home. Some companies implement these rules as services that you can activate yourself (like Facebook and Twitter, for instance, although some are arguing Facebook is not transparent enough).

(Click to read how to actually apply)

Dear Daphne

The following is an open letter to Daphne Koller, CEO of Coursera. I sent her also a copy via email.

Dear Daphne,

Please send the email below to the students of my course "Massive Teaching: New skills required" to the entirety of my class.
As you know, I am unable to send it now that my Coursera instructor rights have been removed.

Sincerely yours,

Prof. Paul-Olivier Dehaye
University of Zurich

(Click to read the letter itself)

Extended statement on #massiveteaching (part II)

(This post is meant to be an account what happened in the Coursera course Massive Teaching: New skills required. I suggest reading the previous post first. This honors my commitment to trying to get the truth to my students)

Why the course?

I do believe that MOOCs offer many opportunities. Beyond providing educational material at a very large scale, they might for instance also help strengthen democracy or enable new discoveries. I have submitted a grant proposal along those lines. Since utopian ideas often get compromised and ultimately shaped by commercial interests, I started in May 2013 to take a closer look at contracts between MOOC providers and educational institutions. Coursera was a natural choice for my focus: my university has partnered with them, they use closed source software (which increases lock-in), and they are the leading MOOC provider right now.

What I read really bothered me, for a wide array of reasons. While the utopian vision of MOOCs (free-education-for-all) is compelling, these contracts reflect a very disturbing approach to that goal. In my opinion these contracts will have large societal implications, should they become the norm: disappearance of academic freedom, of the free agency of students, and complete disappearance of any form of privacy when learning. When I tried to communicate this around me, I encountered a clear lack of information on the subject. Getting past the utopian vision took time. Once there, many responded that my concerns were valid and worth discussing. In any case, this approach was ineffective: MOOC partnership decisions are often made by university administrations, based on factors other than those that drove my concerns.

I decided that the best way to proceed was to teach a MOOC on the topic. The most natural place to do so was of course Coursera, and it also seemed natural to address the course to professors, i.e. individuals who might be able to affect decisions at their own institutions or in their local communities. It would also allow me to reach out to the more "typical" Coursera students and explain to them the contracts that are constructed around their learning. Finally, I thought it would be interesting to see the capacities at Coursera to reflect on their own practices.

I understand the paradox of teaching on Coursera about concerns relating to teaching on Coursera, but made the calculation that the benefits outweigh the costs in this case.

(Click to read the rest of the statement)