Coursera and Safe Harbour of student data

The European Union and Switzerland have agreements on free trade with the United States. One of those is Safe Harbour, which has drastic implication for privacy. In principle, Safe Harbour is a good idea: it creates little (business) friction but ensures some form of citizen oversight over the fastest evolving areas of e-commerce, by enforcing transparency [1]. It is being heavily tested though: in light of the Snowden revelations, there is growing understanding that this data originally held for commercial reasons is also a leverage of power. Andrus Ansip, the European Commissioner for Digital Single Market (designate) acknowledged this in his hearings to be confirmed.

Safe Harbour is not secure. The Agreement has yet to live up to its name. [..] If the U.S. Government does not make a clear statement, we must consider suspending the Agreement

—Andrus Ansip [2]

The developments around MOOCs have very serious consequences for privacy.

Dozens of European universities are working with US MOOC companies, spending lots, and ultimately contributing to data collection on millions of young EU citizens, all without clear purposes. There is very different cultural understanding across the Atlantic of the privacy protections of the relationships between platform and user, teacher and student and university and student. There are also very delicate (legal) constructions everywhere of what constitutes academic freedom.

All these ideas were extensively tested when I taught the class Teaching goes massive: new skills required on Coursera. Parts of this class were supposed to cover some of those issues, and explain directly to the students most concerned the privacy issues associated to Coursera's business models. Instead, I was censored, insulted, vilified and legally threatened, and Coursera used false, misleading or deeply intrusive data held about the course or me to get my employer to launch a disciplinary procedure against me (as even hinted to a newspaper!). On top, of course, my students have been left in the dark. And I have lost access to my course materials.

Fortunately, Safe Harbour is a recourse here for me (as it is to any European student on Coursera). I have submitted a request to Coursera, if only to get back access to the material created.

Moving forward, Ansip has decided to follow a suggestion of Julia Reda, a Pirate Party MEP, and host an online town hall meeting as well.

This hearing will take place soon, let's see what Coursera will have responded by then... [3]

[1] Let's say a US company wants to do business in the EU. The EU, well aware of dangers associated with big data businesses, is concerned about the privacy of its citizens. At the same time, it does not want to hamper innovation. The solution found with Safe Harbour is to enforce a series of privacy principles, as listed on the Wikipedia page:
  • Notice - Individuals must be informed that their data is being collected and about how it will be used.
  • Choice - Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
  • Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  • Security - Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
  • Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement - There must be effective means of enforcing these rules.
[2] Ansip is also former Prime Minister of Estonia, a country very much ahead in everything digital. One can even become e-citizen there and get digital residency, with minimal requirements.
[3] Not very promising actually: within a few minutes of my original email, I got a canned message back sending me to assistance forums. I replied that this was not an answer to my request, and got the same canned message once again... Possibly I am the first Coursera user to make use of Safe Harbour.