Activity data and data protection – what am I allowed to do?
JISC has been engaging in scoping the potential for activity/usage data for the HE sector under the Activity Data Programme with 9 projects. There is much potential that activity data brings in terms of business intelligence for various uses such as recommendation services, collections management etc. A very engaging synthesis of the work has been produced plus high level guides for activity data.
However up to this point, the relationship of usage data and the potential arising from data protection issues has not been explored in depth. Following on from a report commissioned from JISC Legal together with a briefing paper by Naomi Korn and Charles Oppenheim, certain issues have been explored in depth which are not clear cut such as the creation and subsequent use of anonymised data which does not contain any personally identifiable information (name, age etc) but where the mashing up of this data could lead to a user being identified. Services therefore need to be mindful of this but not let it prohibit the potential that activity data affords. The papers and accompanying FAQs explore these cases as well as instances where consent has been given to use personally identifiable information, the importance of seeking consent, how consent might be given and when?
- High level guides for activity data
- Personal Data and Consent Management: A Briefing Paper with FAQs
- Consent Management: Handling Personalisation Data Lawfully (full report)