According to UNESCO statistics published on April 5, due to COVID-19 outbreak, 1.59 billion students could not go back to school as usual, accounting for 91.3% of world’s student population. In this special situation, several students have to learn online, where a large amount of personal data is shared, leading to the hidden risks of personal data security. Recently, it was reported that some widely-used learning platforms and tools have faced the risks of data leakage. For instance, over 500 thousand Zoom account information were sold on the dark web and about 22 million user data of Unacademy — the largest online learning platform in India, were also sold on hacking websites. Personal data and privacy protection have never been so urgent like today, and it has been listed by UNESCO as one of the biggest challenges that we are confronting.
On June 18, 2020, an international webinar entitled “How to Protect your Personal Data and Privacy in Online Learning” was held online. The webinar was co-organized by UNESCO Institute for Information Technologies in Education (UNESCO IITE), UNESCO International Research and Training Centre for Rural Education (INRULED), Arab League Educational, Cultural and Scientific Organization (ALECSO), Smart Learning Institute of Beijing Normal University (SLIBNU) as well as International Association of Smart Learning Environments (IASLE) and supported by the global online learning community Edmodo, a subsidiary of NetDragon Websoft Holdings Limited (HKSE: 0777). Several experts and guests have attended the webinar and put forward their valuable opinions and suggestions on data security and personal privacy protection in online learning, including Mr. Tao Zhan, Director of UNESCO IITE; Ms. Xiaoyun Wang, Academician of Chinese Academy of Sciences; Mr. Andreas Schleicher, Director of Education and Skills, Organisation for Economic Co-operation and Development (OECD); Mr. Joseph South, Chief Learning Officer, International Society for Technology in Education (ISTE); Mr. Yu Yu, Professor of Department of Computer Science and Engineering, Shanghai Jiao Tong University; Mr. Sergey Bezzateev, Professor of Department of Technologies of Information Security, St Petersburg State University of Aerospace Instrumentation, Russia; Mr. Robert Oboko, Professor of School of Computing and Informatics, University of Nairobi, Kenya; Mr. Ronghuai Huang, Co-Dean of SLIBNU; Mr. Dejian Liu, Founder and Chairman of NetDragon Websoft Holdings Limited, Co-Dean of SLIBNU; Ms. Shanahan Pa, Senior Security Expert of Alibaba Cloud; Mr. Tietao Guo, Data Security Architect of Tencent, etc.
Personal data and privacy protection in online learning is of great importance.
Dr. Tao Zhan, Director of UNESCO IITE pointed out that during COVID-19 pandemic, massive online teaching is carried out worldwide. Therefore, personal data and privacy protection have never been so urgent like today and become the common challenge faced by all countries. Hence, this webinar will promote collaboration among international organizations, experts from HEIs and technical service providers of online platform to take concrete action to protect personal data and privacy of students, teachers and parents.
Dr. Tao Zhan, Director of UNESCO IITE
Dr. Andreas Schleicher, Director of Education and Skills, Organization for Economic Co-operation and Development (OECD) mentioned that technology in the 21st century has presented new instructional approaches as well as potential risks. Therefore, as we use personal data for educational improvement and innovation purposes, such as conducting personalized teaching and learning and establishing knowledge base, we should also attach importance to the protection of personal data and privacy. Mr. Schleicher further noticed that the potential risks facing personal data and privacy cannot be eliminated and risk-based approaches should be adopted with a focus on the production process, content of data, usage of data and the potential consequences.
Dr. Andreas Schleicher, Director of Education and Skills, Organization for Economic Co-operation and Development (OECD)
Dr. Joseph South, Chief learning officer at ISTE, pointed out that data privacy and digital citizenship is a crucial part in protecting personal data and privacy. The concrete measures include preparing students to be digital citizens, cultivating their good habits of using applications and grasping the proper scale of online sharing, etc. The high-quality evaluation criteria made by ISTE also cover the responsibility of digital citizens, which provides solutions to the security issues in online learning.
Dr. Joseph South, Chief learning officer at ISTE
The application of cryptography can be an effective protection approach of personal data and privacy in online learning.
Dr. Xiaoyun Wang, Professor of Tsinghua University and Academician of Chinese Academy of Sciences, put forward that cryptography can play an important role in personal data and privacy protection in online learning. Cryptography can ensure the security, confidentiality and integrity of data so that personal data is indeed created by the claimed party and cannot be captured by any unauthorized party. As cryptography has already been applied to many areas, such as wireless communication, mobile network, Internet of Things (IOT), Big Data, cloud computing, AI, etc., it can also be utilized to facilitate effective personal data and privacy protection in online learning.
Dr. Xiaoyun Wang, Professor of Tsinghua University and Academician of Chinese Academy of Sciences
Dr. Sergei Bezzateev, Professor of St Petersburg State University of Aerospace Instrumentation, Russia pointed out that teachers, students and parents should be given different levels of reading-writing access authority respectively. With the help of hash functions, digital signature and blockchain technology, personal privacy in online learning can be protected. The impartiality of online exams and class order can be achieved by mental poker protocol and biometric authentication.
Dr. Yu Yu, Professor of Shanghai Jiao Tong University, mentioned that cryptography offers technical solutions to confidentiality, integrity, authentication and non-repudiation in online learning. To be specific, end-to-end encryption and Electronic Code Book (ECB) Mode Encryption can ensure the confidentiality of communication process. Digital signature and Message Authentication Codes (MAC) can ensure data integrity. Multi-factor authentication ensures the authentication of message. He also pointed out that personal data and privacy protection involves not only cryptography, but also human factors, thus people should raise their awareness of confidentiality and adopt strong confidentiality mechanism .
Dr. Yu Yu, Professor of Shanghai Jiao Tong University
Multiple aspects should be ensured to protect personal data and privacy in online learning.
Dr. Robert Oboko, Professor of University of Nairobi, mentioned that many universities in Kenya had adopted online learning during COVID-19 pandemic. To protect students’ and teachers’ data and privacy, the universities have taken measures from two aspects—external access and within the platform. The detailed security devices include plugins, strong passwords, firewalls, regular updates to seal security loopholes, HTTPS, Moodle platform, etc. Dr. Robert Oboko also pointed out that their protection system was still at a nascent stage and more focuses would be given on the improvement of online protection systems.
Dr. Robert Oboko, Professor of University of Nairobi
Dr. Shanshan Pa, Senior Security Expert of Alibaba Cloud, pointed out that the COVID-19 epidemic had accelerated the development of online learning, but students' awareness of online security stayed relatively weak. Attention should be paid to students’ personal data and privacy protection, the mechanism of which should be multi-level and needs the support of all sectors of society. Alibaba Cloud will definitely provide technical guidance and support for online teaching.
Dr. Tietao Guo, Data Security Architect of Tencent, shared several things to do and not do by online platform users to protect their data and privacy. The measures include encrypting data, securing devices, using strong and unique passwords, being alert to free WIFI, avoid clicking on unknown links or attachments, limiting social media sharing, being aware of monitor access right and privacy settings, seeking help actively when in online security trouble, etc. Tencent has been committed to providing users with high-quality services to protect their data and privacy and will actively offer technical support for network security of online learning.
SLIBNU released the handbook——Personal Data and Privacy Protection in Online Learning: Guidance for Students, Teachers and Parents
The Personal Data and Privacy Protection in Online Learning: Guidance for Students, Teachers and Parents (hereinafter referred to as handbook) is published by SLIBNU in partnership with UNESCO IITE and UNESCO INRULED. During the webinar, Dr. Dejian Liu and Dr. Lixin Zhu shared the main contents of the handbook.
Mr. Dejian Liu, Co-Dean of SLIBNU, proposed that new risks were emerging in online learning, such as the exposure of facial or voice information but online platform users were lack of awareness of such potential threats. Therefore, the handbook will detail all the useful recommendations for students, teachers and parents to protect their personal data and privacy and ensure the proper and effective use of personal data. Meanwhile, emerging technologies, such as AI, will also bring about new opportunities in this area.
Mr. Dejian Liu, Co-Dean of SLIBNU
UNESCO IITE released the handbook—— Personal Data Security Technical Guide for Online Education Platforms
The Personal Data Security Technical Guide for Online Education Platforms (hereinafter referred to as Technical Guide) is realized jointly by UNESCO IITE and the research team of Tsinghua University. This Technical Guide outlines key recommendations for online educational platform providers and relevant educational and technical administrators in terms of technical solutions, management and awareness raising. Dr. Denis Kapelyushnik, Programme Specialist of UNESCO IITE shared the main content of the technical guide.
The Technical Guide is for online educational platform providers and relevant technical administrators. It depicts personal data in online education platforms, data lifecycle, security properties and measures as well as cryptographic primitives, etc. It also mentions the security risks of personal data in online education platforms from three aspects, namely, technical risk, management risk and user operational risk. Moreover, relevant solutions have been proposed, including principles of personal data protection, recommended technical solutions, recommended security management, awareness raising of personal data privacy and protection, etc. Among them, recommended technical solutions mainly cover security of data lifecycle, network and system security, cryptographic techniques and key management.
Dr. Ronghuai Huang, Dean of SLIBNU, presented a brief summary of the webinar. He proposed five suggestions on personal data and privacy protection as follows:
First, the value of online learning deserves further notice. “Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all” is a sustainable development goal for 2030 agenda. Online learning is the basic method to construct the roadmap to achieve this educational goal, not only during the period of educational emergency, but also for the period of post pandemic and the future.
Second, the protection of personal data and privacy should be promoted urgently. The basic literacy on personal data protection during learning online, such as setting up devices, signing in LMSs, navigating learning platforms, are important for personal data security. In order to promote the protection of personal privacy in online learning, government’s policy standards, industry’s technology security system, and other stakeholders’ actions should collectively build a safety environment for online learning.
Third, learning online could be regarded as an important way to prepare digital citizen. A digital citizen has the knowledge and skills to effectively use digital technologies to communicate with others, participate in society and create and consume digital content. Online learning has become a typical learning scenario for students, and the online learning behavior, habits, and ideas will definitely affect their life. Guiding learners participate in an appropriate manner in online learning could prepare ready, purposeful, and skilled digital citizens.
Forth, collaboration skills could be drilled by cooperative learning in cyberspace. Individuals make meanings through the interactions with each other and with the environment they live. Online learning is not just to browse contents, but to interact with contents, peers, teachers and the environments. Therefore, students could utilize tools and techniques to communicate with peers and teachers in cyberspace, and at the same time understand how to protect their personal data in the communication process.
Fifth, digital learning could be infused with traditional education for flexible learning. Students could learn with free choices of times and location, digital resources, instructional approaches, learning activities, and support services, which is the near future’s flexible learning paradigm. The infusion of digital learning and traditional learning is the guarantee for flexible learning. The study of the infusion, including the personal data protection in the process, should be shared to bring a bright future for the mankind.
Dr. Ronghuai Huang, Co-Dean of SLIBNU
Click the link to download the handbook: