Last updated: 
3 months 1 week ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

My Algorithmic "Friend"

In a workshop at last week's AMOSSHE conference, we discussed how wellbeing analytics might be able to assist existing Student Support services.

Student support is simplest when an individual themselves asks for help: a support service can immediately begin to discuss – using toolkits such as that developed by UHI and AMOSSHE – what the problem is and how the university or college can help. Sometimes a friend will report concerns: in this case the support service needs first to work out how to contact the individual and find out if they do, indeed, need help. This must be done in ways that minimise risks to privacy, wellbeing and trust (in both the organisation and the friend).

It has been suggested that algorithms like those used for learning analytics might be able to act as "friends" for everyone in the university: raising alerts when data suggest there may be a wellbeing issue. This amplifies the challenges of human friend reporting – not least because we can't discuss concerns with an algorithm – and expands the risks, as well as the potential benefits, to everyone, not just students with concerned friends.

The Jisc Learning Analytics Code of Practice and legal model seem to provide a good basis for this kind of Wellbeing Analytics, but both need to be adapted to deal with health (in legal terms "Special Category") data. The rules derived from Legitimate Interests for "Analysis of Learning" need to be supplemented for "Analysis of Wellbeing" with those for Preventive Medicine in EU law, and for Public Interest/Confidential Counselling under the UK Data Protection Act 2018. The attached draft annex to the Learning Analytics Code of Practice includes these additional requirements.

Probably the most important point is that policies, data, systems, algorithms and processes need to be overseen by health professionals, though they can be operated by tutors and others. As a recent Guardian article observes, these processes look a lot like medical diagnosis, which is a regulated activity.

Data Protection law, too, is likely to consider wellbeing analytics a high-risk activity, requiring a formal Data Protection Impact Assessment to identify the risks to individuals and ensure they can be managed. Prior consultation with the Information Commissioner may also be needed. Wellbeing Analytics will require even greater care than Learning Analytics in describing, protecting and reviewing the data, processing and results.

Finally, thinking of algorithms as a "friend" highlights some particular concerns:

  • Beware of anything that could feel like "surveillance": no one asks Big Brother for help;
  • Keep testing and refining the data and algorithms, just as you test and refine your guidance to human friends: remember that the algorithm will never be "right";
  • Start from a robust process for human friends: strengthen it to cope with algorithmic "friends" who know everything about data, little about context and nothing about empathy.

If you have comments on the draft Wellbeing Analytics Code of Practice, please send them to <andrew.cormack@jisc.ac.uk>