Privacy governance not included: analysis of third parties in learning management systems

Abstract: Purpose This paper aims to address research gaps around third party data flows in education by investigating governance practices in higher education with respect to learning management system (LMS) ecosystems. The authors answer the following research questions: how are LMS and plugins/learning tools interoperability (LTI) governed at higher education institutions? Who is responsible for data governance activities around LMS? What is the current state of governance over LMS? What is the current state of gover… Show more

“…Other findings suggest elements that could improve the trustworthiness of learning analytics practices. Sanfilippo et al (2023) "Privacy governance not included: analysis of third parties in learning management systems", Information and Learning Sciences, doi: 10.1108/ILS-04-2023-0033:…”

“…Learning management systems (LMSs), and the third-party plug-ins and learning tools interoperabilities (LTIs) embedded within, have become commonplace educational technologies in higher education. However, Sanfilippo et al (2023) note how these tools and the reliance thereon by instructors and students "was amplified throughout the COVID-19 pandemic, as digital solutionism paved the way for virtual classrooms and digital proctoring via synchronous and asynchronous means of collaboration between students and instructors." The problem for student privacy is that, they write, "higher education institutions have access to, and in many cases locally host, substantial amounts of student data on LMS[s] that provide third-party mechanisms to enhance interfaces, add new functionalities, and customize user experiences for specific institutions, departments, or courses.…”

“…Sanfilippo et al (2023) “Privacy governance not included: analysis of third parties in learning management systems”, Information and Learning Sciences , doi: 10.1108/ILS-04-2023-0033:…”

“…However, Sanfilippo et al (2023) note how these tools and the reliance thereon by instructors and students “was amplified throughout the COVID-19 pandemic, as digital solutionism paved the way for virtual classrooms and digital proctoring via synchronous and asynchronous means of collaboration between students and instructors.” The problem for student privacy is that, they write, “higher education institutions have access to, and in many cases locally host, substantial amounts of student data on LMS[ s ] that provide third-party mechanisms to enhance interfaces, add new functionalities, and customize user experiences for specific institutions, departments, or courses. The tight integration of first and third-party tools in this ecosystem raises concerns that student data may be accessed and shared without sufficient transparency or oversight.” To address governance issues associated with LMSs and LTIs, Sanfilippo et al (2023) conducted a multimodal study consisting of an online questionnaire collected from information technology professionals at seven universities in the USA and Canada, in-depth interviews with 25 data governance professionals and decision-makers at 14 US research universities, and documentation from 112 universities regarding LMS, plugin and LTI usage and management. Using the Governing Knowledge Commons framework in support of their analysis, Sanfilippo et al (2023) found few legal protections for students concerning third-party data flows, mostly failures of governance at the institutional level (with a few notable exceptions), and opaque decision-making processes.…”

“…The tight integration of first and third-party tools in this ecosystem raises concerns that student data may be accessed and shared without sufficient transparency or oversight.” To address governance issues associated with LMSs and LTIs, Sanfilippo et al (2023) conducted a multimodal study consisting of an online questionnaire collected from information technology professionals at seven universities in the USA and Canada, in-depth interviews with 25 data governance professionals and decision-makers at 14 US research universities, and documentation from 112 universities regarding LMS, plugin and LTI usage and management. Using the Governing Knowledge Commons framework in support of their analysis, Sanfilippo et al (2023) found few legal protections for students concerning third-party data flows, mostly failures of governance at the institutional level (with a few notable exceptions), and opaque decision-making processes. They argue that “that student privacy is being overlooked, ignored, and, in some cases, intentionally sacrificed [….]…”

Guest editorial: The datafication of student life in higher education: privacy problems and paths forward

“…Other findings suggest elements that could improve the trustworthiness of learning analytics practices. Sanfilippo et al (2023) "Privacy governance not included: analysis of third parties in learning management systems", Information and Learning Sciences, doi: 10.1108/ILS-04-2023-0033:…”

“…Learning management systems (LMSs), and the third-party plug-ins and learning tools interoperabilities (LTIs) embedded within, have become commonplace educational technologies in higher education. However, Sanfilippo et al (2023) note how these tools and the reliance thereon by instructors and students "was amplified throughout the COVID-19 pandemic, as digital solutionism paved the way for virtual classrooms and digital proctoring via synchronous and asynchronous means of collaboration between students and instructors." The problem for student privacy is that, they write, "higher education institutions have access to, and in many cases locally host, substantial amounts of student data on LMS[s] that provide third-party mechanisms to enhance interfaces, add new functionalities, and customize user experiences for specific institutions, departments, or courses.…”

“…Sanfilippo et al (2023) “Privacy governance not included: analysis of third parties in learning management systems”, Information and Learning Sciences , doi: 10.1108/ILS-04-2023-0033:…”

“…However, Sanfilippo et al (2023) note how these tools and the reliance thereon by instructors and students “was amplified throughout the COVID-19 pandemic, as digital solutionism paved the way for virtual classrooms and digital proctoring via synchronous and asynchronous means of collaboration between students and instructors.” The problem for student privacy is that, they write, “higher education institutions have access to, and in many cases locally host, substantial amounts of student data on LMS[ s ] that provide third-party mechanisms to enhance interfaces, add new functionalities, and customize user experiences for specific institutions, departments, or courses. The tight integration of first and third-party tools in this ecosystem raises concerns that student data may be accessed and shared without sufficient transparency or oversight.” To address governance issues associated with LMSs and LTIs, Sanfilippo et al (2023) conducted a multimodal study consisting of an online questionnaire collected from information technology professionals at seven universities in the USA and Canada, in-depth interviews with 25 data governance professionals and decision-makers at 14 US research universities, and documentation from 112 universities regarding LMS, plugin and LTI usage and management. Using the Governing Knowledge Commons framework in support of their analysis, Sanfilippo et al (2023) found few legal protections for students concerning third-party data flows, mostly failures of governance at the institutional level (with a few notable exceptions), and opaque decision-making processes.…”

“…The tight integration of first and third-party tools in this ecosystem raises concerns that student data may be accessed and shared without sufficient transparency or oversight.” To address governance issues associated with LMSs and LTIs, Sanfilippo et al (2023) conducted a multimodal study consisting of an online questionnaire collected from information technology professionals at seven universities in the USA and Canada, in-depth interviews with 25 data governance professionals and decision-makers at 14 US research universities, and documentation from 112 universities regarding LMS, plugin and LTI usage and management. Using the Governing Knowledge Commons framework in support of their analysis, Sanfilippo et al (2023) found few legal protections for students concerning third-party data flows, mostly failures of governance at the institutional level (with a few notable exceptions), and opaque decision-making processes. They argue that “that student privacy is being overlooked, ignored, and, in some cases, intentionally sacrificed [….]…”

Guest editorial: The datafication of student life in higher education: privacy problems and paths forward

Privacy Concerns of Student Data Shared with Instructors in an Online Learning Management System

Student Privacy Activism: Protesting Radical Digital Transformation in EdTech