🔐

Online Learning Privacy Webinar

Nov 26, 2025

Overview

International webinar on protecting personal data and privacy in online learning during COVID-19. Speakers from UNESCO, OECD, academia, and industry shared risks, frameworks, technical guidance, and practical measures.

Context and Organizers

  • Organized by UNESCO IITE, UNESCO (Beijing), Smart Learning Institute (BNU), and partners.
  • Fifth webinar following topics on flexible learning, active learning at home, higher education, and OER.
  • Two complementary guides introduced: a user-focused handbook and a technical guide for platforms.

Keynotes: Policy and Global Perspective

  • Urgency: Online learning growth exposes student data and privacy risks; UNESCO lists this among top challenges.
  • OECD perspective (Andreas Schleicher):
    • Balance data use benefits (personalized learning, feedback, evidence) with privacy risks (profiling, discrimination).
    • Traditional privacy tools (access limits, consent checkboxes) are insufficient in big data contexts.
    • Advocate risk-based approach; combine data-focused measures (de-identification) with governance (access models, supervised use, security, training).
    • Preserve analytical value while managing residual risk; keep ahead of emerging threats.
  • Collaboration: Multi-sector effort including universities and companies (Microsoft, Blackboard, Alibaba, Tencent).

Cryptography Foundations and Applications

  • Core security goals:
    • Confidentiality: Prevent unauthorized reading (encryption, end-to-end models).
    • Integrity: Detect tampering (hash functions, digital signatures).
    • Authentication: Verify identity (knowledge-, crypto-, biometric-based; multi-factor).
    • Non-repudiation: Prevent denial of actions (digital signatures).
  • Implementation notes:
    • Use secure encryption modes; avoid insecure AES-ECB; prefer modes that hide patterns.
    • End-to-end encryption when servers are untrusted or compromised.
    • Biometrics raise privacy concerns; cannot be changed if compromised.
  • Distance education protections:
    • Protect student/teacher info, learning materials, test items, results.
    • Use hierarchical access control, multi-factor authentication, blockchain for integrity proofs.
    • Fair exams: honest lottery (mental poker), identity verification, immutable result recording.

Handbook: Guidance for Students, Teachers, Parents

  • Rationale: Massive shift online; risks span device, network, platforms, social tools, and content sharing.
  • Personal data scope: Identification, authentication, health, financial, communications, contacts, device IDs, IP, location.
  • Privacy types: Physical, informational, decisional, associational.
  • Process-focused guidance:
    • Before learning: Secure devices, networks, tools; configure settings; manage permissions.
    • Signing up: Use strong passwords; cautious account creation on shared devices.
    • Navigating platforms: Adjust privacy settings; limit data disclosure.
    • Using social networks and video: Manage URLs, conferencing settings; post responsibly.
    • After learning: Clear personal data, caches, and residual activity; remove unnecessary app access.
  • Tension: Data can improve learning and research but carries misuse risk; aim for proper, minimized, and secure use.

Technical Guide: Online Education Platforms

  • Audience: Service providers, IT staff; supports authorities on compliance.
  • Covered platforms: Webcasting (e.g., conferencing), LMS, MOOCs, communication tools.
  • Risk types: Technical (hardware/software), data control, user operational errors.
  • Data lifecycle protections:
    • Collection, transmission, use, storage, destruction; access control and key management.
  • Security management:
    • Planning, monitoring, incident response; assurance procedures for large-scale systems.
  • Awareness: Curriculum integration, digital citizenship education, public engagement.
  • Developed with experts from universities and companies; aligned with ISO standards and UN agency resources.

Digital Citizenship and Practice (ISTE)

  • Framing: Privacy as part of being “alert” within digital citizenship (inclusive, engaged, informed, balanced, alert).
  • Classroom practices:
    • Review and adjust device privacy/location settings.
    • Update software; clean unused apps; create positive digital footprints.
    • Teach what to share/not share; build valuation of privacy, not just knowledge of steps.
  • Support: ISTE Standards (students, educators, leaders), professional learning, platform privacy certification, micro-courses on online learning and data privacy.

National/Institutional Experiences

  • Kenya university context:
    • Rapid adoption of Moodle and synchronous tools (Zoom, BigBlueButton, Google Meet).
    • Importance of protecting learner and instructor data; vulnerabilities include search exposure, password attacks, web indexing, open ports.
    • Measures: Frequent LMS updates, vetted plugins, HTTPS, strong passwords, least privilege, backups, firewalls, disable unused services, regular log hygiene.
    • Emphasis on user practices: logout, avoid password sharing; security maturity is evolving.

Industry Practices and Tips

  • Alibaba Cloud:
    • Privacy/security by default; layered defenses across physical, infrastructure, network, app, data.
    • Multifaceted controls as single methods can fail; pandemic increased attack surface and urgency.
  • Tencent:
    • Principles: Data for social good; privacy/security by design across entire data lifecycle.
    • Internal security labs and response centers; advanced tools for endpoint protection.
    • Practical user tips:
      • Encrypt data: Use HTTPS; enable disk/file encryption (e.g., BitLocker).
      • Secure devices: AV/anti-spyware/firewall; patch regularly; lock and logout; minimize local sensitive data.
      • Strong, unique passwords; consider long passphrases.
      • Avoid public Wi‑Fi for sensitive logins; prefer secure networks or encrypted sites.
      • Beware phishing; avoid suspicious links/attachments.
      • Limit social media sharing; “once online, always online.”
      • Control microphones/cameras; cover/unplug when unused.
      • Know privacy settings/policies; understand data collection, use, sharing, deletion.
      • Ask for help; report suspicions to teachers/parents; contact platforms for data actions.

International Regulations and Actions

  • UN resolution (2013): Offline rights apply online; protect privacy in the digital age.
  • GDPR referenced; national certifications and strict data access models noted (e.g., EMIS constraints).

Structured Highlights

AreaRisks/IssuesRecommended MeasuresStakeholders
Data use in educationProfiling, discrimination, repurposingRisk-based approach; preserve analytical value; governance + data controlsPolicymakers, OECD, UNESCO
ConfidentialityInterception, server compromiseEnd-to-end encryption; secure modes (avoid AES-ECB)Platform providers, IT
Integrity/AuthenticityTampering, identity fraudHashes, digital signatures, MFA; blockchain for auditsPlatforms, institutions
User behaviorWeak passwords, oversharing, phishingStrong unique passwords; privacy settings; awareness trainingStudents, teachers, parents
Devices/NetworksUnpatched systems, public Wi-FiSecurity software; updates; HTTPS; avoid public Wi‑Fi for loginsUsers, IT support
Platforms (LMS/Conferencing)Vulnerable configs, pluginsUpdates; vetted plugins; least privilege; firewalls; logsUniversities, admins
Lifecycle managementPoor key/access controlData collection-to-destruction controls; incident responseService providers
Social media/videoExposure via posts/camera/micLimit sharing; manage conferencing settings; cover devicesUsers
Policy/regulationIneffective consent; gapsSupervised access models; awareness; compliance with standardsAuthorities, vendors

Key Terms & Definitions

  • Confidentiality: Preventing unauthorized data access; often via encryption.
  • Integrity: Ensuring data remains unaltered; verified by hashes/signatures.
  • Authentication: Verifying identity; knowledge-, crypto-, or biometric-based; MFA combines factors.
  • Non-repudiation: Assurance that an action cannot be denied later; digital signatures.
  • End-to-end encryption: Only endpoints can decrypt; intermediaries cannot read content.
  • Digital citizenship: Competencies for safe, ethical, effective digital participation.

Action Items / Next Steps

  • Students/Teachers/Parents:
    • Audit and adjust device/app privacy and location settings.
    • Use strong unique passwords; enable updates; avoid public Wi‑Fi for logins.
    • Manage conferencing and posting practices; clear residual data after sessions.
  • Institutions/Platforms:
    • Implement risk-based privacy frameworks; secure data lifecycle and access controls.
    • Keep platforms updated; enforce HTTPS; configure firewalls; vet plugins.
    • Provide awareness training and digital citizenship programs.
  • Policymakers/Partners:
    • Foster multi-sector collaboration; align with international standards.
    • Support dissemination of the user handbook and technical guide.

Full transcript