Web 2.0 – now more often referred to as Social Media – services and tools are increasingly being used in universities for admin, teaching, learning and research purposes. This document offers guidance to staff on the implications that can arise if you intend to use Web 2.0, specifically as part of any course/module activities involving students. Note, however that this guide focuses on issues specific to using external Web 2.0 services/tools and mainly focuses on services which ‘host’ your content or data – (by ‘host’ we simply mean that the service ‘holds’ your content as you use the features and functionality provided by the site). Issues that are common to Web 2.0 services regardless of whether they are internally or externally hosted are not specifically addressed. Another point to bear in mind is that the nature and use of Web 2.0 services can change and expand rapidly. It is inevitable that the information herein will be far from a complete guide to all of the issues. You should seek other relevant advice and use your own common sense as well as relying on this document. Content
- Service- related issues
- Legislative Issues
- Data protection
- Intellectual Copyright
- Accessibility Legislation
- Mitigating Liabilty
- Briefing Students
- Personal Information
- Deleting Information
- External Services for Assessment
1. Important Issues to consider and investigate: 1.1. Service-related Issues Upon using an external web 2.0 service/tool you are ‘signing’ an agreement between you and the company providing the service. It is essential that you consider how the service will handle the service-related issues outlined below.
- Service Resilience: will the company still exist in the medium-term? Is the company well-established? Who else is using the tool/service? What are their experiences? For how long do you expect to be using the service/tool? Are you prepared to migrate if you find that another service/tool provides the same or more functionality? What would the impact be if the service was withdrawn or ‘taken over’?
- Confidentiality and Privacy: it is important to familiarise yourself with the Terms and Conditions of any internet service and ensure that you are satisfied with any policy they may have about managing and disclosing your ‘data’ (this includes student ‘data’ depending on the nature /functionality of the site). Trustworthy services will only disclose your data to those with legitimate reasons for accessing it, e.g., contractors or technicians who work on the service to make improvements or to carry out repairs. Does the service meet legislative requirements, such as those covered in the Data Protection Act 1998? (See “Legislative issues”, below).
- Copyright and Content Distribution: if you own the copyright over the material that you ‘post’ or create on the site, it is essential to check what rights you hold on the data and if it will be used in any other way by the site provider. You will need to consider whether you control the ways in which your content is distributed. Most ‘Terms of Service’ state that you grant the service a licence under which the service can display, distribute, modify, adapt, and publish your content. This is done because the service doesn’t want to be sued by you for breach of copyright when they display your material. However, you need to consider the broader implications of such a licence. Is your work automatically licensed or sub-licensed under a Creative Commons licence. You should never use other people’s copyright material on your site unless you have the necessary permission. The same is true for your students. As a rule-of-thumb, make reference or add an external link to the source; do not deep-link.
- Data Security and Back-ups: it is important to check that the ‘site’ has a contingency plan or some ‘protection’ in place that prevents unauthorised access to your data, and whether there is some back-up facility in the case of tampering, loss of data or deletion. Is there a method for ‘backing up’ your data, such as an ‘export function’? Can your data be easily imported into another suitable format? Will your data be deleted if it has been ‘idle’ for a certain period of time? It is important to check that your data will be secure should you need to retain it within the site for a long period of time. These issues are crucial if you are assessing student work externally.
- Help and Support: it is useful to know what kind of help and support is available. The site may have FAQ section, a community forum and or further resources with which you should become familiar. Note: differences in ‘time zones’ can affect support availability.
Return to top 1.2. Legislative Issues Upon using an external web 2.0 service/tool you are personally ‘signing’ an agreement between with the company providing the service. The ‘Web2Rights’ project, funded by JISC, has created a number of resources to address legal issues that can arise. It is essential that you are familiar with the issues outlined below.
The Data Protection Act 1998 confers responsibilities on the University for ensuring that all personal data it collects and processes about students and employees (past and present) is used appropriately and that it is kept secure. There are strict rules about what data we can and should pass to third parties, and it is important to ensure that these rules are not inadvertently breached when using external service providers. Failure to comply with the legislation can result in the University being sued or in damage to its reputation. In almost all cases, it is quicker and simpler to avoid difficulties by addressing compliance issues when setting up a service, rather than waiting to deal with potential non-compliance issues when they arise. The DPA applies to information about identifiable individuals (“personal data”). When using externally-provided Web 2.0 services, it is almost always necessary to use personal data – for instance, the user’s email address, name, ID number, perhaps their address, personal interests etc – so in most cases the DPA requirements will apply. Information about the University’s Data Protection Policy can be found HERE. You should ensure that the service provider can only use your data in ways or for purposes specified by the University, and that appropriate standards of confidentiality and security are achieved. Further below, in Section 4.0, we have outlined how you can mitigate liability. A particular issue you should be aware of when using an external service provider is the Transfer of Personal Information Outside the EEA. The Data Protection Act prohibits the transfer of personal data outside the European Economic Area unless certain conditions are met. You can avoid this difficulty in a number of ways:
- by using a standard web service to which users sign up at their own choice;
- by arranging the use of the service so that the user registers directly with the service, is aware of the overseas transfer, and has control over what information is provided to the service provider; or
- by negotiating a customised agreement with the service provider.
All web based material is the copyright of someone or some entity, although rights to use such material for certain purposes may have been assigned under schemes such as Creative Commons’ licences. Staff and students should take care to ensure that content taken or used from other websites does not infringe copyright. Guidance on the use of copyright material in e-learning may be found on the library webpages (http://library.dmu.ac.uk), or for further advice contact the University Copyright Officer – Rohitbhai Tailor (firstname.lastname@example.org) Content created and posted by students and staff will also have intellectual property rights and it is important that such content is also appropriately protected and addressed. You may the application of a Creative Commons licence helpful in this respect (see http://creativecommons.org/licenses/)
The Disability Discrimination Act 1995 and subsequent amendments places significant responsibilities on the University, and it is important to ensure that by using an external service, you are not placing the University in breach of its responsibilities. The level of accessibility of external websites will vary. Regulations and expectations in the country where the website is hosted may be different from the UK, so be aware that service provider claims of “accessibility” may not necessarily be adequate and you may be required to provide information in a different format, as a reasonable adjustment. For useful further information, see the IT Policies of use and Regulations Return to top 2. Mitigating Liability The information here is drawn from the online web 2.0 survival guide: You can mitigate some of the risks and potential liability involved in using an externally hosted service by addressing the below points:
- It is essential to ensure that students are clear about the service they are being asked to participate in; explain what it actually means when they sign up to this service. You can do this by providing an in-class briefing, as well as written information in the course guide. By providing clear instructions as to how you expect the students to use the tool/service for the task in hand you can avoid many potential issues outlined above whether this be for the short term or long term usage of the service/tool.
- Choose services that give students good control over their own personal information, that give them easy back-up or export options, and that allow you to delete material quickly. Give advice here to students as appropriate.
- Take sensible precautions when using external tools for assessment purposes.
Briefing students If possible use the module/programme website to tell students about the service(s) they are signing up for. It is also a good idea to provide an in-class briefing, to allow for any questions to be raised in a group setting. Inform students about the following, as applicable.
- That they will be signing up for an externally hosted service.
- That they are entering into an individual agreement with the service provider, and not with your institution.
- That because they are registering directly with the service, they are personally responsible and legally liable for any material they post on the site. See ‘Guidelines for online communication’.
- What information will be provided to the service provider?
- What information will be viewable on the internet?
- How the service provider or how the service uses the data it gathers.
- About the risks involved in disclosing personal information to both the service provider and to a broader audience.
- About any potential risks to intellectual property.
- What intellectual property or copyright is handed over to the service provider.
- How they can opt out of cookies and monitoring through their browser settings.
- How they can opt out of marketing and spam email messages sent by the service, if applicable.
- How they can back up or export their work, and how often they should do this.
- That they are responsible for all work and material provided under their own login details. They cannot claim to be the author of work done under another student’s login.
- That they will be held responsible for posting material that brings your institution into disrepute or that causes offence.
- Whether or not use of the service is compulsory. You may have to negotiate a different assessment item with a student if they have legitimate objections to using the service.
- How much personal information are users required to disclose when signing up? Avoid services that ask for too much information from students though you may be asked as ‘admin author’ of your site, e.g., address, age, gender, occupation, and ethnicity. NOTE: Many services ask that you provide your age as part of the sign-up process. This is because some services require that you be above a certain age before you can use their product.
- Can users create aliases? This is essential for students under the age of 18. Use a service that allows users to create a ‘publicly displayed name.’ It is important that you can still identify your students via their public name: ‘PinkLadyNo3′ is no use to you.
- Is a student’s email address displayed? Avoid services that require a user’s email address to be publicly displayed.
- Do students have control over what information is given to the service provider? They shouldn’t be asked to give away their address, phone numbers, age, gender, ethnicity, occupation or other identifying information. Note, though, that some services require you to be over a certain age before you can use the service.
If you have any doubt about the type of personal information your prospective service provider requires, please seek advice from the University Data Protection Advisor (email@example.com) before you proceed. Backups
- Does the service allow users to backup or export their work to their desktops? Avoid services that do not support this function.
- What responsibility do students have for backing up their work? Students should be responsible for backing up their work. Advise them to make a backup each time they have made a significant change to their site, and to make a backup of the final submitted version of their work. Advise your students to have a backup of their work they have created online. This will help mitigate the situation where a student claims that their work has disappeared from a website.
- What is an acceptable file format for backups? Choose a format that is transferable (e.g., html, xml, opml), and that isn’t specific to this provider. Before you use a service in class, test the backup function that a website offers by exporting your content to your desktop and then importing it into another service to see if it works.
- If necessary, will you be able to read the backup file easily? For example, html can be easily read in an internet browser, but xml will require you to either convert the file so that it is human-readable, or it will have to be imported into software that can read it.
- Can you take down or delete information once the course has ended? Or do you want the information to be available to future classes? Choose a service that lets you control when and if information can be removed.
- Can you take down information quickly and easily if defamation or a breach of copyright, privacy or legislation has occurred? Choose a service that gives you control over posts, comments and discussions.
- Will the service delete your information if it has remained ‘idle’ for a certain period of time? This may not be a problem if you want to delete the site after a period of time, but your institution may have regulations about the length of time that information should be stored.
- Does use of the service comply with your institution’s policies and regulations on assessment?
- How visible is a student’s work to other students? Is this appropriate? Choose a service that lets you or your students control who can view their work: the whole world, just classmates, just the teacher.
- If you’re asking students to work on a group task, can you track who has contributed what to the assignment? You need a service that allows users to be identified when they make a post, comment or other contribution.
- What will you do if a site is unavailable? You may need to have a backup plan where you can ask students to complete the assignment in a different format. However, if you have insisted that students have backed up their work in an appropriate file format (see above under ‘Backups’), then you should be covered.
- What will you do if a student says that they have done the work but that it has disappeared from the site? Again, you should have a backup plan for this situation. If students are the administrators of their own sites, then it should be their responsibility to backup their work every time they make significant changes, and at the time when they submit the assignment.
- What if a student claims that they are the true author of a work, but that it was done under someone else’s login details? The service you sign up for should give a date stamp for each entry that is made to the site. This is one way of telling when changes are made, but students might alter the ‘backdate’ their own computer’s clock to get around this. Similar to the point above, choosing a service that gives you the capacity to lock pages might be your best solution.
- How long will you need to keep the assessment item? Will the service still be around by then? This links with our institution’s assessment guidelines, policies and procedures. You need to be clear about what is required of you in this regard, and you need to have a fair amount of faith in the service’s longevity. You should at least have electronic backups of all work handed in for assessment.
You should also read the DMU eAssessment Guidelines Do not
- Provide information about other people without their express consent
- Upload database files containing people’s names and addresses
Web 2.0 tools provide flexibility in learning and teaching, they are easy to use and often very powerful. Web 2.0 services are continually in development (they are said to be in ‘perpetual beta’ mode); meaning that improvements to the software are always being made and uploaded and that you are always working with the latest version of the product. With Web 2.0, students can participate easily in the creation of content, sites and their own learning space. Help & Advice If you have any concerns or questions about the issues raised in this guidance, please seek help from the web 2.0 service/site provider and your Faculty ELT Project Officer. You might also usefully review the JISC Legal Web 2.0: Tutor’s Legal Issues Checklist and JISC Legal Information which cover a wider range of contexts using technologies in learning. Acknowledgements These guidelines were based on guidelines produced by the Web2.0 Survival guide and Chris Adie, at the University of Edinburgh. They have been amended under a Creative Commons Licence. Return to top