Being at the intersection between technology and regulation for the past decade means that the European Union’s General Data Protection Regulation was no surprise. It was, in fact, the tip of the iceberg, and while news from Europe has put it above the surface, in reality the concerns about data, privacy and security are widespread and practically unanimous among those in the know.
Jake Dallimore is one such people, but not the only one at Moodle HQ. The team understood early on that privacy laws, while advancing at different speeds around the world, were a global concern. So unlike other technology companies, Moodle decided on one approach that brings the state-of-the-art in protection and compliance, to every Moodler regardless of their location. After all, it’s not just the privacy of Europeans that matter. The result has been known for about a year: The Moodle GDPR plugins, with the new roles and interfaces they bring along.
Dallimore brought an update of the team effort to the Brisbane audience last month. GDPR is a development priority and will continue to be well beyond Moodle 3.6, superseding other initiatives and focuses – a decision not without controversy. The current frontier involves an expansion of what a Moodle Data Officer is capable of and how easy it is to do so. Moodle will help those in charge of privacy to easily update policies and request new acceptances, as well as to keep track of requests including complete removals or erasures. It is expected that GDPR will be amended in the not so near future, or that rules from other regions will become law; which means policies are likely to change. Policy versioning tools will significantly simplify the job of keeping track of versions and re-acceptances.
Related to the above, Moodle sites can have custom policies beyond what GDPR requests. Examples can be as simple as cookie policies, or trade-specific specialized agreements. The possibility to request acceptances from only a subset of users or cohorts is also in the works. This includes, but is not limited to, cases of age restrictions.
In general, Moodle strives to make the job of the Data Privacy Officer easier, but as its been stressed before, they still need to make sure they develop and enforce clear rules about the “whats, whys, for whats and by whos” of personal data use.
Another vast field of development involves extending GDPR compliance to plugins. The core of the effort takes place at the “Privacy API” which the plugin developers can use to offer a safe transfer of data.
Dallimore’s talk not only offers the latest updates, but a careful look at the processes available in Moodle 3.5 and the upcoming 3.6. They include data and plugin registries, time and expiry dates, and more. Watch it in full for an up-to-date look at data protection, made easy.■
This Moodle Technology related post is made possible by: Moonami a company that provides a full range of Moodle services that combine the flexibility, scalability, and power of Amazon’s world-leading cloud platform (AWS) with fanatical Moodle support. Click here to learn more.