Changes for german privacy laws

Changes for german privacy laws

by Jan Eberhardt -
Number of replies: 7

Dear Joseph, dear comunity,

I'm working on the Moodle site of the TU Berlin and we often get in conflict with the german privacy laws. That means we have to change the main code very often.

It came to pass, that even this plugin is in conflict with the strict laws, by allowing teachers to download sensitive data, such as the time, when the answer was subbmitted, and username. It may happen, that even the fullname should not be displayed.

For that reason I changed the code slightly. If you apply the patch the administrator can choose in the admin settings, which fields are shown in the downloadable csv.

I wanted to share these changes with you, because there might be some people also affected. My patch is based on the branch MOODLE_25_STABLE at ref d157220a5d81f8b4d239de044186a68737a4041b. Earlier versions may be patched as well.

I would appreciate if these patch would become part of the main code of this plugin and could get a face-lift as well. Some parts are a little bit dirty, because I wanted to stay the code as much as it is.

Best regards,

Jan Eberhardt

Average of ratings: -
In reply to Jan Eberhardt

Re: Changes for german privacy laws

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Jan,

Maybe the German privacy laws are too strict? wink

Here are some more serious replies.

1.- If you set a questionnaire's answers to anonymous, then the only so-called "sensitive data" that is exported when you download responses data is the submission date. I doubt that knowing only the submission date of a response without username or full name is a serious breach of privacy. Are all questionnaires set as "anonymous" on your Moodle site (to observe those privacy laws)?

2.- However, your question raises the very valid point it would be useful when exporting Questionnaire data is for the end-user to select which fields (from course & user profile) they want to include. Plus, those "selectable fields" might be set site-wide by an admin if Questionnaire featured a settings script.

Waiting for more Questionnaire users' reactions on this topic.

Joseph

EDIT.- CONTRIB-4702.

Average of ratings: -
In reply to Joseph Rézeau

Re: Changes for german privacy laws

by Jan Eberhardt -

The problem is, that the option for "anonymous" is made by the teachers.

Most of them don't care or aren't aware, of the strict law (and btw, I can't change it...). And again: It is not allowed for teachers in germany to get the submit time. We have changed the capablilities and the core code multiple times to make sure of it.

We need a option for administrators to prohibit certain fields in the download. At least the caps could be checked before including the submit time in the download (permission like 'report/log:view').

Jan

Average of ratings: -
In reply to Jan Eberhardt

Re: Changes for german privacy laws

by Jenny Gray -

Jan, what happens elsewhere in Moodle? Have you had to change every place where it is possible to download user information?

I don't think that questionnaire is the right place to fix this.  Settings of the sort that you describe should be once across the whole Moodle platform, not for each activity type.  Each activity would then check the setting and abide by it - preferably in some consistent manner.

Have you raised this with the HQ development team?  It might be worth moving this discussion into the general developer forum for a wider audience.

Average of ratings: Useful (1)
In reply to Jenny Gray

Re: Changes for german privacy laws

by Jan Eberhardt -

We did change the code many times... I can't say, that we have found all places. But those, which we find, we will change.

And yes, it would be better, if there's a global definition for downloadable data. Like I said, even for the timestamp there are some possible checks one can perform. Maybe the "user identity" setting could be used more efficient.

But in our case: We won't have the teachers download the timestamp, the user's ID and the username. Which means, all information, which could be used to identify the person.

 

Greets,

Jan

Average of ratings: -
In reply to Jan Eberhardt

Re: Changes for german privacy laws

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Jan, there is a point I don't quite understand with your need for anonymity.

Is it ONLY the possibility to download a file containing private details such as name, timestamp etc. that poses a problem, and not the fact that those details will be displayed on screen when teacher is viewing an activity report?

And that is your problem with ALL Moodle activities which enable a teacher to download activity reports (grade report, etc.)?

But then, if your teachers export the gradebook, the names of the students together with their grades obtained in the various graded activities (and also their email address) are present in that file. Does that also contravene your "privacy laws"?

Joseph

Average of ratings: -
In reply to Joseph Rézeau

Re: Changes for german privacy laws

by Jan Eberhardt -

Allthough it's a little bit late I want to answer, because we have made a change in the source, so that we now are able to avoid the given scenario.

Our point in the firstplace is: A teacher can access the username - and I'm talking of the login name, not the realname - by your plugin. Other plugins doesn't allow that for teachers. Just the user himself or the administrators have access to that information.

We don't have a problem with the realname. Just the username is sensitive data and also a security issue.

Average of ratings: -
In reply to Jan Eberhardt

Re: Changes for german privacy laws

by Joseph Rézeau -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

@Jan,

Thanks for your suggested modification posted as request in the remotelearner github. I will test it and try to incorporate it into current Questionnaire version 2.6 for Moodle 2.6.

Joseph

Average of ratings: -