Belitsoft > Custom Software Development > Custom eLearning Development > GDPR Effect on E-Learning Apps, or User Data Protection at All Costs

GDPR Effect on E-Learning Apps, or User Data Protection

Please, tell us how paranoid you are about your personal data. We sure hope that your “spidey sense”, combined with two-factor authentication, automatic log-off and plenty of other precautionary measures are a part of your daily routine on the Internet. But what if you are responsible for the storage and security of data of hundreds, thousands, or even millions of your mobile users? In this article, we are going to speculate about the things that are huge for user data protection.

User Protection

We’ll dive deep into a very complex and long document called GDPR (General Data Protection Regulation). In short, it has changed the way personal users’ data should be collected and processed. In this article, we will show it to you.

We are going to speak a little of what measures app owners should apply to make their software GDPR compliant.

We will also focus on the individuals’ rights in respect of their personal data that has to be put under the microscope after GRPR has come in force.

Also, we will analyze some things the world leading E-Learning companies (Duolingo, Moodle) do to avoid enormous fines and keep their users’ data protected.

For you to not fall asleep, we have some shocking figures in data breaches facts and memes inside. Enjoy.

GDPR in E-Learning: “Sudden” Privacy Policy Changes

It’s been more than three months now since GDPR act came to force. You might have gotten tired of all these notifications about websites using cookies and updating their privacy policies - that is how you got acquainted with the act as a user.

We've updated Privacy Policy Source:

E-Learning companies that have active users in the European Union had to adjust accordingly. For instance, the biggest MOOC platforms - Udacity and Coursera - had their privacy policy updated on the same day - May 12, 2018 - two weeks before GDPR came in force on May, 25.

Udacity Cookies Source:

Duolingo, a big language learning app has the latest update of its privacy policy made on August 17, 2018. It clearly has more than one point that has to be remade due to the new regulation rules.

As those notifications were all over the web, some websites were creative about informing users that they are going to track their cookies. “This is not a big deal, but we use cookies, FYI. You’d allow us, right?”.

The others were way too official. Let’s take Green Day music as an example. In order to check out their new albums on the official website, one has to read about their privacy policy and agree on the cookies use. Punk rockers are responsible these days.

Grandma Cookies Source:

Six Principles of GDPR Data Protection

There are 6 principles relating to the processing of personal data listed in Article 5(2) of EU data regulation 88-page document.

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimization
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

Let’s quickly run through all of them in respect of how E-Learning apps should treat all the personal information of their users.

Lawfulness, fairness, and transparency.

This concept is pretty easy to understand and embrace. All the information has to be gathered in a lawful way. Users should realize that the company gets their personal data, so the language of the note that makes them aware of that should be plain and clear.

No monkey business, there is simply no need to misguide the users about data collection. E-Learning mobile apps should easily follow this principle as it doesn’t require anything extraterrestrial.

Purpose limitation

There must be a reason for collecting, storing and further processing data. Data subject should be aware of the reason.

The original purpose must be the only one, companies are forbidden to use user data for other reasons.

Limitations Source:

Here is what Duolingo states among its purposes for data collecting:

‘We may also use your contact information to send you notifications regarding new services, offersб and promotions offered by Duolingo if you affirmatively consent to receive such communications.’

Moodle answer the questions of how the collected data for their app work with a single purpose - to provide access to the online courses on this site (app - for Moodle Mobile).

This principle allows using your activity data for statistical purposes.

This is obviously some good news for app owners as they need to study user behavior in order to improve their software.

Data Minimization

The less info user provides to the mobile app, the smaller the damage of the potentially breached data. There is no need to ask users about their sexual orientation for an educational software, for example.

In fact, the second biggest data breach in history has happened in October 2016 with Adult Friend Finder databases. Perhaps, info about the user’s religion, sexual orientation and some other data put into the dating apps would never be requested by educational apps.

More than 412 million user accounts were compromised. You might not want to get down in history by the data contained in your dating app portfolio.

As an educational app owner, don’t ask too much - surveys might be less effective than actual user behavior studying, but at least it’s legal to ask the info that way.

No conflicts Source:


App owners must provide users with the opportunity to update the info. Every reasonable step should be taken to change or delete inaccurate or incomplete user information.

Storage Limitation.

Let us quote Moodle policy on this:

How long is my data stored?

Your personal data is stored as long as your account is active on this site.

That means that after you deactivate the account in a learning app, personal data should quit the mobile app with the user.

Integrity and Confidentiality.

There is no need to analyze this point, to be honest. It simply goes without saying.

The organizations must take reasonable measures to protect against data breaches and unlawful processing.

Focus on the Individuals’ Rights

There is quite a range of individuals’ rights that have to be covered by the software owner to claim that the app is GDPR compliant.

These are screenshots from Duolingo and Moodle websites that describe data subject rights.

Duolingo Privacy Source:
Moodle Privacy Source:

These are just two ways to list the number of individuals’ rights that has to be obliged.

Among the most interesting points here we’d like to highlight are the right to be forgotten and the right to object to the processing of certain types.

The first one is the dream for a little star named Barbra Streisand. You might have heard of the Streisand effect. The more you try to hide something, the more Internet is inclined to see that. Not the case here.

Users have the right to have all the information about their studying to be deleted by the processor under the new Regulation.

Had Beyonce used her unflattering picture her publicist was trying to delete as information provided to the GDPR-compliant E-Learning provider, it would have gone forever. Hopefully.

If a user is tired of the app sending him/her the marketing emails, he/she may object to that, and it would be GDPR violation of his rights to send them some more after the object is expressed.

Consumer Data Rights Source:

This is just a few things that app owners should keep a close eye on.

How Big of a Deal Is GDPR (Google and Facebook are fined $9.3 billion)

If you still think that GDPR is some document that doesn’t affect you as a startupper, you might be wrong.

GDPR is a big deal Source:

Even if you are targeting US users, and only a small portion of your potential users are EU citizens, you have to follow the regulation. Otherwise, you will never show the profit for your company as you will only work to cover the fines for the European Union.

How big could these fines be? You might feel yourself like a loser in a monopoly game at some point.

It actually reminds of an old Louis CK monologue where he described such a loss to his then-9-year-old daughter.

Louis CK plays European Union in this scene. Those business owners that violate GDPR rules are his daughter.

‘OK, so here’s what’s going to happen now, OK? All your property, everything you have, all your railroads, your houses, all your money – that’s mine now. You gotta give it all to me. Give it to me, that’s right. And no–no, you can’t play anymore, see, because even though you’re giving me all of that, it doesn’t even touch how much you owe me. It doesn’t even touch it, baby. You’re going down hard. It’s really bad. All you’ve been working for, all day, I’m going to take it now and I’m going to use it to destroy your sister.’

We are talking billions of dollars in fines. Google, Facebook faced $9.3 billion in fines just days after rules came in force.

The way Facebook-owned Instagram and WhatsApp is a no-no for the European Union. Plenty of violations were on Google’s side - Alphabet - the Google-owned company is liable for $4.88 billion in fines.

Is these figures don’t frighten you, it is hard to blame you, as it is hard to even imagine this pile of money.

If you won’t take GDPR seriously, you’ll get bankrupt pretty soon.


Among the main changes GDPR brought us are:

  • Data collection minimization and purpose limitations
  • User consent obligations
  • Mandatory data breach notifications
  • Closer attention to the expanded set of individuals’ rights

If you are planning on starting your own mobile app in the educational sector (or already have one), you should prioritize user privacy pretty high.

Following all the standards might be quite complex.

Careless attitude towards the private data of users is now very punishable not by just reducing the potential cost of your company and costing it the reputation, but also financially - in the form of fines.

This is definitely not a thing to forget while putting your mobile app on market. BTW, if you need some help with building an E-Learning mobile app, contact us here.

Never miss a post! Share it!

Written by
CTO / Department Head / Partner
I've been leading a department specializing in custom eLearning software development and Business Intelligence software development for 17 years.
2 reviews

Rate this article

Recommended posts


Custom Mobile App Development (iOS, Android, Windows) for an E-learning Company
Custom Mobile App Development (iOS, Android, Windows) for an E-learning Company
We created for our Client (with 4 million clients in 40+ countries) mobile apps for the existing LMS to increase customers’ loyalty and meet the global trend of using mobile devices for learning. Developed for Android, iOS, Windows with the supports 12 language versions.
Custom Mobile App for a Learning Management System
Custom Mobile App for a Learning Management System
We developed a simple-to-use and intuitive mobile app for a Learning Management System. Available for Android and iOS. It’s a good complement to the web version.

Our Clients' Feedback

Let's Talk Business
Do you have a software development project to implement? We have people to work on it. We will be glad to answer all your questions as well as estimate any project of yours. Use the form below to describe the project and we will get in touch with you within 1 business day.
Contact form
* I give my consent for Belitsoft to process my personal data pursuant to Belitsoft Privacy Policy in order to handle my request and respond to it. I am aware that I have the right to withdraw my consent at any time.
Call us

USA +1 (917) 410-57-57

UK +44 (20) 3318-18-53

Israel +972 53-337-9957

Email us

[email protected]

to top