Home > Custom Software Development > Custom eLearning Development > GDPR Effect on E-Learning Apps, or User Data Protection at All Costs

GDPR Effect on E-Learning Apps, or User Data Protection at All Costs

Please, tell us how paranoid you are about your personal data. We sure hope that your “spidey sense”, combined with two-factor authentication, automatic log-off and plenty of other precautionary measures are a part of your daily routine on the Internet. But what if you are responsible for the storage and security of data of hundreds, thousands, or even millions of your mobile users? In this article, we are going to speculate about the things that are huge for user data protection.

Contents
User Protection

We’ll dive deep into a very complex and long document called GDPR (General Data Protection Regulation). In short, it has changed the way personal users’ data should be collected and processed. In this article, we will show it to you.

We are going to speak a little of what measures app owners should apply to make their software GDPR compliant.

We will also focus on the individuals’ rights in respect of their personal data that has to be put under the microscope after GRPR has come in force.

Also, we will analyze some things the world leading E-Learning companies (Duolingo, Moodle) do to avoid enormous fines and keep their users’ data protected.

For you to not fall asleep, we have some shocking figures in data breaches facts and memes inside. Enjoy.

GDPR in E-Learning: “Sudden” Privacy Policy Changes

It’s been more than three months now since GDPR act came to force. You might have gotten tired of all these notifications about websites using cookies and updating their privacy policies - that is how you got acquainted with the act as a user.

We've updated Privacy Policy Source: collegehumor.com

E-Learning companies that have active users in the European Union had to adjust accordingly. For instance, the biggest MOOC platforms - Udacity and Coursera - had their privacy policy updated on the same day - May 12, 2018 - two weeks before GDPR came in force on May, 25.

Udacity Cookies Source: udacity.org

Duolingo, a big language learning app has the latest update of its privacy policy made on August 17, 2018. It clearly has more than one point that has to be remade due to the new regulation rules.

As those notifications were all over the web, some websites were creative about informing users that they are going to track their cookies. “This is not a big deal, but we use cookies, FYI. You’d allow us, right?”.

The others were way too official. Let’s take Green Day music as an example. In order to check out their new albums on the official website, one has to read about their privacy policy and agree on the cookies use. Punk rockers are responsible these days.

Grandma Cookies Source: wikipedia.org

Six Principles of GDPR Data Protection

There are 6 principles relating to the processing of personal data listed in Article 5(2) of EU data regulation 88-page document.

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimization
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

Let’s quickly run through all of them in respect of how E-Learning apps should treat all the personal information of their users.

Lawfulness, fairness, and transparency.

This concept is pretty easy to understand and embrace. All the information has to be gathered in a lawful way. Users should realize that the company gets their personal data, so the language of the note that makes them aware of that should be plain and clear.

No monkey business, there is simply no need to misguide the users about data collection. E-Learning mobile apps should easily follow this principle as it doesn’t require anything extraterrestrial.

Purpose limitation

There must be a reason for collecting, storing and further processing data. Data subject should be aware of the reason.

The original purpose must be the only one, companies are forbidden to use user data for other reasons.

Limitations Source: pixabay.com

Here is what Duolingo states among its purposes for data collecting:

‘We may also use your contact information to send you notifications regarding new services, offersб and promotions offered by Duolingo if you affirmatively consent to receive such communications.’

Moodle answer the questions of how the collected data for their app work with a single purpose - to provide access to the online courses on this site (app - for Moodle Mobile).

This principle allows using your activity data for statistical purposes.

This is obviously some good news for app owners as they need to study user behavior in order to improve their software.

Data Minimization

The less info user provides to the mobile app, the smaller the damage of the potentially breached data. There is no need to ask users about their sexual orientation for an educational software, for example.

In fact, the second biggest data breach in history has happened in October 2016 with Adult Friend Finder databases. Perhaps, info about the user’s religion, sexual orientation and some other data put into the dating apps would never be requested by educational apps.

More than 412 million user accounts were compromised. You might not want to get down in history by the data contained in your dating app portfolio.

As an educational app owner, don’t ask too much - surveys might be less effective than actual user behavior studying, but at least it’s legal to ask the info that way.

No conflicts Source: pixabay.com

Accuracy

App owners must provide users with the opportunity to update the info. Every reasonable step should be taken to change or delete inaccurate or incomplete user information.

Storage Limitation.

Let us quote Moodle policy on this:

How long is my data stored?

Your personal data is stored as long as your account is active on this site.

That means that after you deactivate the account in a learning app, personal data should quit the mobile app with the user.

Integrity and Confidentiality.

There is no need to analyze this point, to be honest. It simply goes without saying.

The organizations must take reasonable measures to protect against data breaches and unlawful processing.

Focus on the Individuals’ Rights

There is quite a range of individuals’ rights that have to be covered by the software owner to claim that the app is GDPR compliant.

These are screenshots from Duolingo and Moodle websites that describe data subject rights.

Duolingo Privacy Source: duolingo.com
Moodle Privacy Source: moodle.com

These are just two ways to list the number of individuals’ rights that has to be obliged.

Among the most interesting points here we’d like to highlight are the right to be forgotten and the right to object to the processing of certain types.

The first one is the dream for a little star named Barbra Streisand. You might have heard of the Streisand effect. The more you try to hide something, the more Internet is inclined to see that. Not the case here.

Users have the right to have all the information about their studying to be deleted by the processor under the new Regulation.

Had Beyonce used her unflattering picture her publicist was trying to delete as information provided to the GDPR-compliant E-Learning provider, it would have gone forever. Hopefully.

If a user is tired of the app sending him/her the marketing emails, he/she may object to that, and it would be GDPR violation of his rights to send them some more after the object is expressed.

Consumer Data Rights Source: flickr.com

This is just a few things that app owners should keep a close eye on.

How Big of a Deal Is GDPR (Google and Facebook are fined $9.3 billion)

If you still think that GDPR is some document that doesn’t affect you as a startupper, you might be wrong.

GDPR is a big deal Source: imgur.com

Even if you are targeting US users, and only a small portion of your potential users are EU citizens, you have to follow the regulation. Otherwise, you will never show the profit for your company as you will only work to cover the fines for the European Union.

How big could these fines be? You might feel yourself like a loser in a monopoly game at some point.

It actually reminds of an old Louis CK monologue where he described such a loss to his then-9-year-old daughter.

Louis CK plays European Union in this scene. Those business owners that violate GDPR rules are his daughter.

‘OK, so here’s what’s going to happen now, OK? All your property, everything you have, all your railroads, your houses, all your money – that’s mine now. You gotta give it all to me. Give it to me, that’s right. And no–no, you can’t play anymore, see, because even though you’re giving me all of that, it doesn’t even touch how much you owe me. It doesn’t even touch it, baby. You’re going down hard. It’s really bad. All you’ve been working for, all day, I’m going to take it now and I’m going to use it to destroy your sister.’

We are talking billions of dollars in fines. Google, Facebook faced $9.3 billion in fines just days after rules came in force.

The way Facebook-owned Instagram and WhatsApp is a no-no for the European Union. Plenty of violations were on Google’s side - Alphabet - the Google-owned company is liable for $4.88 billion in fines.

Is these figures don’t frighten you, it is hard to blame you, as it is hard to even imagine this pile of money.

If you won’t take GDPR seriously, you’ll get bankrupt pretty soon.

Takeaways

Among the main changes GDPR brought us are:

  • Data collection minimization and purpose limitations
  • User consent obligations
  • Mandatory data breach notifications
  • Closer attention to the expanded set of individuals’ rights

If you are planning on starting your own mobile app in the educational sector (or already have one), you should prioritize user privacy pretty high.

Following all the standards might be quite complex.

Careless attitude towards the private data of users is now very punishable not by just reducing the potential cost of your company and costing it the reputation, but also financially - in the form of fines.

This is definitely not a thing to forget while putting your mobile app on market. BTW, if you need some help with building an E-Learning mobile app, contact us here.

Never miss a post! Share it!

Author
Written by
CTO / Department Head / Partner
I've been leading a department specializing in eLearning applications and Business Intelligence for 14 years.
5.0
1 review

Rate this article

Belitsoft Blog for Entrepreneurs
GDPR Compliance Checklist

Protect your users' data and ensure GDPR compliance with this checklist. If you need help implementing these measures, let us...

How to Protect Intellectual Property / Confidential Information

If outsourcing vendor cannot be trusted to protect trade secrets, then the risks of an offshoring custom software development may...

SRS document Helps to Protect IT Projects From Failure

Software Requirements Specification Document (SRS) gives business owners a clear vision of how much does it cost to develop their...

Portfolio
Custom Mobile App Development (iOS, Android, Windows) for an E-learning Company
Custom Mobile App Development (iOS, Android, Windows) for an E-learning Company
Technologies:
Xamarin.Forms, Android, iOS, UWP, SQLite, HybridWebView, OData, SCORM, Xamarin.Insight
Effort:
6 man-months
Custom Mobile App for a Learning Management System
Custom Mobile App for a Learning Management System
Technologies:
Intel XDK, Angular, PHP, Laravel, MySQL
Effort:
180 man-hours

Testimonials

tichen

I expected and demanded a lot of you at Belitsoft company, but you exceeded my expectations. You acted pro-actively, challenged me at the right moments. Thanks!

Martin Beijer

CEO at Ticken B.V. (Netherlands)

EFI

We have been working for over 10 years and they have become our long-term technology partner. Any software development, programming, or design needs we have had, Belitsoft company has always been able to handle this for us.

Bjarne Mortensen

СEO at ElearningForce International (United States, Denmark)

Crimson

They use their knowledge and skills to program the product, and then completed a series of quality assurance tests. We were working in an agile way with them. Belitsoft performed very well throughout our project. We are definitely looking at Belitsoft as a long-term partner.

Eddie Nicholas

Service Delivery Director at Crimson (United Kingdom)

Berkeley

I highly recommend Belitsoft for website design and development. We were up against a tight deadline to launch the project. The work was delivered on time and within budget! I will continue working with Belitsoft as a valued partner for our web development!

Adrienne Herd

Program Administrator at UC Berkeley (United States)

Hathway

We have worked with Belitsoft team over the past few years on projects involving much customized programming work. They are knowledgeable and are able to complete tasks on schedule, meeting our technical requirements. We would recommend them to anyone who is in need of custom programming work.

Kevin M. Rice

Main Partner at Hathway Tech (United States)

Howcast

Belitsoft company is able to make changes instantly. One of our internal engineers has commented about how clean their code is. Belitsoft seems to know what they're doing, which I appreciate.

Darlene Liebman

Co-Founder at HOWCAST MEDIA (United States)

Fraunhofer

It was a great pleasure working with Belitsoft. Software Development Company. New requirements and adjustments were implemented fast and precisely. We can recommend Belitsoft and are looking forward to start a follow-up project.

Renè Reiners

Deputy Head of Division at Fraunhofer FIT (Germany)

Apollo Matrix

Belitsoft company has been able to provide senior developers with the skills to support back end, native mobile and web applications. We continue today to augment our existing staff with great developers from Belitsoft.

Pete Johnson

CEO at Apollo Matrix (United States)

Key2Know

Belitsoft company delivered dedicated development team for our products and technical specialists for our clients time to time custom development needs. We highly recommend that you use this company if you want the same benefits.

Bo Sejer Frandsen

Managing Director at Key2Know A/S in 2012 (Denmark)

Regen Med

We approached BelITsoft with a concept, and they were able to convert it into a multi-platform software solution. Their team members are skilled, agile and attached to their work, all of which paid dividends as our software grew in complexity.

Nicolas Tierney

COO at Regenerative Medicine LLC (United States)

Moblers

Having worked with Belitsoft as a service provider, I must say that I'm very pleased with the company's policy. Belitsoft guarantees first-class service through efficient management, great expertise, and a systematic approach to business.. I would strongly recommend Belitsoft's services to anyone wanting to get the right IT products in the right place at the right time.

Guy Doron

CEO at Moblers (Israel)

Showcast

If you are looking for a true partnership Belitsoft company might be the best choice for you. They have proven to be most reliable, polite and professional. The team managed to adapt to changing requirements and to provide me with best solutions. I strongly recommend Belisoft.

Ivo Downes

Director at ShowCast Limited (Germany)

Let's Talk Business
Do you have a software development project to implement? We have people to work on it. We will be glad to answer all your questions as well as estimate any project of yours. Use the form below to describe the project and we will get in touch with you within 1 business day.
Contact form
* Maximum file size is 20MB
to top