GRIAL resources

Permanent URI for this communityhttps://repositorio.grial.eu/handle/123456789/1

Browse

Has files: YesSubject: search.filters.subject.GDPR

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Protected Users: A Moodle Plugin To Improve Confidentiality and Privacy Support through User Aliases
    (MDPI, 2020-03-24) Amo, D.; Alier, M.; García-Peñalvo, F. J.; Fonseca, D.; Casañ, M. J.
    The privacy policies, terms, and conditions of use in any Learning Management System (LMS) are one-way contracts. The institution imposes clauses that the student can accept or decline. Students, once they accept conditions, should be able to exercise the rights granted by the General Data Protection Regulation (GDPR). However, students cannot object to data processing and public profiling because it would be conceived as an impediment to teachers to execute their work with normality. Nonetheless, regarding GDPR and consulted legal advisors, a student could claim identity anonymization in the LMS, if adequate personal justifications are provided. Per contra, the current LMSs do not have any functionality that enables identity anonymization. This is a big problem that generates undesired situations which urgently requires a definitive solution. In this work, we surveyed students and teachers to validate the feasibility and acceptance of using aliases to anonymize their identity in LMSs as a sustainable solution to the problem. Considering the positive results, we developed a user-friendly plugin for Moodle that enables students' identity anonymization by the use of aliases. This plugin, presented in this work and named Protected users, is publicly available online at GitHub and published under GNU General Public License.
  • Thumbnail Image
    Item
    GDPR Security and Confidentiality compliance in LMS’ a problem analysis and engineering solution proposal
    (ACM, 2019-10-16) Amo, D.; Alier, M.; García-Peñalvo, F. J.; Fonseca, D.; Casany, M. J.
    We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and meta-information stored. Therefore, the LMSs are very vulnerable to information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Unported