JSHack - GDPR, User Data and Blackboard

Blog Post created by af0055432 on Mar 13, 2018

This quote got me thinking about the information stored in Blackboard, what are we keeping? are we keeping it for any reason? and here at the UvA, how, exactly, is that data being brought in?

“In the future, it will be more important than ever for organisations to explain exactly what personal data they are collecting and how it will be processed and used. Without valid consent, any personal data processing activities will be shut down by the authorities,”  he said.



So I jumped in and found that we are holding the mandatory information (First Name, Last Name and Username), but I also found that we have several thousand contact phone numbers in Blackboard and frankly, I don't care for these, it isn't necessary for Blackboard, all of that data is rightly stored in our SIS.


So, how is that data getting in here?

Answer: People seem to be adding it.

     But why?

          Do they feel that they have to?

          Are we opening ourselves up for some potential problems in future with collecting this data and not having any explanation for why we are holding it?


I had some further questions from here:

  • Are people just used to giving out information about themselves, without questioning why?
  • Do they feel that they have to fill in all fields to be able to use the application?


So, I can't do much about the first one, but the second I can, pretty easily.




So, the words need changing, but I think the idea can get some traction, if we use something like this to tell our users while they're entering the information whether we need it, and how it's used.


Now, what if we also let them know where this information is shared:


I'm not convinced that clicking submit constitutes full understanding, comprehension or even acceptance, but surely this is a step in the right direction.


Shower Thoughts:

     I pretty sure the below permissions are a standard which Blackboard implements and it's probably not possible, but what if there was something in the bb-manifest.xml definition which forced building block developers to explain who consumes data they're requesting:





The Journey Towards GDPR

Zabbix LLD Script - Building Block Permissions