AAEEBL Digital Ethics Principles v.2: version 2

Consent for Data Usage

ePortfolio platform providers need consent to collect and store data from ePortfolio creators.

ABSTRACT: ePortfolio platform providers should explain their data collection, storage, and use policies in clear and accessible language. These policies should comply with applicable institutional regulations. When these policies change, platform providers should have mechanisms in place for students and staff to review the changes and decide whether they want to keep their portfolios under these changed circumstances.

Strategies for applying this principle include…

  • Clearly identifying and explaining how ePortfolio platform providers plan to collect and use student data, whether students will be able to opt out of data collection, and how they will inform the institution and platform users of changes to their licensing agreements.
  • Allowing ePortfolio creators to opt out of data collection at the programmatic or institutional levels.
  • Practicing purposeful limitation by collecting personal data only when one has legitimate purposes for that data collection.
  • Keeping up-to-date, accurate data.
  • Limiting the storage of data, and deleting data after it has served its purpose.
  • Making ‘use of student data’ a criterion for platform selection when negotiating contracts or informing students about data use when allowing them to choose among platform options.
  • Being aware of and complying with federal and state regulations regarding student data use and privacy. 
  • Maintaining agreements with platform providers, including what happens to ePortfolio data if a company goes out of business.
  • Consulting data experts as needed.
  • Being aware of and complying with global, federal, and state regulations regarding student data use and privacy, such as the General Data Protection Regulations (GDPR) and other applicable privacy standards, as required.


Scenario #1:

You are an undergraduate student. At the start of your studies, you are introduced to the idea of keeping a portfolio to document your learning and progress towards your institution’s graduate requirements. Your institution proposes a platform to use for this purpose.

The Academic Technologies staff member who introduces the platform to all first-year students explains how to use this platform as well as how you can keep your reflections and content private unless you want to share them with specific people. 

Before you can use the platform, you are asked to review its Terms and Conditions as well as the Privacy Policy as found in the End User License Agreement (EULA). Unlike with other online sites, you actually read through them in the introductory session and ask the staff member any questions where you do not understand the legal language. You learn where your data is stored, who has access to it, who owns the rights on the content, whether there is any advertisement, and how content on the site is used.

Since you have read some articles about multinational corporations using data generated by the people creating content on their platforms, you check with the Academic Technologies staff member whether that’s also the case with the portfolio tool that your institution selected. You are assured by them that your data is not stored or used by a company to profit and that private data is private and can only be accessed by you until you decide to make it available to teaching staff, fellow students, or others. They outline why a data analytics tool is used and what sort of information is gathered in reports. Using Request Map Generator, you check which other sites the portfolio tool connects to and ask Academic Technologies if you have any concerns.

Scenario #2:

You are an educator. To promote digital ethical awareness in licensing agreements, you have asked your students to review the ePortfolio provider’s EULA and identify parts of the licensing agreement that will affect their user privacy. 

They are happy to see that they can opt out of user data collection and can request the company disclose any personal data collected through their use of the platform. However, there is no visible process for opting out of collection, and users must contact the Data Protection Office to negotiate the opting out process. Students can also remove much of their personal data from the platform server when they delete their account, but the company does not disclose what types of personal data they permanently retain. 

As a class, you decide to contact the platform provider to get answers to these questions because the portfolio program office at your institution does not yet have answers for these. You will take the information that you learn through your correspondence and create an opting out resource for other students at your institution in collaboration with the portfolio program office. The  institutional stakeholders are now aware of the ambiguity in the EULA and will take further steps with the platform provider to clear these up as part of the contract review. 

Scenario #3:

You are an educator. In selecting ePortfolio platform providers, your institution has made data collection a priority. This gives you relief. However, when you are developing ePortfolios with your students, you see that some features of the ePortfolio platform ask students to use other tools. For instance, to embed a video on their ePortfolio page, students are prompted to upload the media to YouTube and then use a plugin to embed that video onto their page.

When you look into YouTube’s EULA, you find it is very different from the platform provider’s EULA. Importantly, it collects user data and users have to alter their YouTube privacy settings to opt out of some forms of data collection. You are confused: are your students protected by the ePortfolio platform’s EULA, or are they subject to YouTube’s EULA because they are using this tool within the platform?

You reach out to your institutional technology resources for clarification and create a short resource for students that explains use of tools within another platform and how that can affect their privacy and data security. 

Scenario #4:

You are the Director of a global online learning program that has recently decided to add an ePortfolio requirement. In researching digital ethics in the globalized world, you come across the General Data Protection Regulations (GDPR). The GDPR document guides data regulations across the European Union (EU), and you believe there is a high probability that students from the EU will be enrolling in your program. 

You schedule a meeting with your Provost, Director of Institutional Technology, and legal office to determine (1) the standards and methods the university currently uses to collect student data, and (2) the legal commitment your global online learning program has to meet when international students are enrolled. In collaboration with the legal office, you begin drafting data collection protocols for the ePortfolio requirement based on the appropriate privacy standards your program must meet. 


    1. Charlesworth, A. & Grant, A. (n.d.). ePortfolio and the law: What your organisation should know. University of Bristol Center for IT and Law. http://www.bristol.ac.uk/media-library/sites/law/migrated/documents/kptutguid.pdf 
    2. Complete Guide to GDPR. (2020). Proton Technologies AG. https://gdpr.eu/  
    3. Department for Education (U.K.).(2018, Aug.). Data protection: A toolkit for schools, open beta version 1.0.  
    4. European Commission. (2018, Nov. 14). Ethics and data protection. https://ec.europa.eu/info/sites/info/files/5._h2020_ethics_and_data_protection_0.pdf
    5. Future of Privacy Forum. (n.d.). Retrieved January 11, 2020, from https://fpf.org
    6. General Data Protection Regulations (GDPR). (2018, May 25). Information Commissioner’s Office. https://gdpr-info.eu/
    7. Harris, K. D. (2016). Ready for school: Recommendations for the ed tech industry to protect the privacy of student data. California Department of Justice. 
    8. Hearne, S. (n.d.). Request map generator. 
    9. Privacy Technical Assistance Center. (2014). Protecting student privacy while using online educational services. U.S. Department of Education. 
    10. Vejmelka, L., Katulic, T., Jurić, M. & Lakatoš, i.M. (2020). Application of the General Data Protection Regulation in schools: A qualitative study with teachers, professional associates and principals, 43rd International Convention on Information, Communication and Electronic Technology (MIPRO), Opatija, Croatia, pp. 1463-1469, doi:10.23919/MIPRO48935.2020.9245209. 
    11. Weebly. (2020). GDPR FAQ. Weebly Support. https://www.weebly.com/app/help/us/en/topics/gdpr-faq 
    12. Wix. (n.d.). Preparing your Wix site for GDPR. https://support.wix.com/en/article/preparing-your-wix-site-for-the-gdpr 
    13. WordPress. (2018, May 8). The ultimate guide to WordPress and GDPR compliance--everything you need to know. https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

You can view these and other references connected to this topic in our library, and export them to your own reference manager.

This document was created by the AAEEBL Digital Ethics Task Force.

  Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

This page has paths:

Contents of this path:

This page has tags:

This page is referenced by:

This page references: