Skip to content

Lab 2 Legal Matters

Lab Materials for the Online session

This week we had an introduction to GDPR, and its implications for software development.

We looked at:

  • What is GDPR
  • The Principles behind GDPR and user rights
  • Legal Basis for collecting and processing data
  • Some thoughts on implementing GDPR

In this weeks lab we will be discussing the implementation of GDPR

Task 1: Review (20 Mins)

In your groups take a look at the privacy policy for a site you use. Answer the following questions:

  • What kind of processing does the site do?
  • What are the Legal Basis for this processing?
  • What are your views on this.
    • Do you agree with the legal bases?
    • What do you think of the data collected, and the processing done?

We will come together after the time is up to discuss.

Task 2: Design (40 Mins)

Consider the following Scenario:

A University wants to create a new Learning Management System to replace its current version, The LMS will be conversation focused, allowing students to discuss topics, read materials, and watch videos for the modules they are studying.

There are several requirements:

Firstly we have the system requirements:

  1. Mobile first design
  2. Student driven conversation, in some sort of Feed.

We also have implementation requirements:

  1. Ability to register teaching staff, admin staff, and students on the system
  2. Ability to upload teaching materials to the system
  3. Uploading of Coursework submissions
  4. Messaging via Direct message and Email
  5. Analytics to Track engagement with materials. (IE has a student read them)

As its new software, it would also be desirable for telemetry data to be collected to help shape future development.

For example: - the types of device used the access the information - Geo-location information, to see where students access the data - browser preferences, - Referrer headers (how the user came to the page)

Task:

In your groups identify:

  1. What types of PII are being collected here?
  2. What are the legal bases for processing each of these types of data?
  3. Are there any strategies for data minimisation, or anonymity you could apply?
  4. Is there anything else you would collect?

We will come together as a group at the end of the lab session, to discuss.

Back to top