Bernd Justin Jütte, Rossana Ducato, Giulia Priora, Chiara Angiolini, Alexandra Giannopoulou, Guido Noto La Diega, Leo Pascault, and Giulia Schneider
The rapid spread of the SARS-CoV-2 virus in the early days of March 2020 shut down universities in most European countries. Teaching shifted online, and currently most universities in Europe are planning to deliver at least part of their teaching in the coming academic year online, or in blended form. What initially began as Emergency Remote Teaching (ERT), will turn into a new reality for the mid- or even long-term.
Distance learning is nothing completely new, and many universities were already equipped with EdTech tools. The novel and unique characteristics of this forced shift online were the velocity of the migration, the volume of activities that had to be transferred online, and the variety and combination of tools used for synchronous and asynchronous teaching. These “3Vs” have exacerbated the already existing problems of remote teaching and raised new (legal) challenges.
As we have argued elsewhere (see here), the choice of teaching medium is not neutral: it was important before COVID and will remain crucial.
We conducted an initial study of terms and conditions, privacy policies and community guidelines on a sample of nine online services used across Europe, which has demonstrated how selected online services leave institutions, teachers, and students exposed to legal risks, often of a fundamental nature (see here and here for copyright and here for data protection and privacy). The post-pandemic university will have to make responsible choices which tools to use to support the delivery of their degree programmes while ensuring their obligations towards their students are met and their own proprietary interests are safeguarded.
The choice of tools used for full digital or blended learning will largely determine how much control organisations and individuals retain over personal data and content, and how efficiently they can deliver educational services of a public or private nature. It is not unlikely that uncertainty as to the legal consequences of using teaching material online, and interacting with students through digital channels, will influence the way this teaching is delivered. One could even argue that the less clear the legal implications are, the more likely institutions and teachers are to exercise restraint in using the full palette of teaching methodologies in an electronic environment.
In our study, we identified a number of problematic issues in the terms analysed. In relation to copyright, many terms included provisions that create a copyright overreach. Although all services left full ownership to their users, the extent to which licenses for a variety of uses were included was remarkable. These licenses often did not only permit the respective services to use uploaded content, but also extended such uses to selected third parties, including other users of the service. More problematic for teachers are the liability provisions imposed by online services. In particular, provisions that require users to gain (and sometimes demonstrate) prior and specific authorization to use content can be misleading. Strict ownership requirements ignore the fact that many uses fall within the scope of one or more copyright exceptions. Similar problems arise in relation to content moderation, i.e. the monitoring and removal of infringing content. Although most services contain such mechanisms, their operation and often the lack of a counter-notice mechanisms are deemed problematic and worth of a specific critical look.
From a data protection perspective, institutions have to be aware of the legal risks (and inevitably loss of control over data) they might incur when they decide to partly or fully rely on third party’s services. Recent scandals have demonstrated the security flaws of popular videoconferencing systems. More generally, we have observed that most of the platforms used for distance learning do not merely process data for educational purposes, but use personal data for their own purposes (from the improvement of their services to marketing and “personalised advertising”). The language used in the privacy policies we analysed, appears to be vague. Thus, it is not always easy to understand what data are processed, for what purpose, and according to which legal basis (e.g. consent or others). When substantial information remains opaque, an effective exercise of data subjects’ rights risks to be severely impaired. This lack of transparency can, indeed, fire back on universities and might result in financial penalties.
Furthermore, many of these services are based or transfer data outside the European Economic Area (mainly in the US). This aspect is particularly relevant since it exposes European citizens’ data to foreign law which does not always offer an equivalent level of protection to the EU (see, the case Schrems II or the controversial CLOUD Act). In the absence of a decision of adequacy by the European Commission, institutions relying on standard contractual clauses must perform a complex risk assessment by considering the law of the “data importer” and the appropriate safeguards they might put in place to ensure the importer is up to the European standards (more here). This is a task that requires a high level of expertise, time, and costs.
Some of the concerns outlined might be exaggerated as the realities of online enforcement do not always reflect the extent of actual infringement. Nevertheless, the chilling effects of enforcement fears should not be underestimated. For instance, the compliance with the General Data Protection Regulation is not just a matter of liability and fear of fines. The choice of a provider who can guarantee a data protection by design delivery of remote teaching is a crucial point if universities want to ensure the fundamental rights of our students and colleagues. The right to privacy and data protection are in fact constitutional enablers of other fundamental rights and interests, such as the right to freedom of expression, education, and research. Addressing the abovementioned concerns is a difficult task, as the services surveyed in the framework of this project are usually standardised: they unlikely engage in negotiations with educational institutions to adapt their terms to the needs of teachers and students. As noted above, another problem is that the relevant terms are formulated in “legalese” or vague language, and are often changed, which in itself is a source for uncertainty. Reviewing the rules that govern intellectual property rights and data protection aspects (with various points of jurisdictional attachment) in remote teaching, is in itself a task that distracts from delivering creative and innovative quality education. To counteract this problem in the short term, universities could collectively, also through representative associations at national and European level, try to leverage their bargaining power, e.g. by preparing a standard draft of privacy policies or at least, a core of terms that are non-negotiable for them, and propose them to platforms when contracting.
Another issue that adds (legal) complexity is the variety of software, tools and services that is used simultaneously within institutions. Most universities already use an online learning environment, such as Moodle, or Brightspace. However, these teaching/learning environments often do not offer all the functionalities required to deliver synchronous teaching and must, therefore, be supplemented with other software (e.g. “generalistic” tools such as social networks). The danger arises that these supplementary tools are then used to perform functions that should – from a legal perspective – be better performed in specifically designed electronic environments (e.g. the sharing of teaching material).
An ideal solution would foresee an online learning suite that combines all the necessary teaching functionalities (a modular and interoperable solution). The control over such a learning suite would rest with the educational institution, which would be the steward of students and teachers’ data and provide for an environment in which content can be shared confidently. Of course, there are other elements that require attention in order to provide an enhanced emulation of face-to-face teaching with all the necessary resources. Teachers must be able to access and share, in appropriate formats, teaching materials under dedicated licenses. Recent copyright reform at EU level has made this a possibility within certain limits. Plus, an institutionally controlled digital learning environment would make the management of control over content and information easier and, eventually, less burdensome than recourse to external providers.
These are first and preliminary reflections about a phenomenon that appears to have much broader legal implications: a whole array of unexplored issues relates to the discriminatory outcomes of remote teaching activities directly given by the different technological means students and also teachers have and by their different private environments that remote teaching brings into the spotlight. Further concerns regard the impact of remote teaching on access to education by physically or mentally impaired students, which may not be in the condition of using ordinary digital services. Ultimately, assessments over the quality of digitally provided educational services should also be conducted in order to substantially protect the emerging right to a “digital education”. As apparent, all these different aspects are only partly addressed by the mere compliance with existing law: with ERT becoming an institutionalized educational means in the post-pandemic world, targeted institutional responses such as the enactment of funding programs and the establishment of specific oversight mechanisms should move to the top of regulators’ agenda.
Bernd Justin Jütte is an Assistant Professor in Intellectual Property Law at University College Dublin. He researches on intellectual property, and in particular on digital aspects of copyright law from an international and European perspective as well the conflict between copyright and other fundamental rights. Justin received his PhD from the University of Luxembourg in 2016 where he also completed his LLM in 2011 following an LLB at the University of Greifswald.
Giulia Schneider is research fellow in private comparative law at Sant’Anna School of Advanced Studies in Pisa. She holds a PhD in International Law & Economics at Bocconi University in Milan. Her research focuses on the regulation of digital markets from the perspective of European Union law, with specific regards to data protection and intellectual property law.
Rossana Ducato (Lecturer in IT Law and Regulation, University of Aberdeen, School of Law), Giulia Priora (Postdoctoral Researcher,Institute of Law, Politics and Development of Scuola Superiore Sant’Anna, Pisa), Chiara Angiolini (Postdoctoral Researcher, Faculty of Law of the University of Trento), Alexandra Giannopoulou (Postdoctoral Researcher, Institute of Information Law (IViR), University of Amsterdam), Guido Noto La Diega (Associate Professor of Intellectual Property Law and Privacy Law, University of Stirling, Faculty of Arts and Humanities), Léo Pascault (Doctiral Researcher, Sciences Po Paris)