Rank6

Idea#3

Active
Scenarios »

Scenario 13: Personalisation of the user’s experience

A user’s interaction with a repository may be personalised, for example by saved searches or tailored notifications of new material. Personalisation is by no means specific to repository environments, and it is not clear that repositories raise any particular personalisation issues that do not arise in other environments. However, it is still worth mentioning in this context. Within JISC, the DPIE2 (Developing Personalisation for the Information Environment 2) project investigated how the JISC Information Environment (IE) could make use of personalisation for users of JISC services, and the results of the study are contained in the final report . In particular, the report looks at how the UK Federation infrastructure could support personalisation, for example with extended attributes (Section 2.7 of the report), and some potential privacy and legal issues raised (Sections 4 and 5). The report also proposes some demonstrator projects (Section 7).

There is an issue created by the federation rules, which ‘prevent’ the sharing of attributes between SPs. In cases where users can access resources via multiple routes (i.e. via multiple SPs), this makes personalisation difficult. However, SPs are permitted to share attributes when they have a valid reason and they have obtained consent; this boils down to a decision based on balancing the need to manage risk with the potential benefit to the user.

Proposed action:

JISC to keep a watching brief on this area, which in any case is a focus for the JISC IE.

Submitted by 5 years ago

Comments [3]

  1. Unsubscribed User

    Some clarity is needed in this comment. The UK federation rules only extend to the 12 page 'rules of membership' document and there is nothing in this that prevents the sharing of attributes with multiple SPs (between SPs suggests something different, sharing of personal data across services without consent being illegal) - several attributes such as name, e-mail address etc. etc. will always the same whichever SP they are presented to.

    The recommendations for use of personal data documentation does not form part of the rules of the federation but sets out general advice as determined by the Data Protection Act and UK / EU law. It is meeting these requirements that should be highlighted here in terms of institutional use of personal data.

    5 years ago
  2. From speaking to a variety of people about this, I gather that there is significant misunderstanding in the community about what the federation actually requires, what it just advises/suggests, and what it simply doesn't care about one way or the other. In general, people seem to think that the federation is a lot more restrictive than it actually is.

    5 years ago
  3. From DPIE2:

    "The members of the UK federation must agree to the Rules of Membership (RoM) – this is the only policy which is binding on members. However these rules require members to use reasonable endeavours to comply with the Recommendations for the use of Personal Data (RUPD) and the Technical Recommendations for Participants (TRP) – see RoM 5.1 and 3.1.2 respectively. This has resulted in a blurring between policy and recommendation. The institutional staff and service providers who were interviewed as part of [DPIE2] clearly felt that they were expected to comply with RUPD and TRP – these are de facto policies regardless of how they are intended."

    Bear in mind the definition of "reasonable endeavours", which is that a reasonable course of action must be taken to comply with the requirement – even if this causes a loss or disadvantage to the party who must comply.

    5 years ago

Vote Activity [ 1 ] [+]