Content uploaded by Essohanam Djeki
Author content
All content in this area was uploaded by Essohanam Djeki on Apr 12, 2024
Content may be subject to copyright.
Data Protection in Digital Learning Space: An Overview
Essohanam Djeki1, a), Jules Dégila1, b), Carlyna Bondiombouy1, c), Muhtar Hanif
Alhassan2, d)
1Institute of Mathematics and Physical Sciences, University of Abomey-Calavi, Porto-Novo, Benin
2National Open University of Nigeria, Abuja, Nigeria
a) Corresponding author: essohanam.djeki@imsp-uac.org
b) jules.degila@imsp-uac.org
c) lynapaule@gmail.com
d) malhassan@noun.edu.ng
Abstract. COVID-19 has a considerable impact on the adoption of Digital Learning platforms by schools and universities.
These platforms allow teachers to deliver courses remotely, and students take courses at a distance. E-learning platforms
collect, process, and store personal and metadata about participants. These data, in the right hands, help to improve
educational facilities. But in the wrong hands, it can ruin the reputation of those involved. This paper has shown that it is
necessary to identify which personal data is involved in Digital Learning, look at the security risks associated with Digital
Learning, and formulate the required security measures required to mitigate them. Our research has highlighted that, for
reliable and effective security, e-learning platform providers must comply with the legislation in force in their country and
implement the existing security mechanisms. In addition, teachers and students should be aware of the regulations and
privacy policies. The best practice is to protect ourselves before, during and after Online Learning.
INTRODUCTION
The global pandemic of COVID-19 and the national measures taken to deal with the spread of the virus has resulted
in the shutdown of several activities, including the closure of schools and universities. The coronavirus pandemic has
led to adapt quickly to Online Learning. While e-learning has been used before to maintain the continuity of education,
for example, after an earthquake or flood in a region, the scale of the COVID-19 crisis is unprecedented [1]. This time
we witness a massive migration of schools and universities to Online Learning platforms serving as educational
platforms. Due to the short time it took to find a solution to the brutal closure of the training centers, many schools
and universities have adopted Online Learning without much thought about the security of personal data. However,
e-learning involves students’ personal data and generates a considerable number of metadata that are in turn analyzed
to provide a personalized and enhanced learning experience. Moreover, the tools and technologies used in Online
Learning have inherent security challenges. The question is which personal data is involved in Digital Learning, what
are the security risks associated with e-learning and what security measures can be used. To highlight the importance
of protecting personal data in Digital Learning spaces, this paper is structured as follows: an overview of Digital
Learning, personal data involved in Digital Learning spaces, security risks and security measures that can be applied.
DIGITAL LEARNING
DEFINITION
Digital Learning refers to any type of Learning that involves Information and Communication Technology (ICT)
[2], or the use of digital media or content in the classroom. Sometimes Digital Learning is confused with distance
learning or Online Learning or e-learning [3], but there is little difference between these terms [4]. Definitions clearly
International Conference on Engineering and Computer Science (ICECS) 2022
AIP Conf. Proc. 3109, 030007-1–030007-14; https://doi.org/10.1063/5.0204895
Published under an exclusive license by AIP Publishing. 978-0-7354-4923-7/$30.00
030007-1
12 April 2024 19:08:19
state that Digital Learning is the presence of digital content in education without necessarily using the Internet. Online
Learning is the use of digital content through the Internet in education, whether in the classroom or at home [5]. And
whereas e-learning is the use of ICT in education without a physical presence in a classroom [4]. It should be noted
that the nuance between these terms is only in the academic context, while there is no difference in the professional
or business one.
However, we will not differentiate these terms in our context, even though a difference exists: Digital Learning refers
to e-learning and vice versa.
EVOLUTION OF DIGITAL LEARNING
Traditional Learning takes place in a classroom at a scheduled time. There is a facilitator who is responsible for
delivering and regulating the flow of information and knowledge. The instructor then usually wants the learners to
deepen their knowledge at home through exercises. And the trainer evaluates the learners through homework or
tabletop examinations. Nowadays, new technologies are increasingly incorporated into the classroom, giving rise to
e-learning or Digital Learning. Since the origin of the word “e-learning” is not certain, it is being proposed that the
term probably appeared in 1980 [4]. In this digital age, e-learning is becoming more viable and affordable, especially
in recent times with the arrival of COVID-19. To slow down the spread of the virus, the only solution to ensure the
continuity of studies was distance learning or Online Learning. Thus, what was once “computer-based training (CBT)”
has become “take your course wherever you go” [6]. According to most researchers and authors, the evolution of e-
learning was done in three stages [7], namely e-learning 1.0, e-learning 2.0 and e-learning 3.0. The evolution of Digital
Learning has been made through the evolution of web technology (Web 1.0, Web 2.0 and Web 3.0) [6].
As the World Wide Web has evolved, so has e-learning. As new web technologies become available, they are finding
their way into the education domain. Implementing these new web technologies makes it possible to use new learning
methods and improve existing learning approaches. At each stage, Digital Learning has taken advantage of the
advances in web technology. E-learning 1.0 (distribution of information) was about providing content, usually online
courses and produced by experts. E-learning 2.0 (dialogue about learning) is about creating and sharing information
and knowledge with others by using social media tools in an educative environment to support a collaborative
approach to learning [8]. The rise of cloud computing and the emergence of new technologies like enhanced and
reliable data storage capacity, big data, collaborative intelligent filtering, artificial intelligence and data mining, higher
screen resolutions, multi-gesture devices, and 3D touch user interface are leading us to the next generation of digital
learning: E-learning 3.0 [9]–[12]. Finally, E-learning 3.0 (construction of knowledge) provides learners with a
collaborative and intelligent environment.
With Web 2.0 technologies well established and the evolution to Web 3.0, research communities are talking about
Personal Learning Environments (PLE) to describe e-learning 3.0 [10].
TYPE OF DIGITAL LEARNING
According to the physical presence of the facilitator and learners, digital learning can take place in various forms.
Online Learning or “Fully Online Learning,” does not require face-to-face interaction between instructor and learner:
purely online [13], [14]. “Blended learning,” a mashup of both physical classroom and online learning. [15]. This
implies that part of the learning occurs in a real classroom, and another part takes place online [16]. E-learning can be
done synchronously (live or streaming) or asynchronously [13].
Synchronous e-learning refers to the type of learning in which the facilitator and all enrolled learners participate and
interact online simultaneously [17]. Thus, creating a virtual classroom that enables attendees to interact with each
other (learners and facilitators), view presentations or videos, discuss, and exchange materials and/or documents in
real-time. Asynchronous e-learning refers to learning in which the participants (teachers and learners) do not need to
be online simultaneously [18]. It is self-paced learning and can take place anytime, depending on the convenience of
the learner. Asynchronous learning allows learners to learn at their own pace within a given time frame. They can
access and complete courses, readings, assignments and other learning materials at any time using Learning
Management System (LMS) in most cases.
Based on the actual use of Digital Learning, the current Digital Learning platforms can be classified into the
following categories: Webcasting, Learning Management Systems (LMS), and Massive Open Online Course (MOOC)
Platforms. Webcasting is a streaming or on-demand media presentation broadcasted over the Internet using web
technologies, words “web” and “broadcasting” [19]. Webcasting works in real-time and allows active conversations
030007-2
12 April 2024 19:08:19
between the web broadcaster (teacher) and its viewers or listeners (learners). An LMS is a platform that provides
Online Learning materials to students with many features to manage courses, track students’ participation and
progress, and maintain online discussions [20]. Finally, MOOC is an online course designed for unlimited participation
and unrestricted access via the web [21]. A MOOC can be run on an LMS, but it is not a requirement. Similarly, an
LMS can host a course that is not a MOOC [22].
For a great learning experience, Digital Learning uses various technologies and multimedia types. What are the
technologies and media used in Digital Learning?
DIGITAL LEARNING TECHNOLOGIES, MEDIA AND STANDARDS
Digital Learning uses various types of multimedia such as text, audio, images, animation and video, and includes
different kinds of technologies. For example, with the advent of COVID-19, some developing countries used radio
and television to deliver courses in areas without internet access. The technologies used in Digital Learning are the
Web (HTML, HTTP), audio and video conferencing, whiteboard, screen-casting, chats (messaging instantly),
webinars, blogs, discussion forums and groups, email, wikis, and all forms of social networks.
COVID-19 and E-learning 3.0 (Web 3.0) have changed the way we teach and learn. New technologies are used to
enhance Digital Learning experiences and performances. Let’s take a look at some latest technologies and standards
used in Digital Learning.
• Artificial Intelligence (AI). AI or Machine Learning (ML) have a significant role in the Digital Learning
space [23]. It helps to interpret the metadata generated for the courses taken, and make better
recommendations, thus personalizing the learning experience (adaptive learning) [24]. It is also used to
monitor learners during their online exams [25], [26].
• Virtual Reality (VR) and/or Augmented Reality (AR). With VR and/or AR, learners will no longer be
reading boring text, images and illustrations. However, they will have the opportunity to enjoy an attractive
(3D simulation) and a profound learning experience [27]. It is also used to provide virtual labs to stakeholders
[28].
• Big Data and Learning Analytics. In the Digital Learning industry, big data refers to the data generated by
learners during training in the Digital Learning space. Big Data helps e-Learning experts understand how
learners assimilate information, which aspects of learning attract them, and predict where learners may excel
or struggle [29], [30].
• Cloud Computing. Digital Learning spaces can be deployed in Cloud Computing: “Cloud-based E-
learning.” Cloud provides flexible and secure data storage and backup allowing e-learning providers to host
their software and contents [31]. It provides computing power to support Big Data and multimedia streams
at a low cost [32].
• Blockchain. Through blockchain properties such as immutability, provenance, and smart contracts executed
by peers could bring a new level of security, trust, and transparency to Digital Learning [33]–[35]. Blockchain
can be used for storage, sharing of achieved qualifications (certificates), and their verification by universities
and employers [36]. It can be used to reward students for their progress in a course and e-learning content’s
payment (cryptocurrencies). Blockchain could support xAPI by storing all users’ activities on different nodes
which contain a copy of the blockchain.
• Sharable Content Object Reference Model (SCORM). SCORM is a standard that allows the distribution
and sharing of educational content on LMS platforms: ensuring interoperability. This standard also works on
the accessibility, durability and reusability of learning content. In concrete terms, SCORM makes it possible
to design dynamic learning paths and save learners’ results from managing their skills better. SCORM
provides tracking of the learner’s path, results, total time spent on the modules, questions answered correct
or incorrect, which answers were given, which pages are viewed, and progress [37].
• TinCan or eXperience API (xAPI). xAPI is a standard for tracking, storing and sharing the learners’
learning experience and/or style across multiple platforms and contexts. xAPI enables e-learning providers
to understand better how users learn, both online and offline [38]. The data collected (e.g., reading an article,
taking a test, searching on the web, watching a video, chatting, and visited pages) from several sources are
stored in a Learning Record Store (LRS) (Chen & Wang, 2020). LRS is usually stored on one server and
contains all activities associated with the user.
030007-3
12 April 2024 19:08:19
• Learning Object Metadata (LOM). LOM is a schema representing the metadata of e-learning content
created by IEEE [39]. In XML format, the LOM is used to specify the semantics and syntax of educational
metadata. The LOM standard is mainly used as an inventory of resources to ensure the proper functioning of
the e-learning system [39].
Learners can access training content using computers (desktops and laptops), smartphones (mobile phones,
tablets) from anywhere at any time. In addition, learners can work online or offline through resources (audiotape,
video, documents) that can be stored on removable storage devices (CD/DVD, flash disk), and courseware.
The interaction between Digital Learning platforms and users collects and generates much data and metadata that
should be handled safely. What personal data is collected from users, and what metadata is generated in Digital
Learning?
PERSONAL DATA IN DIGITAL LEARNING
Personal data, also known as personal details or personal information or personally identifiable information (PII).
According to the National Institute of Standards and Technology (NIST), PII is “any information about an individual
maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s
identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records;
and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and
employment information” [40]. And according to General Data Protection Regulation (GDPR), “personal data refers
to any information relating to an identified or identifiable natural person” [41]. So personal data is any information
about an identifiable person.
Personal data has gained prominence as information technology and Internet facilitated its collection, resulting in
a lucrative market for its collection and resale. Unfortunately, criminals can also exploit personal data to track or steal
a person’s identity, or assist in planning criminal acts. Personal data can be classified into several categories, such as
“Basic Information” (name, age, place and date of birth, gender, photos, race, color, nationality or ethnic origin),
“Identification Information” (driver’s license, passport, social insurance numbers, social security numbers),
“Biometrics” (genes, fingerprints, voiceprints, facial features), “Authenticating” (username/passwords, PIN, system
account, IP address, email address), “Medical and Health” (health records, blood type, DNA code, medical history),
“Professional” (Job titles, salary, work history, school attended), “Financial” (sales, credit, income, loan records,
transactions, taxes), “Communication” (telephone number, voice mail, emails, SMS, phone calls), “Browsing history”
(media produced, consumed, and shared: in-text, audio, photo, video), “Device” (Mac address, software list, IP
address), “Location” (country, GPS coordinates, room number, longitude and latitude).
Traditionally, student personal information includes information relating to identity, academics, medical
conditions, or any other information collected, stored, and disclosed by schools or technology providers specific to a
student [42]. Students’ PII can include:
• Names, email, phone number, contact preferences, date and place of birth, identification documents;
• Parental, sibling and extended family details;
• Adopted children, children in care, children under special guardianship;
• Internal evaluation and external testing results;
• Student records and school programs followed;
• Attributes, such as ethnicity, language, eligibility for free school meals, Pupil Premium or special educational
needs;
• Detailed information on any medical condition, including physical and mental health;
• Details of any support received, including care packages, scholarships, plans and support providers;
• Exclusion, attendance, and safeguarding information;
• CCTV images.
Parents, policymakers, companies, and education stakeholders use student data, including quizzes and tests
scores, course grades, and demographic information, in a variety of ways to improve students’ education. In response
to COVID-19, most educational institutions opened their information systems to the Internet to allow their staff to
work remotely and students to attend classes online. This opening to the Internet exposes not only the services but
also the personal data of the users.
030007-4
12 April 2024 19:08:19
For institutions offering purely online training, the following PII can be collected and stored in Digital Learning
Environments:
• First and last name;
• Email address and password;
• Organization (affiliation);
• Profession;
• Job title;
• Birthday (only as required for certain accreditations);
• Users’ activity records describe users’ interaction with the online platform and training content, e.g., when
and where learners log in, what courses learners enrolled in, start and completion dates, session time, users’
devices types, forums, discussions [43], [44];
• Users’ performance records describe users’ results over the proposed evaluation quizzes or tests, e.g.,
scores, time used to finish, rank, number of attempts [43], [44].
This information is used to track learners’ progression, manage their accounts, and support them. As part of digital
learning, learners may sometimes be called to share their personal information with many online services. This data
sometimes gets compromised and misused if not handled securely. So, student data should be handled safely.
Depending on the data sensitivity, data theft or breach can have disastrous consequences or be very damaging to those
involved. So, what is sensitive data?
Sensitive data is information that, if disclosed to the public, would harm the entities it concerns. The loss, misuse,
alteration or unauthorized access to sensitive data can negatively affect the privacy of an individual, a company, or
even national security. According to GDPR, sensitive data, also known as special category data, include information
such as racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, genetic data,
biometric data, physical or mental health or condition, sexual orientation, trade union membership [41].
Based on the sensitivity of the data held by an organization, different classification levels are required to determine
who has access to that data and how long it should be retained. In general, data is classified into four categories:
restricted, confidential, internal only, and public [45]. Restricted data includes data that could result in massive penal
prosecution and legal fines, or cause irreparable damage to the entity involved if compromised or unauthorized
accessed. Confidential data is data that access requires specific authorization and/or clearance. Internal-only data is a
type of data that is strictly accessible to the organization’s internal staff or internal employees who are granted access
[45]. Public data is freely available to the public, i.e., it can be freely used, reused and redistributed without
repercussions. Some examples of personal data of an employee (teacher or facilitator) that can be public is: name,
salary, job titles, job description, work location, work phone number, honors and awards received, payroll time sheets,
university email address. In the case of education, the following personal data can be public, unless the student has
requested non-disclosure: name, address, telephone number, dates of enrollment/attendance, enrollment status
(full/part-time, not enrolled), a significant program of study, academic awards and honors, degree(s) received.
Hacking an e-learning platform can extract all student data, including their personal data. It can then be shared
online for malicious purposes. A secure digital learning platform ensures that student data is protected from hacking
and is secured.
SECURITY RISKS IN DIGITAL LEARNING
E-learning uses various technologies to improve the learning experience of the learners. Each time users (students
or teachers) interact with Digital Learning systems, personal data are collected, and metadata is generated. We notice
that all the technologies that can be used in Digital Learning are based on users’ personal data. And other technologies
collect users’ metadata that is stored and shared. Not only Digital Learning takes advantage of the benefits of these
technologies, but it also inherits their inconveniences. Some drawbacks (vulnerabilities, risks and threats) come from
the technologies used and process management and user operations. These can cause security problems such as
targeted ads, theft and personal details breaches, unauthorized data access and destruction, identity usurpation, and
violation of users’ privacy resulting in reputational damage and financial losses to platform users. Personal data
associated with Digital Learning platforms are primarily confronted with security risks following three (03) aspects:
technology risk, management risk, and user operational risk.
030007-5
12 April 2024 19:08:19
TECHNOLOGY RISK
To deliver or consume the contents of e-learning systems, the following components are involved: hardware
(servers, end-user devices), networks (wired and/or wireless, LAN, Internet), Operating Systems (OS), middleware
and software (LMS, Audio and Video conferencing tools, Webcasting tools), database, security tools and protocols.
Each component has its vulnerabilities and risks, and its integration in one environment can introduce new
vulnerabilities and threats. For example, an error in the configuration of servers or security protocols and/or tools, a
lack of network security, the presence of unpatched network, operating system, and software vulnerabilities, and
mismanagement of Data Base Management System (DBMS) can be exploited by hackers. The exploitation of
hardware and software vulnerabilities can lead to data theft, leakage, system intrusions, and unauthorized data access,
ultimately compromises users’ privacy [46].
MANAGEMENT RISK
Digital learning not only involves learners and instructors, but also the administrative and IT staff who manage the
learning platform, and monitor students’ learning style and progress. Stakeholders interacting with the learning
platform may not have sufficient or necessary IT or cybersecurity skills. Due to the lack of security skills and/or
awareness, learning platform managers may collect users’ personal data without their consent or without prior
authorization. They may not ensure users’ personal data privacy during the data life cycle, i.e., during data collection,
transmission, usage, storage and destruction. Platform managers may inadvertently or ignorantly grant access rights
to some users inappropriately, modify the platform’s configurations, and expose users’ confidential data [46]. They
may not periodically maintain the platform resources and databases, patch system vulnerabilities and update their
virus database in due time. Platform managers may not have adequate disaster recovery or data backup measures as
well, and they may expose and share user data without their consent. Most of these risks are due to ignorance, omission
or human error.
USER OPERATIONAL RISK
The most recurring user operational risk is related to user authentication [46]. Unaware users may set weak and
easily guessable passwords, fail to properly secure their passwords, not correctly use the existing advanced
authentication features or protocols. Oblivious to their privacy, users may let platforms collect their personal data
without their consent or collect data not needed for learning purposes. Users may install untrusted software, i.e.,
counterfeited software, malware and adware, which illegally access and collect their data and metadata. They may not
properly configure access rights to their personal data and may not implement the required measures to protect, backup
and destroy their personal data. There is significant risk to users through the use of public Wi-Fi networks, such as
man-in-the-middle attacks, packet sniffing and interception, and all possible network attacks.
Most of the risks are due to ignorance of the importance of security and data involved, and others are due to errors of
manipulation and omission. And the security risks are present on the side of the platform providers and the side of the
students.
DATA SECURITY IN DIGITAL LEARNING
Data security is a set of guidelines and technologies designed to protect data from unauthorized access, deliberate
or inadvertent destruction, alteration or leakage, or theft throughout its lifecycle [47], [48]. Data security can be
enforced through various strategies, including administrative controls, access controls, physical security, logical rules,
organizational standards and policies, and other forms of protection that restrict access to unauthorized or malicious
users or processes [47]. Security’s most important purpose is to protect all information an organization collects, stores,
creates, receives or transmits. Regardless of the device, technology or workflow used to process, maintain or collect
data, it needs to be protected consistently. Today all organizations, whether they are banking giants that store massive
amounts of personal and financial data, or educational institutions providing online or offline courses that store
information about their students and/or teachers, somehow deal with personal sensitive information. With the advent
of COVID-19, where Digital Learning is in vogue, the importance of protecting online learners’ data from threats and
attacks aimed at stealing or exposing user data and metadata is more critical today than it has ever been [49].
Today personal data are critical and attract many hackers. As a result, international organizations and countries have
established laws and regulations that organizations collecting personal data must obey to protect users’ privacy. Let’s
take a look at the different rules and regulations of countries.
030007-6
12 April 2024 19:08:19
DATA PROTECTION AND PRIVACY LEGISLATION
Fueled by the increasing global demand for data protection and privacy efforts, many new privacy regulations have
recently been adopted by some countries and international organizations. These laws and regulations allow institutions
handling personal data to use protocols, standards, technologies and security tools to protect their users’ privacy. Most
countries have adopted data privacy legislations to govern the way data is collected, processed, stored, used and shared,
how people are informed, and what control they have over their data once it has been transmitted. Violation of data
privacy can result in fines, legal action, or even a ban on using certain services in some jurisdictions. Browsing through
these laws and regulations can be daunting, but all e-learning platform providers should be aware of the data privacy
laws that affect their users (students and teachers). Here are some rules and regulations to be mindful of.
FIGURE 1. Data protection and privacy legislation worldwide map
According to the United Nations Conference on Trade and Development (UNCTAD), around the world, 66% of
countries have legislation to ensure data protection and privacy, 10% of countries have draft legislation, 19% of
countries with no legislation, and 5% of countries with no data [50]. As we can see in Figure 1, most countries already
have rules and legislation on data protection (blue color). A few are without data (white color), and the majority of
the countries without legislation (red color) are the African countries, with many countries already in the process of
adopting laws and regulations in this direction (purple color). This highlights the importance of having laws and
regulations to guide and regulate the collection and handling of personal data.
To protect the privacy of online users, the United Nations has proposed “The Right to Privacy in the Digital Age,”
which states that the rights held by people in real life (offline) must also be protected online [51]. In addition, the
Right to Privacy in the Digital Age identifies core elements of data privacy frameworks that states and companies
should adopt.
The National Institute of Standards and Technology (NIST), an agency of the United States Department of
Commerce proposed “NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information
(PII).” This document explains the importance of ensuring the confidentiality of PII and explains its relationship to
privacy using Fair Information Practices, which are the principles supporting most laws or regulations and best
practices [40].
The International Organization for Standardization (ISO) also proposed the “ISO/IEC 29100:2011 Information
technology Security techniques Privacy framework.” This international standard establishes a high-level framework
for PII protection in information and communication technologies (ICT) [52]. The framework specifies a common
privacy terminology, defines the stakeholders and their related roles in the PII processing, outlines privacy
safeguarding considerations, and references known privacy principles related to information technology [52].
030007-7
12 April 2024 19:08:19
The General Data Protection Regulation (GDPR) is the world’s strictest privacy and security law [41]. Even though
it was drafted and adopted by the European Union (EU), it imposes obligations on organizations, wherever they are
located, whenever they target or collect data about EU people. The GDPR is primarily intended to give control to
people over their personal data and provide a simplified regulatory environment for international businesses by
unifying the regulation within the EU. The GDPR defines data protection principles, e.g., lawfulness, fairness and
transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and
accountability [41], enumerates the cases in which it is legal to process personal data, sets out strict new rules on what
constitutes a data subject’s consent to process their information, recognizes a list of new privacy rights for data
subjects.
The United States (US) has data privacy laws, but there is no central federal privacy law like the EU’s GDPR.
Instead, there are several federal privacy laws and a new generation of consumer-focused privacy laws from states.
The US Privacy Act of 1974 contains essential rights and restrictions on data held by US government agencies [53].
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a landmark law that governs health
insurance. It is a very complex law with many moving parts but includes Sections on privacy and data security [54].
The Gramm-Leach-Bliley Act (GLBA) of 1999 is a considerable piece of banking and financial legislation that
contains essential requirements for the privacy and security of personal financial data [55]. The Children’s Online
Privacy Protection Act (COPPA) of 2000 has taken a first step toward regulating personal information collected from
minors. The law explicitly prohibits online companies from requesting PII from children under 12 years old unless
there is verifiable parental consent [56]. Over time, some states have adopted laws and legislation according to their
realities. Among these laws, we can cite California Consumer Privacy Act (CCPA), Massachusetts Data Privacy Law,
New York Privacy Act, Hawaii Consumer Privacy Protection Act, Maryland Online Consumer Protection Act, and
North Dakota’s HB 1485.
Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada. PIPEDA is federal
legislation that governs the collection, use and disclosure of personal data by private sector entities in a way that
recognizes both the right of the individual to have their personal data protected and the necessity for organizations to
collect, use and disclose personal information for purposes that a rational person would consider appropriate [57].
This law states that an organization must obtain an individual’s consent to collect, use and/or disclose personal
information to a third party involved in their business. Furthermore, the organization that receives the consent must
specify the use of the personal data and not deviate from it in its use. In Japan, online privacy is primarily governed
by general law, the Act on Protection of Personal Information (APPI), rather than a specific online privacy law. The
APPI applies to commercial operators that hold more than 5,000 people [58]. Japan has other personal information
protection laws that apply to government and public organizations. The APPI does not provide the details of personal
information protection but sets out basic rules. It requires all commercial operators who process personal information
to indicate the purpose of the information. The APPI did not establish a data protection agency and did not give the
government full enforcement powers. The legislature found that self-regulation by companies would be appropriate.
The Cybersecurity Law of the People’s Republic of China, known commonly as the Chinese Cybersecurity Law, was
promulgated to strengthen data protection, data localization and cybersecurity in the interest of national security. This
law is designed to ensure cybersecurity, preserve the integrity of cyberspace, national security and public interest,
protect citizens’ rights and legal interests, legal entities and other organizations, and promote the safe development of
economic and social digitalization [59]. The law requires that data be stored in China and that organizations and
network operators submit to government-led security checks.
The Protection of Personal Information Act (POPI Act or POPIA) of South Africa is a data protection law that
protects people from harm by protecting their personal information [60]. The purpose is to promote the protection of
personal information processed by public and private organizations; to introduce some conditions to establish
minimum requirements for the processing of personal data; to provide for the publication of codes of conduct; to
provide for the rights of people to concerning unrequested electronic communications and automated decision-
making; regulate the flow of personal data across South African borders, and to provide information on related issues
[61]. To accomplish this, the POPI Act sets out the conditions under which it is legal for an entity to process the
personal information of another person.
Data protection in Nigeria is a constitutional right based on Section 37 of the 1999 Constitution of the Federal
Republic of Nigeria [62]. Aware of the concerns about privacy and the protection of personal data and the critical
consequences of the lack of regulation of personal data processing, the National Information Technology Development
Agency (NITDA) has published the Nigeria Data Protection Regulations (NDPR). The purposes of the regulation are:
to preserve the rights of individuals to data privacy; to promote the security of transactions involving the exchange of
personal data; to prevent the manipulation of personal data, and to ensure that Nigerian businesses can compete in
030007-8
12 April 2024 19:08:19
international trade with the safeguards provided by strong data protection regulations [63]. The rule covers all storage
and processing of personal data about Nigerian citizens and residents.
By 2009, Benin became the seventh African country to adopt data protection laws (Data Protection Act),
following Mauritius, Cape Verde, Seychelles, Tunisia, Senegal and Morocco [64]. In 2018, Benin reorganized its legal
privacy policy framework as part of a larger project, the Benin Digital Code (Le Code Numérique du Bénin), which
also covers electronic communication´ networks and services, electronic identity and signature, e-commerce, trust
service providers, and cybercrime areas. The Digital Code was enacted two years after the GDPR became effective,
and many of the principles of the GDPR are found in the law, although most of them have been adapted to Benin’s
needs. Like most laws based on RGPD, the default lawful basis for processing personal data in Benin is the data
subject’s consent.
After looking at some laws and regulations, we noticed a similarity between the laws and regulations of different
countries. Therefore, whatever the law or regulation, or whatever the country, we have (1) any organization, whether
large or small, for-profit or non-profit, even in the educational domain, must respect the laws and regulations in force
in its country when personal data are collected, transmitted, stored and processed; (2) before handling the personal
information of a person, the person concerned must be informed about the purposes for which the data is being used
and get their agreement; and (3) in the instance of error, the person concerned has the right to request modifications
or updating of their information, and in the instance of fraud, the person concerned has the right to contest and take
judicial proceedings against the organization in question.
Based on these observations, it is clear that Digital Learning platform providers must use security tools, methods,
standards and strategies to conform to applicable laws and legislation.
BEST PRACTICES FOR PROTECTING DATA: LEARNING PLATFORM PROVIDERS
While the global pandemic persists, it is clear that most schools and universities will continue to rely on Online
Learning. To ensure the security of courses and users (teachers and students), it is up to institutions to prioritize
cybersecurity. Robust access control, multi-factor authentication, data integrity and confidentiality, and content
protection are essential to safeguard sensitive data and communications. In addition, e-learning platform providers
must protect sensitive data and take proactive steps to protect online communications between stakeholders.
If the platform is deployed on-premises, ensure the physical and logical security of resources, update operating
systems, software and tools regularly, and secure the network. Physical security is a core feature of any security system
that aims to ensure information confidentiality, integrity and availability through the physical protection of
infrastructure and access [65]. If someone gains access to the organization’s computer system, it can be damaged or
even destroyed. Physical security refers to the use of barriers, alarms, locks and other physical controls to restrict
physical access to premises, buildings, computers and equipment [66]. These measures are necessary to protect
hardware, their contents, and other physical resources from spying, theft, and accidental or intentional destruction. In
addition, institutions must provide security strategies to protect resources and infrastructures against disasters (water,
fire, earthquakes). Logical security refers to the implementation of security mechanisms by software; it is based on
the performance of a logical access control system based on an authentication, identification and authorization service.
It is also based on: the mechanisms implemented to guarantee confidentiality, including encryption, efficient
management of passwords and authentication procedures, anti-virus measures and backup of sensitive information.
If the e-learning platform is deployed in the cloud, then security is a shared responsibility. Institutions must
implement various security measures to protect cloud-based applications and data to mitigate security risks. Cloud
security best practices often include: securing the cloud management console, securing the virtual infrastructure,
securing API SSH keys, securing DevOps admin consoles and tools, securing DevOps pipeline code, and securing
administrator accounts for Software as s Service (SaaS) applications [65], [67]. Whether the platform is deployed on-
premises or in the cloud, e-learning platform providers must establish a security policy to ensure their users’ personal
data while respecting their privacy. To prevent sensitive personal data from being misused, institutions need to restrict
access and encrypt the data in transit and rest. When it comes to protecting data in transit, e-learning platform providers
need to secure their platform (website) with TLS/SSL certificates to encrypt the information and maximize trust.
Concerning the LMS, it is essential to install the necessary and available security plugins. Regularly update the LMS
and the tools used, secure the software used for videoconferencing and email exchange. Sensitize end-users on the
best practices adopting to secure their personal data.
030007-9
12 April 2024 19:08:19
BEST PRACTICES FOR PROTECTING DATA: TEACHERS AND STUDENTS
There is no sense in securing a Digital Learning platform if the end-users do not respect the security procedures or
ignore the concepts. Therefore, end-users should be made more aware of the risks and best security practices protecting
their privacy. The best practice is to defend ourselves before, during and after Online Learning [65].
Before starting Online Learning, preparing devices, networking, tools, and reading the privacy policy are
fundamental aspects of privacy that can ensure the quality of Online Learning [42]. Today various devices used for
online courses are in vogue, including tablets, smartphones, laptops in general, and sometimes desktops. Mobile
devices have a considerable advantage in e-learning (mobile learning) due to their portability allowing users to learn
from anywhere and anytime. However, mobile devices present high risks, including the risk of loss, theft,
abandonment or exchange of the device, implying an increased risk of loss, theft or exposure of the personal data
stored on it [68]. The first step in protecting personal data is to ensure that digital devices are correctly set up and kept
safe. To keep devices safe, we need to take care of cameras and microphones on devices, locked and set secure
passwords on devices, update the devices operating system, install anti-virus software, do not jailbreak or root
smartphones or tablets, make regular backups of critical personal data, do not install suspicious or counterfeit software,
install software from the official websites, and the operating systems’ own application stores, such as Microsoft Store,
Apple App Store, and Google Play Store [42]. Wi-Fi networks are much more common in areas where the 3G or 4G
network lacks connection. To avoid attacks like the man in the middle, browser hijacking, or network intrusion,
connecting and using the Internet safely is important. Hackers have more opportunities to exploit vulnerabilities over
your Wi-Fi connection than over 3G or 4G [69] when dealing with public Wi-Fi. Therefore, it is recommended to use
a home or professional Wi-Fi, or 3G or 4G if possible. Whatever the case, the use of a virtual private network (VPN)
is necessary.
To sign in to a Digital Learning platform, users must first register on the platform. Registered users usually provide
identifying information (such as a username or email address and password) to the system to prove their identity. It is
crucial for users to set a strong password to avoid password leakage, brute force or dictionary attacks, and thus prevent
leakage of their personal data. Password management tools or password vaults (e.g., LastPass, Dashlane, Keepass,
NordPass, Keeper, Bitwarden, RoboForm, Password Safe) are a great way to generate and manage strong passwords
[70]. Avoid Signing in a device that’s not yours. And if the situation requires us to use it, we can still protect our
personal data by following some basic rules. Never save our login credentials, erase our tracks or browsing history,
disable the feature that stores passwords, delete your temporary internet files and browsing history, never enter
sensitive information into a public computer, and never leave a public computer unattended with sensitive information
on the screen. After logging into a learning platform, learners can enroll in courses, post messages in forums,
discussion groups, blogs, and navigate and enjoy the content. The learner should know the Privacy Policy of the
learning platform to understand how to behave regarding comments in forums and blogs. Learn which sites to visit
when searching, which cookies to accept or not. During videoconferencing sessions, still protecting our personal
information, because live broadcasts cannot be edited, and we cannot undo what people have already seen. Personal
information can be leaked by what is said during the stream, shown to the camera or even in the background. It is
important to note that others can record live streams and then keep a copy even after the stream has ended or expired.
So, it is vital to behave properly during the live sessions.
CONCLUSION
In this paper, we made an overview of personal data protection in Digital Learning spaces. Discussing Digital
Learning, we have seen that e-learning has evolved with the web technology evolution. By reviewing the tools,
technologies, and standards used by Digital Learning, we observed that e-learning inherited the web’s vulnerabilities
and various technologies and tools. Digital Learning involves personal data, whether Fully Online Learning or
Blended Learning, or Synchronous or Asynchronous Learning. And each time users (teachers and students) interact
with the Digital Learning platform, metadata are generated and recorded. Learner’s personal data involved are names,
username, email address and password, affiliation, profession, job title, birthday, and picture. The generated metadata
are users’ activity reports and users’ performance reports. This metadata is analyzed and interpreted to personalize
learning for each learner and improve Online Learning convenience.
Unfortunately, these data attract hackers who target educational systems and e-learning platforms. Beyond the
inherited vulnerabilities and hackers’ potential attacks, Digital Learning Spaces face other threats such as technology
risk, management risk and user operational risk. This represents a tremendous risk of seeing personal data stolen, used
for malicious purposes, or even exposed to the public, causing reputational harm to the entity concerned. Most of
those risks are due to errors of manipulation or ignorance of the stakeholders.
030007-10
12 April 2024 19:08:19
To protect the privacy of all digital citizens, international organizations and countries enacted laws and legislations.
These laws and legislations are designed to oblige any organization that collects, processes, and stores personal data
to comply with some rules and implement data protection mechanisms. Statistics revealed that 66% of countries have
already adopted legislation, and 10% of countries have already draft legislation to protect personal data. Beyond the
regulations, we outlined the best security practices being adopted by Digital Learning platform providers and users.
Digital Learning platform providers must implement mechanisms, technologies, tools, protocols and standards to
ensure content and users security. They also implement a security policy per the laws and regulations of their countries
or area. Regarding the users, they must protect themselves before, during and after the online courses. Therefore, they
should use their own devices, install software from safe sources, avoid using public networks and, above all, update
their operating systems and software.
This paper appears as a vulgarization work that emphasizes the importance of security in Online Learning Spaces.
We have presented the potential security problems that can jeopardize users’ personal data, without mentioning the
issues encountered or persisting or even showing concrete incidents of attacks. Same for the security measures, which
remained generic. This can be explained by the fact that we would like all stakeholders in the educational and e-
learning system, to understand the importance of protecting learners’ personal data, whether they are computer
scientists or not. And those policymakers realize that the risks involved are considerable and can ruin a person’s
reputation so that they can invest in security in the post-COVID world.
We will present in-depth the problems and attacks that Digital Learning platforms face and the practical solutions to
counter the attacks and mitigate the issues in our future work.
ACKNOWLEDGEMENTS
This publication was made possible through the Digital Science and Technology Network (DSTN), supported by
IRD and AFD. In addition, we would like to thank the African Center of Excellence in Mathematical Science,
Informatics, and Applications (CEA-SMIA) and the African Centre of Excellence on Technology Enhanced Learning
(ACETEL) for their support.
REFERENCES
1. B. B. Lockee, “Online education in the post-COVID era,” Nat. Electron., vol. 4, no. 1, pp. 5–6, 2021.
2. N. S. Raj and V. Renumol, “A Rule-Based Approach for Adaptive Content Recommendation in a
Personalized Learning Environment: An Experimental Analysis,” in 2019 IEEE Tenth International
Conference on Technology for Education (T4E), 2019, pp. 138–141.
3. D. Garg, R. Patel, R. Patel, B. Kaka, P. Goel, and B. Patel, “Digital Learning: A New Perception to Learn
Beyond the Classroom Boundary,” in International Conference on Information and Communication
Technology for Intelligent Systems, 2020, pp. 517–527.
4. J. L. Moore, C. Dickson-Deane, and K. Galyen, “e-Learning, online learning, and distance learning
environments: Are they the same?,” Internet High. Educ., vol. 14, no. 2, pp. 129–135, 2011.
5. G. Siemens, D. Gasevic, and S. Dawson, “A review of the history and current state of distance, blended, and
online learning,” Prep. Digit. Univ. Athabasca Univ. Bill Melinda Gates Found., 2015.
6. Z. Bezovski and S. Poorani, “The evolution of e-learning and new trends,” in Information and Knowledge
Management, 2016, vol. 6, pp. 50–57.
7. J. B. Williams and M. Goldberg, “The evolution of e-learning,” Balance Fidel. Mobil. Maint. Momentum, pp.
725–728, 2005.
8. S. Downes, “E-learning 2.0,” ELearn, vol. 2005, no. 10, p. 1, 2005.
9. M. Dominic, S. Francis, and A. Pilomenraj, “E-learning in web 3.0,” Int. J. Mod. Educ. Comput. Sci., vol. 6,
no. 2, p. 8, 2014.
10. F. Hussain, “E-Learning 3.0= E-Learning 2.0+ Web 3.0?.,” Int. Assoc. Dev. Inf. Soc., 2012.
11. P. Miranda, P. Isaias, and C. J. Costa, “E-Learning and web generations: Towards Web 3.0 and E-Learning
3.0,” Int. Proc. Econ. Dev. Res., vol. 81, p. 92, 2014.
12. N. Rubens, D. Kaplan, and T. Okamoto, “E-Learning 3.0: anyone, anywhere, anytime, and AI,” in
International conference on web-based learning, 2012, pp. 171–180.
13. J. S. Barrot, I. I. Llenares, and L. S. del Rosario, “Students’ online learning challenges during the pandemic
and how they cope with them: The case of the Philippines,” Educ. Inf. Technol., pp. 1–18, 2021.
030007-11
12 April 2024 19:08:19
14. M. Rohman, F. Baskoro, and L. EndahCahyaNingrum, “The Effectiveness and Efficiency of Google
Classroom as an Alternative Online Learning Media to Overcome Physical Distancing in Lectures Due to
the Covid-19 pandemic: Student Perspectives,” in 2020 Third International Conference on Vocational
Education and Electrical Engineering (ICVEE), 2020, pp. 1–6.
15. A. P. Rovai and H. M. Jordan, “Blended learning and sense of community: A comparative analysis with
traditional and fully online graduate courses,” Int. Rev. Res. Open Distrib. Learn., vol. 5, no. 2, pp. 1–13,
2004.
16. H. Singh, “Building effective blended learning programs,” in Challenges and Opportunities for the Global
Implementation of E-Learning Frameworks, IGI Global, 2021, pp. 15–23.
17. P. Dorsah and others, “Synchronous Versus Asynchronous: Pre-Service Teachers’ Performance in Science
Formative Assessment Tests,” Open Access Libr. J., vol. 8, no. 04, p. 1, 2021.
18. N. G. Koroleva, A. V. Vozdvizhenskaya, A. K. Vsevolodova, and A. Y. Vikhareva, “The Effect of Remote
Classroom Attendance on Students’ Course-Satisfaction,” in Knowledge in the Information Society,
Springer, 2020, pp. 311–323.
19. J. Busch, P. Hanna, I. O’Neill, N. Anderson, and A. McGowan, “Design, development and analysis of a new
approach to synchronous learning through a web-based broadcasting platform.,” in Computing Education
Practice, 2017.
20. S. M. Kamunya, R. O. Oboko, E. M. Maina, and E. K. Miriti, “A Systematic Review of Gamification Within
E-Learning,” Handb. Res. Equity Comput. Sci. P-16 Educ., pp. 201–218, 2021.
21. T. T. Lee, K. T. Wong, N. Daud, I. Zainol, M. I. M. Damanhuri, and others, “Chemistry laboratory
management techniques massive open online course: Development and evaluation on students’
perception,” Educ. J. Sci. Math. Technol., vol. 7, no. 2, pp. 50–64, 2020.
22. N. Ahmad, “Web Engagement Strategies In Business, Government And Education Sector,” Int. J. Softw. Eng.
Comput. Syst., vol. 7, no. 1, pp. 12–23, 2021.
23. B. Berendt, A. Littlejohn, and M. Blakemore, “AI in education: learner choice and fundamental rights,”
Learn. Media Technol., vol. 45, no. 3, pp. 312–324, 2020.
24. R. Paiva and I. I. Bittencourt, “Helping teachers help their students: A human-ai hybrid approach,” in
International Conference on Artificial Intelligence in Education, 2020, pp. 448–459.
25. S. Coghlan, T. Miller, and J. Paterson, “Good proctor or" Big Brother"? AI Ethics and Online Exam
Supervision Technologies,” ArXiv Prepr. ArXiv201107647, 2020.
26. C. Panigrahi and others, “Use of Artificial Intelligence in education,” Manag. Account., vol. 55, pp. 64–67,
2020.
27. A. Scavarelli, A. Arya, and R. J. Teather, “Virtual reality and augmented reality in social learning spaces: A
literature review,” Virtual Real., vol. 25, pp. 257–277, 2021.
28. K. Nesenbergs, V. Abolins, J. Ormanis, and A. Mednis, “Use of Augmented and Virtual Reality in Remote
Higher Education: A Systematic Umbrella Review,” Educ. Sci., vol. 11, no. 1, p. 8, 2021.
29. K. Dahdouh, A. Dakkak, A. Dakkak, L. Oughdir, and I. Abdelali, “Improving Online Education Using Big
Data Technologies,” Role Technol Educ, 2020.
30. H. Waheed, S.-U. Hassan, N. R. Aljohani, J. Hardman, S. Alelyani, and R. Nawaz, “Predicting academic
performance of students from VLE big data using deep learning models,” Comput. Hum. Behav., vol. 104,
p. 106189, 2020.
31. M. A. Khan and K. Salah, “Cloud adoption for e-learning: Survey and future challenges,” Educ. Inf. Technol.,
vol. 25, no. 2, pp. 1417–1438, 2020.
32. D. Otoo-Arthur and T. L. van Zyl, “A Scalable Heterogeneous Big Data Framework for e-Learning Systems,”
in 2020 International Conference on Artificial Intelligence, Big Data, Computing and Data
Communication Systems (icABCD), 2020, pp. 1–15.
33. T. Hewa, M. Ylianttila, and M. Liyanage, “Survey on blockchain based smart contracts: Applications,
opportunities and challenges,” J. Netw. Comput. Appl., p. 102857, 2020.
34. T. Y. Lam and B. Dongol, “A blockchain-enabled e-learning platform,” Interact. Learn. Environ., pp. 1–23,
2020.
35. P. A. Sunarya, U. Rahardja, L. Sunarya, and M. Hardini, “The Role Of Blockchain As A Security Support For
Student Profiles In Technology Education Systems,” InfoTekJar J. Nas. Inform. Dan Teknol. Jar., vol. 4,
no. 2, pp. 13–17, 2020.
36. A. Pfeiffer, S. Bezzina, T. Wernbacher, and S. Kriglstein, “Blockchain Technologies for the Validation,
Verification, Authentication and Storing of Students’ Data,” in European Conference on e-Learning, 2020,
pp. 421–XIX.
030007-12
12 April 2024 19:08:19
37. M. Takev, E. Somova, S. Gaftandzhieva, and M. R. Artacho, “System for creation, support and tracking of
interactive learning activities,” in IOP Conference Series: Materials Science and Engineering, 2020, vol.
878, p. 012034.
38. C.-M. Chen and W.-F. Wang, “Mining effective learning behaviors in a web-based inquiry science
environment,” J. Sci. Educ. Technol., vol. 29, pp. 519–535, 2020.
39. C. De Medio, C. Limongelli, F. Sciarrone, and M. Temperini, “MoodleREC: A recommendation system for
creating courses using the moodle e-learning platform,” Comput. Hum. Behav., vol. 104, p. 106168, 2020.
40. K. S. Erika McCallister Tim Grance, “Guide to Protecting the Confidentiality of Personally Identifiable
Information (PII),” Natl. Inst. Stand. Technol., 2010.
41. B. Wolford, “What is GDPR, the EU’s new data protection law?,” GDPR.eu. Feb. 2019. [Online]. Available:
https://gdpr.eu/what-is-gdpr/
42. R. H. Huang, Personal Data and Privacy Protection in Online Learning: Guidance for Students, Teachers
and Parents. Beijing: Smart Learning Institute of Beijing Normal University, 2020.
43. Á. Del Blanco, Á. Serrano, M. Freire, I. Martínez-Ortiz, and B. Fernández-Manjón, “E-Learning standards
and learning analytics. Can data collection be improved by using standard data models?,” in 2013 IEEE
Global Engineering Education Conference (EDUCON), 2013, pp. 1255–1261.
44. P. Dráždilová, G. Obadi, K. Slaninová, S. Al-Dubaee, J. Martinovič, and V. Snášel, “Computational
intelligence methods for data analysis and mining of elearning activities,” in Computational intelligence for
technology enhanced learning, Springer, 2010, pp. 195–224.
45. V. M. Deshpande and A. Desai, “Smart Secure: A Novel Risk based Maturity Model for Enterprise Risk
Management during Global Pandemic,” in 2021 6th International Conference for Convergence in
Technology (I2CT), 2021, pp. 1–7.
46. E. Djeki, J. Degila, C. Bondiombouy, and M. H. Alhassan, “Security Issues in Digital Learning Spaces,” in
2021 IEEE International Conference on Computing (ICOCO), Nov. 2021, pp. 71–77. doi:
10.1109/ICOCO53166.2021.9673575.
47. Forcepoint, “What is Data Security?” May 2021. [Online]. Available: https://www.forcepoint.com/fr/cyber-
edu/data-security
48. IBM, “What is data security? Definition, solutions and how to secure data.” [Online]. Available:
https://www.ibm.com/topics/data-security
49. E. Djeki, J. Dégila, M. H. Alhassan, and C. Bondiombouy, “Analyzing Learners’ Privacy in MOOC and
Online Learning Platform,” in 2022 IEEE International Conference on Computing (ICOCO), Nov. 2022,
pp. 358–363. doi: 10.1109/ICOCO56118.2022.10031923.
50. UNCTAD, “Data Protection and Privacy Legislation Worldwide.” UNCTAD, Apr. 2020. [Online]. Available:
https://unctad.org/page/data-protection-and-privacy-legislation-worldwide
51. OHCHR, “OHCHR and privacy in the digital age.” OHCHR, 2019. [Online]. Available:
https://www.ohchr.org/en/issues/digitalage/pages/digitalageindex.aspx
52. T. O. Adekunle and O. O. Olufunke, “ISO/IEC 29100:2011,” ISO. ISO, May 2017. [Online]. Available:
https://www.iso.org/standard/45123.html
53. S. M. Boyne, “Data protection in the united states,” Am. J. Comp. Law, vol. 66, no. suppl_1, pp. 299–343,
2018.
54. I. G. Cohen and M. M. Mello, “HIPAA and protecting health information in the 21st century,” Jama, vol. 320,
no. 3, pp. 231–232, 2018.
55. A. Ghosh, “Discerning the impact of disaggregated non-interest income activities on bank risk and profits in
the post-Gramm-Leach-Bliley Act era,” J. Econ. Bus., vol. 108, p. 105874, 2020.
56. E. I. Brooks and A. K. Moeller, “Children’s Perceptions and Concerns of Online Privacy,” in Extended
Abstracts of the Annual Symposium on Computer-Human Interaction in Play Companion Extended
Abstracts, 2019, pp. 357–362.
57. O. of the P. C. of Canada, “Questions and Answers regarding the application of PIPEDA, Alberta and British
Columbia’s Personal Information Protection Acts,” Office of the Privacy Commissioner of Canada. Nov.
2004. [Online]. Available: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-
information-protection-and-electronic-documents-act-pipeda/r_o_p/02_05_d_26/
58. S. Umeda, “Online Privacy Law: Japan,” Online Privacy Law: Japan | Law Library of Congress. Jun. 2012.
[Online]. Available: https://www.loc.gov/law/help/online-privacy-law/2012/japan.php
59. X. Wu, “Chronology of Practice: Chinese Practice in Public International Law in 2016,” Chin. J. Int. Law,
vol. 16, no. 3, pp. 547–615, 2017.
030007-13
12 April 2024 19:08:19
60. S. Mabunda, “Cybersecurity in South Africa: Towards Best Practices,” in CyberBRICS, Springer, 2021, pp.
227–270.
61. S. A. Government, “Protection of Personal Information Act 4 of 2013,” South African Government. [Online].
Available: https://www.gov.za/documents/protection-personal-information-act
62. A. Akinwunmi, “Nigeria - Data Protection Overview,” DataGuidance. Jun. 2021. [Online]. Available:
https://www.dataguidance.com/notes/nigeria-data-protection-overview
63. J. Anyanwu, “The Nigeria Data Protection Regulation: KPMG NG,” KPMG. KPMG, Aug. 2019. [Online].
Available: https://home.kpmg/ng/en/home/insights/2019/08/the-nigeria-data-protection-regulation.html
64. A. Sylla, “Data protection in Benin: ALB Article,” ALB Legal and Business Issues from Africa. Global Legal
Group. [Online]. Available: https://iclg.com/alb/10175-data-protection-in-benin
65. E. Djeki, J. Degila, C. Bondiombouy, and M. H. Alhassan, “Preventive Measures for Digital Learning Spaces’
Security Issues,” in 2022 IEEE Technology and Engineering Management Conference (TEMSCON
EUROPE), Apr. 2022, pp. 48–55. doi: 10.1109/TEMSCONEUROPE54743.2022.9801945.
66. S. Al-Fedaghi and O. Alsumait, “Towards a conceptual foundation for physical security: Case study of an it
department,” Int. J. Saf. Secur. Eng., vol. 9, no. 2, pp. 137–156, 2019.
67. RedHat, “What is different about cloud security,” Red Hat. [Online]. Available:
https://www.redhat.com/en/topics/security/cloud-security
68. M. La Polla, F. Martinelli, and D. Sgandurra, “A survey on security for mobile devices,” IEEE Commun.
Surv. Tutor., vol. 15, no. 1, pp. 446–471, 2012.
69. G. Delac, M. Silic, and J. Krolo, “Emerging security threats for mobile platforms,” in 2011 Proceedings of the
34th International Convention MIPRO, 2011, pp. 1468–1473.
70. S. Gaw and E. W. Felten, “Password management strategies for online accounts,” in Proceedings of the
second symposium on Usable privacy and security, 2006, pp. 44–55.
030007-14
12 April 2024 19:08:19
