-
Notifications
You must be signed in to change notification settings - Fork 1
/
2015-11-24-CH_student_request.txt
70 lines (57 loc) · 3.6 KB
/
2015-11-24-CH_student_request.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
From: Paul-Olivier Dehaye
Subject: Access and Notice under US-CH Safe Harbor as Coursera student
Dear Coursera Representative,
My name is Paul-Olivier Dehaye, I am a resident of Zurich, Switzerland. I have
an account on the Coursera website associated to the email address
I have used the Coursera platform as a student since late 2012. Since January
2014, Coursera has agreed to comply to the self-regulatory data protection
framework called US-CH Safe Harbor, to be enforced by the FTC [1, where I in
fact found your email address]. This framework encompasses seven principles
[2], and is meant to offer equivalent protection to the Swiss Federal Act on
Data Protection [3]. Two of those principles are Access and Notice.
I would like to ask you for the following:
1. Under Access, I would like to get all the information associated to the
deletion and moderation of my posts (including method used, logic, and timing
information) in any of the courses I have participated in. I seek also to have
information whether this moderation or deletion was automated, semi-automated
or purely manual.
2. Under Notice, please inform me of any data that might have been collected or
computed about me. This includes any of the hundreds of A/B tests that I might
have unknowingly participated in as a student. Under Notice, please also inform
me of the logic followed to decide whether to include me or not in those
experiments. This would include information about the ethical protocols
followed by Coursera to decide whether and how to run this experimentation. I
am assuming I would be informed on a case-by-case basis by universities when
they decide to run their own experimentation (and in fact this has happened).
This request also includes any information about the building of a "personality
profile" [3], based on my interactions with the platform.
3. Under Access, please provide me with all the information collected by the
Coursera app, which I have installed on my smartphone at some point in 2015.
4. Under Access, please provide me with all the information collected for the
purpose of identification and authentication for tests and quizzes on the
platform. This would include keystroke biometrics and the associated
processing, as well as pictures and the associated processing.
5. Under Notice, please provide me with a listing of all the third parties that
Coursera has shared or intends to share my data with, and the conditions that
governed this transfer (a data policy, for instance). This would include
confirmation or denial of any transfer or intent to transfer my data to law
enforcement or intelligence services, confirmation or denial of any transfer or
intent to transfer my data to for-profit or nonprofit universities, and
confirmation or denial of any transfer or intent to transfer my data with
potential investors or buyers of Coursera.
It is my understanding that Coursera has 40 days to comply with this request,
which would bring us to January 4th 2016. Should you have any clarifying
question, for instance about the scope of my requests, I would be happy to
answer, but this would most likely eat into that time period. Should you fail
to fully comply with this request, I reserve the right to use any or all
possible avenues to exercise my rights.
Sincerely,
Paul-Olivier Dehaye
Zurich
[1] https://safeharbor.export.gov/companyinfo.aspx?id=26126 (accessed Nov 24
2015)
[2] http://export.gov/safeharbor/swiss/eg_main_018500.asp (accessed Nov 24 2015)
[3] https://www.admin.ch/opc/en/classified-compilation/19920153/index.html
(accessed Nov 24 2015)