The General Data Protection Regulation (GDPR) is the new EU legal framework for the processing of personal data. The use of any information related to an identified or identifiable person by a software will imply the compliance with this European legislation. The objective of this chapter is to focus on the processing of a specific category of personal data: sensitive data (mainly face recognition and voice recognition) to verify the user’s identity. Indeed, the GDPR reinforces requirements for security measures to ensure the integrity and confidentiality of these personal data. We analyze three privacy aspects: the possibility to obtain a valid consent from the user, how to ensure the transparency principle and the implication of openness and the framework to implement in order to use the feedback given by the system to the user. From an ethical point of view, the request for consent is legitimized by the existence of a real assessment alternative left to the student. Then the different components of the right to transparency are illustrated by examples from the field. Finally, the question of feedback is expressed in the form of a dilemma highlighting the possible risks of poorly justified decisions due to the way feedback is exposed.
|Title of host publication||Engineering Data-Driven Adaptive Trust-based e-Assessment Systems|
|Subtitle of host publication||Challenges and Infrastructure Solutions|
|Editors||David Baneres, M. Elena Rodriguez, Ana Elena Guerrero|
|Place of Publication||Cham|
|Publication status||Published - 2019|
|Name||Lecture Notes on Data Engineering and Communications Technologies|