With or Without EU: Navigating GDPR Constraints in Online Education Research

Concurrent Session 2

Brief Abstract

In this session, we discuss how the EU’s General Data Protection Regulation (GDPR) impacts researchers interested in studying online, at-scale education programs, which often enroll EU students. We discuss our own difficulties with ensuring GDPR compliance, suggest general research implications, and provide practical recommendations for conducting research in online education.


Alex Duncan is the Associate Director of Student Experience for Georgia Tech's Online Master of Science in Computer Science (OMSCS) program. He oversees course maintenance and TA hiring and addresses student feedback. His research interests lie at the intersection of online education, learning at scale, and student experience.
David Joyner is the Associate Director for Student Experience in Georgia Tech's College of Computing, overseeing the administration of the college's online Master of Science in Computer Science program as well as its new online undergraduate offerings. He has developed and teaches CS6460: Educational Technology, CS6750: Human-Computer Interaction, and CS1301: Introduction to Computing, all online.

Extended Abstract

The General Data Protection Regulation (GDPR), passed in 2018, outlined new data privacy standards applying to residents of the European Union (EU). The impact of this law stretches beyond the EU to anyone—such as researchers across the world—collecting or processing data from EU residents. Researchers have had to augment their methodologies to ensure GDPR compliance. This initiative intersects with online, at-scale educational programs, which often enroll EU students and are also often the subject of institutional research. While creating a study to research students in an online Master of Science in Computer Science (MSCS) program, some of whom are in the EU, we encountered difficulties with ensuring GDPR compliance. In this session, we discuss the implications of the GDPR related to both general research and our specific study. We discuss the challenges of interpreting the GDPR and integrating it into our methodology as well as potential solutions, our ultimate resolution, and practical recommendations, and we consider what the future of data privacy legislation means for researchers.