Developing GDPR-Compliant Privacy Policies for Online Learning Platforms: The PPGen Approach

This project introduces PPGen, a system designed to generate GDPR-compliant privacy policies specifically for Online Learning Platforms (OLPs). OLPs, which became increasingly popular during the COVID-19 pandemic, require users to provide personal information, thus creating privacy concerns. With the need to comply with various global data protection regulations like GDPR, there's a gap in assisting OLP providers to create suitable privacy policies that match their software functionalities.

PPGen was created after analysing privacy policies from ten popular OLPs, including Moodle, Coursera, and edX. From these, the team constructed a library of 125 privacy clauses, which are used by PPGen to generate customised privacy policies. This system operates through an interactive, rule-based system that poses a series of questions to OLP developers. Based on their answers, PPGen crafts a privacy policy tailored to the specific OLP. The core of PPGen is its "Engine", comprising 167 questions across ten sections, each with details such as question number, type, possible answers, and related privacy clauses.

In essence, PPGen aims to bridge the gap in the creation of GDPR-compliant privacy policies for OLPs. It does so by providing a nuanced, interactive approach that customises policies according to the unique needs of each OLP, based on developer input. This method can potentially be extended to other software applications and platforms as well.

Project lead

Dr Omar Haggag

Collaborators

Pattaraporn Sangaroonsilp (University of Wollongong), Hoa Khanh Dam (University of Wollongong), Prof John Grundy, Aditya Ghose (University of Wollongong)