Abstract
The “postdigital condition” is characterized by an entanglement of digital and analogue media technologies and practices, with two of today’s primary societal challenges being a loss of privacy in data-driven media practices and the implicit power relations within media constellations that determine who is able to participate how. Education plays a crucial role in this context, being both the sphere in which reflection on these challenges can take place and also being itself based on digital media constellations that must in turn be reflected upon. This chapter considers two workshop concepts that facilitate such reflection: one based on Data Protection Impact Assessments (DPIA), based on risk management and the tradition of technology impact assessments, and an original approach for reflection on media constellations that has its roots in media and practice theory.
You have full access to this open access chapter, Download chapter PDF
Similar content being viewed by others
Participation, Reflection, and Educational Media in the “Postdigital Condition”
A s chool uses a Learning Management System to organize the setting and handing-in of homework . With this system, teachers can see whether and when the students submitted their completed tasks. One teacher stated that he now checked each and every piece of homework , with the result that he now gave different grades to certain students than before. One student stated that he was experiencing stress because the teachers would now always know when he had done which piece of homework.
This brief impression can be seen as representative of the “postdigital condition.” As outlined in the introduction to this volume, this condition can be characterized by the ubiquity of digital technology within most areas of our everyday lives, including the setting and handing-in of homework. Educational media practices today are in general deeply entangled with digital technologies (Macgilchrist, 2020) and schools thus become sites of performed postdigitality. Participation comes into play on at least two levels here: (a) participation in the postdigital condition and (b) participation in shaping it. Whereas participation in terms of (a) simply means to become involved in postdigital practices, participation in terms of (b) means to have a voice and a say in deciding which technologies are implemented how and—ideally—in decisions around the design of the technologies themselves. This is crucial, as all media or technology makes some kind of difference to others and this difference comes into play whenever a new such tool is put into practice, such as when data production, data processing, and teaching and learning practices change when using Learning Management Systems (LMS), for example, Moodle, iServ, or Google Classroom for managing homework. In line with the critical approach to postdigital theory (Striano, 2019), reflection is required on what this difference is in each given context and to what extent it matters. Reflection thus becomes the basis for deciding in what aspects of the postdigital condition one is willing to participate in terms of (a), as well as what measures to take when participating in shaping the postdigital condition in terms of (b). Against this backdrop, educational media are both (1) means of reflecting on the postdigital condition and (2) part of the postdigital reality itself. Although both aspects are of great importance, this chapter will focus on reflection on, and the shaping of, educational media together with practitioners.
Many approaches, both existing and under development, appear suitable for this focus. On the one hand, concepts such as the Tech Check from Unblack the Box,Footnote 1 the Pedagogical Impact Assessment (PIA) (Kerssens & van Dijck, 2022), Data Ethics Decision Aid (DEDA) for reflections beyond educational media (Franzke et al., 2021), or the Media Constellation Analysis (MCA) (Weich, 2020) focus on political, cultural, pedagogical, ethical, and/or media-related aspects. On the other hand, established approaches from technology-focused assessments seek to assess the risks of technologies before their implementation. In the case of digital technologies, these assessments often deal with risks that arise from the collection, processing, and further use of personal data, especially since the General Data Protection Regulation (GDPR) came into force, demanding a Data Protection Impact Assessment (Art. 35 GDPR) (Friedewald et al., 2022) when the processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. Both kinds of approaches are based on different traditions, theories, and concepts and are seen as complementary for assessing EdTech (Kerssens & van Dijck, 2022), but seldom combined, although they share the common goal of analytical reflection on technology and its use. This leads us to the assumption that a combination of both kinds of approaches has the potential to give a more comprehensive picture of educational media. This is especially important in participatory research contexts in which practitioners can articulate their perspectives on educational media and reflect on their use or even help to shape them. This chapter will therefore make use of experience from an interdisciplinary participatory research context that combines media studies, computer science, and data protection, describing two different approaches from our academic fields. We will then relate these to one another in order to find synergies that take advantage of the diverse expertise involved and enable people in participatory processes to reflect on postdigital educational media use and shape technologies as well as practices according to their needs and values.
In the following, we will first outline the backgrounds and implementations of workshop concepts that make use of (a) the Media Constellation Analysis (MCA), informed by media studies, and (b) the workshops embedded in a Data Protection Impact Assessment (DPIA), which is grounded in data protection legislation and the tradition of technological impact assessments in diverse fields around digital services encompassing workflows and technologies. We will map out the key elements of these approaches, how they are put into action in workshops, and what potential they offer for reflecting on and shaping educational media in a participatory manner. Finally, we compare both approaches in terms of similarities and differences, and suggest ways to combine them in order to generate interdisciplinary synergies.
Two Approaches for Reflecting on Educational Media in a Postdigital World
Media Constellation Analysis (MCA)
The media constellation model and the method of analysis based on it originated from the aim to conduct media analysis, reflection, and design based on media studies perspectives together with people who have no prior knowledge of these.Footnote 2 The desideratum arose from the lack of a model enabling the development of analytical perspectives and questions based on media theory together with representatives of other disciplines and practitioners, or offering these a heuristic process with which to analyse, reflect on, and design media. Media reflection in practice contexts is particularly relevant in phases of media transformations and associated challenges. Consequently, the model and the method had to be positioned within the discursive field around “digital media” and “digitization,” and it needed to make current transformations comprehensible without following the dominant technology-centred and progress-oriented positions, even explicitly opposing them. It thus connects well with the notion of “postdigital” (see also the introduction to this chapter and to the volume).
The idea of media constellations is based on a set of assumptions and concepts from media theory, first and foremost the invisibility or unconsciousness of relevant parts of media, the idea of media as products of heterogeneous interrelated elements rather than mere technologies, and the production of meaning as a constitutive aspect of media. The assumption that media, or certain aspects of them and their and modes of action, usually remain hidden is a commonplace of media studies approaches rich in tradition (see Burkhardt, 2015, p. 35ff. for a detailed discussion) and not least justifies the existence of media studies itself. Krämer assumes that media
act like window panes: the more transparent they remain, the more inconspicuously they stay below the threshold of our attention, and the better they do justice to their task. […] It is only in the noise, which is in the disturbance or even in the breakdown of their smooth service, that the medium is brought to mind. The undistorted message, on the other hand, renders the medium almost invisible. (Krämer, 1998, p. 74; transl. AW)
And Hartmut Winkler states that “[i]t takes an almost artificial detachment to bring the media themselves into view” (Winkler, 2004, p. 24; transl. AW). The MCA seeks to enable this “distancing” and to recognize “the medial” not only in the “disturbance,” “noise,” or “failure,” at the same time recognizing that the latter can provide useful information about media constellations and that “noise” can be seen as a fruitful analytical perspective within postdigital theory (Macgilchrist, 2021), but also in a targeted search for elements and interactions. In addition to the “mediated,” of which McLuhan said it was “like the juicy piece of meat carried by the burglar to distract the watchdog of the mind” (McLuhan, 1964, p. 32), the question of what is involved with what relevance in the constitution of a media constellation shifts into view further elements that often remain hidden in everyday dealings with media. Examining interactions brings the manner of this constitutive process into focus.
The media constellation model follows in the tradition of many other concepts that conceptualize media as products of heterogeneous elements (e.g. Leschke, 2015; Burkhardt, 2015; Schüttpelz, 2013; Couldry, 2008) (see Fig. 8.1).Footnote 3 Yet, it adds another facet by introducing a heuristic distinction between the elementary groups of materialities (hardware, spaces/architecture, bodies, and so on), knowledges and practices (cultural and discursive elements), content (the perceptible elements that signify the constituted meaning), and subject positions (requirements to human actors, interpellations), which are interrogated with regard to their interactions that, to a certain extent, constitute mediality (see Weich, 2020, 2023).
The media constellations model
To return to the vignette above about homework and LMS, important materialities are, for instance, servers (in the case of Moodle, these might be local; in the case of Google Classroom, they might be in any of Google’s data centres), the Wi-Fi routers in school and the students’ homes, or devices such as tablets or smartphones. Relevant knowledges and practices are about the concept of homework within schools in general but also practices known from ticket systems in business contexts as well as knowledge about surveillance and discipline. Checking and giving feedback on each and every student’s piece of homework is a new digital practice for teachers, and students might adapt their practices of working on the given tasks, knowing that they are being checked systematically. The crucial content is, besides the software and its interface, on the one hand, the homework and the feedback itself but, on the other hand, it is also the information on whether and when the homework was submitted as well as metadata documenting in detail the use of the platform. The subject position of the teacher is characterized by the opportunity and also the (implicit) imperative to check and give feedback to each and every homework (ticket) and thus to take on the role of an all-seeing supervisor and corrector. The subject position of the student is characterized by the imperative to work on each and every task (ticket) in time and in a way that the all-seeing teacher appreciates.
This kind of analysis is accompanied by a gridding or categorization that provides a pragmatic added value compared to many of the approaches mentioned, since it names what to look for within these confusing entanglements. On the other hand, it is accompanied by a presuppositional setting that shapes and restricts one’s view. Those seeking the elements mentioned take them as a given starting point and leave others out of the equation. At the same time, the model does not itself specify what is to be understood under the headings of the element groups in each case, but leaves room for diverse definitions with an open invitation to decide in the course of a specific analysis what exactly is meant by materialities, for instance, and with reference to which theories and concepts. In doing so, depending on the approach chosen, the boundaries may become fragile and/or element groups may overlap. At the same time, it is by no means to be assumed that the elements found in the analysis can usually be described on their own, but rather that they often (co-)produce each other and that the description of one must include a description of the others. In the case of interactions, it is therefore not always necessary to assume an interaction of existing elements but, following Barad, also their intra-action (Barad, 2005). With regard to digital media, such a perspective—in the sense of the approaches to (post)digitality outlined above—leads us not to start from “single media” and not to focus on “the digital” as a property in and of itself, but rather on the multifaceted co-constitutive interweavings of digital and analogue elements. These, and this is directly connected to (a), are not all openly revealed, but must be analytically “taken apart” or brought forth through the “lenses” chosen in each case.
The primary purpose of media constellations is to constitute a “symbolic sphere” (Winkler, 2008) that creates meaning. This distinguishes them from other heterogeneous constellations whose primary purposes are about purely physical changes, such as a jackhammer that is meant to break things on a construction site. This “two-worlds theory” is controversial, but it seems pragmatically helpful for the purposes of demarcation.
Objectives of the Media Constellation Analysis (MCA)
Generally speaking, the media constellation model serves as a bridge between abstract media theory and the experience of practitioners such as teachers and students. It provides a heuristic device to map out interrelations between the heterogeneous elements of media constellations without determining these in detail. From the researcher’s point of view, the main objective is to enable those unfamiliar with media theory or analysis to gain an understanding of the relatedness of these seemingly disparate elements (practices and knowledges—subject positions—materiality—content). This can also be understood as analysing the mediality of a given media constellation; that is, the specific relations of its elements. With the focus shifted towards mediality, an instrumental view of media that frames them as neutral tools of communication can be bypassed and attention can be shifted to the—often unacknowledged—ways in which certain elements are related to and influence one another as well as how meaning is constituted within these constellations.
While building an understanding of mediality can be considered the primary goal in terms of media education or for a transfer of knowledges and concepts within interdisciplinary contexts, for participants in a particular setting, an analysis of media constellations is usually a means to an end. A teacher might wish to reflect on an experience using certain media technologies in a classroom to gain a better understanding of “what happened,” for instance if the students did not use the chosen media in the proposed way. Two aspects regarding media reflection through MCA should be noted in the light of these adherent objectives.
First of all, the constellation model itself shapes what counts as a goal within the process of media reflection. This is important because, just like the specific media constellations themselves, the model as a tool for analysis is not neutral insofar as it pre-determines to a certain degree what can be said about a given constellation. It is reasonable to suspect that goals formulated by a participant who considers media-neutral tools will focus on the technological aspects of communication, such as whether messages sent between users arrive as intended. Using the media constellation model, different aspects might enter the metaphorical field of vision, but what can be established via analysis is still bound to the dimensions of the model.
On the other hand, participants’ goals also shape what constitutes the constellation in question. Whether, for example, a subject position or certain practices can be considered part of a constellation in a school context depends at times on the teacher and their didactic concept for the situation. Are students allowed to use their phones for research while taking part in a discussion? The answer to this question determines whether smartphones need to be considered a desirable part of the constellation or rather a disturbance to and within it. Thinking about media constellations can thus help both with planning and reflecting on the use of media.
A Participatory Analysis of Media Constellations
The current application of the media constellation model to reflection processes conceptualizes it as a single workshop with a total length of around four hours. It has been conducted mostly via video conferences to date, using the collaborative whiteboard tool Miro for visualization purposes. The current target group are teachers, but shorter workshops are planned for the near future that also involve students. Before being introduced to the media constellation model as a frame of reference, participants are asked about their general and recent experiences teaching with (mostly) digital media technologies in a brief introduction round. The answers to these questions are collected and will be raised as possible problems or topics to reflect on later.
The workshop begins with the participants getting to know the concept and how it can be used as an analytical tool. Following a theoretical introduction into media constellations—sometimes via a remote learning exercise that participants are asked to complete beforehand or as a brief introduction by members of the research team—an exemplary “walk” through the concept of the workshop entails four steps. Before starting out, participants choose a media constellation on which they wish to reflect and which is familiar and/or useful to them in their everyday practice. Here, we pick up on the responses to the current issues of interest shared by the participants beforehand. Examples could be homework with an LMS as mentioned above or challenges in video-conferencing scenarios. This preliminary step may seem straightforward, but it requires some deliberation and usually guidance by moderators. The problems teachers are facing may, for example, be related to several and even locally dispersed media constellations. Naming the constellation suitable for addressing the problems faced is therefore a crucial preliminary step.
In the first step, participants are asked to describe a challenge they experienced in the said constellation and also to name a specific goal they are striving to achieve. As mentioned above, the objectives set in this step also affect the modelling of the constellation itself to a certain degree. Which practices by students can be considered challenging or disruptive is directly related to the goals the teacher sets their students, for example. This normative aspect of media constellations and the often implicit objectives, alongside “just learning” about a certain topic and being able to relay that information, is in itself an important part of the approach.
In the second step, participants describe and list the elements of the constellation in question. They are asked to name all materialities, bodies of knowledge and practices, subject positions, and contents they can think of. The aim here is not to achieve a comprehensive list, but to come to a more differentiated account of the specific elements involved. While some elements may be very obvious, other aspects might only emerge after some discussion. While this step is generally thought to be more descriptive than analytical, mapping a media constellation can be insightful in its own right and is in practice usually accompanied by suggestions from both participants and moderators on the significance of certain elements.
Step three picks up on the challenges and goals named in step one and proceeds to analyse relationships between certain elements that might explain why the challenge arises or help to achieve the stated objective. In practice, this means grouping elements along the grid of the media constellation model and coming up with hypotheses on what their relationship to each other might be. At this stage, more often than not the focus tends to shift back to step two, since thinking about certain challenges might reveal crucial elements that were missing. While they are planned consecutively, steps two and three refer to back to each other many times, which indeed is encouraged by the moderators.
The last step seeks conclusions. What measures should be taken when trying to work within the media constellation in the future? The answers to this last step are often already implicitly stated in step three, when groups discuss the specific relations of elements that are challenging or useful for the stated purpose of the exercise. This often entails considering new learning goals. Certain practices or bodies of knowledge implicitly or explicitly required in a media constellation, for example, in themselves often constitute valuable exercises in media education. Using a search engine is then more than the simple act of finding and extracting information but can be considered a lesson in navigating the complex and ambiguous territories of data and knowledges of the Internet. Or, to give another example based on the vignette in the introduction to this chapter, a reflection on the subject positions for students in an LMS such as Google Classroom might be related to more abstract educational goals and the question as to whether a surveilled “ticket-worker” is a pedagogically and politically desirable way to perceive a student.
The (Participatory) Potential of Educational Media
In regard to education and educational media, the MCA approach can be used on at least three different levels: (a) to reflect on media constellations in their capacity to help teachers and students achieve didactic objectives, (b) to design media constellations together with teachers and students, and (c) to reflect on media constellations in the context of learning scenarios in order to train the media reflection skills of students.
As shown above, the first approach is highly functional in workshops with teachers in which they analyse and reflect on the media they use in class. In a slightly modified variant, it can also be used in workshops with students. Joint workshops with teachers and students, perhaps involving the principal and school management or even parents and ministerial staff, can foster participatory practices in terms of both teaching and school development. When the media constellations are analysed together, all participants can articulate their specific perceptions of the elements and relations in a given media constellation, addressing how they are experiencing the subject position intended for them. In participatory research designs, this kind of knowledge production can provide deep insight into the potential and challenges of educational media. It can also be the basis of a participatory decision-making process about which media constellations a school should seek to establish, which takes us to the level of design.
Considering media through the “lens” of media constellations, it becomes possible to design not only media contents or media technology but to a certain extent also practices and subject positions, as well as the interplay between all these elements. In participatory design processes, teachers and students define a goal together and co-design the elements of media constellations and their interplay. This can begin with any element of a media constellation in the making. Teachers and students could agree, for example, on a certain subject position for the students that the media constellation is to provide. The other elements can then be considered from this perspective: Which material circumstances foster this subject position? Which practices and which knowledges are expected of the students in order that they fit the envisaged subject position?
The approach can also be used to reflect on everyday media constellations in class together with students. Teachers can ask which elements come together while using Instagram or playing Fortnite, for example. What material resources are needed? What practices and knowledges are demanded? What subject position is provided for me and the others? And do I consider these facts desirable or problematic for myself, for others or perhaps for the environment? What are the consequences of participating in a certain media constellation? The media reflection approach that teachers might initially have adopted for their professional use of educational media can easily be used to improve the reflection skills of their students with regard to their everyday media use.
Privacy Risk Analysis and DPIA
When reflecting on (educational) media with the MCA, the focus is on a relatively broad and open approach which can incorporate a diverse set of dimensions into the workshop. The concept of media in the workshop concept presented above is abstract and addresses media as a holistic concept. Another possibility is to address specific perspectives of educational media and corresponding digital services as in the risk workshop of the Data Protection Impact Assessment (DPIA) approach (Friedewald et al. 2022) considered here. The starting point is to consider the technological realization, workflows, and people involved in a digital service which performs a specific task, and to analyse the privacy risks from the point of view of the affected persons. Such a risk-based approach is a key concept of the General Data Protection Regulation (GDPR) (cf. Gellert, 2018).
DPIA: Background and Context
For a long time, there was a social consensus that technical progress was a fundamentally desirable phenomenon. Weaknesses in technical artefacts and systems often had immediate identifiable causes that could be remedied by further technical developments. This optimism around progress was cast into the first shades of doubt in the 1950s and 1960s when the risks of, for example, nuclear power and pesticides became apparent. It became clear that large technical systems in particular not only have potential negative effects on many people, but that in addition to direct effects there are also secondary or rebound effects. A complex variety of factors are involved, and long delays between cause and effect due to accumulation make it difficult to respond effectively to the risks, as seen, for example, in the case of climate change. This was the starting point for technology risk assessment, with the aim to identify the negative consequences before the start of a technological project and to mitigate or eliminate them through technical, organizational, or communicative measures. After risk assessment had long focused on risks to health and the environment, it became clear in the 1990s that data processing was also a “dangerous technology” in the sense that it posed significant risks to a large number of people, if not for life and limb then for fundamental rights. In today’s products and services based on the processing of (mostly personal) data and networking via the Internet, there is a power asymmetry between providers and users, whereby the latter can usually only decide whether they want to make use of offers according to the providers’ rules or not at all. In addition, in the light of increasing cyber-attacks on internet services and their users, it has long been clear that data processing and the Internet are crucial for the functioning of modern society. A comprehensive risk assessment takes all this into account. Since the adoption of the GDPR, it has become mandatory for data processing organizations to conduct a DPIA when the processing “is likely to result in a high risk to the rights and freedoms of natural persons” (Art. 35 GDPR).
At the heart of data protection is the concept of “personal data,” the protection of which is guaranteed as a fundamental right under Article 8 of the Charter of Fundamental Rights (CFR) of the European Union. In Article 4(1) of the GDPR, “personal data” is defined as “any information relating to an identified or identifiable natural person.” Alongside identifiers such as name, address, and identification number, personal data also encompass information that easily allows for the identification of a person via location data, health-related information, photos, video, and audio data. Location-related information can reveal, for instance, where a person lives, works, attends school or university, and also information about friends, relatives, and so on. Political opinion or sexual orientation might be derived from other data using machine-learning. Due to the increasing digitalization of more areas of our lives, we are—as the notion of the postdigital condition implies—almost always surrounded by digital services based on sensors such as web services, health apps, smart speakers, or location-based services. Most of the information processed by these services can be used to derive information about a person.
Article 1(2) GDPR states that it “protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” Other fundamental rights protected by the GDPR include the right to “respect for private and family life” (Art. 7 CFR), “freedom of thought, conscience and religion” (Art. 10 CFR), and “freedom of expression and information” (Art. 11 CFR). Potential harm as a result of mishandling personal data might be, for example, career disadvantages or discrimination, damage to reputation, or the feeling of being “watched” due to video surveillance or web tracking. Some people might also refrain from exercising their rights, such as the right to express their political opinion or visit certain places, for fear of negative consequences.
The methodology presented was developed for the implementation of DPIAs in accordance with Art. 35 GDPR.Footnote 4 The typical context of a DPIA is the processing of personal data for a digital service for which there is a concept (definition of a processing purpose, the processing steps, and the data required for the processing) and possibly a technical implementation. The accompanying workflows and the stakeholders with a connection to the digital service are also established. The aim of a DPIA is to take a holistic view of “digitization.”
A Participatory Analysis of Privacy Risks
Identifying and analysing privacy risks in a participatory workshop in the context of a DPIA requires an approach involving stakeholders from very different backgrounds, including those without in-depth legal and technological expertise. A participatory approach is important since privacy risks pertain to the rights and freedoms of natural persons and need to be investigated from the point of view of the affected person (in legal terminology: the “data subject”). Participation in this activity allows individuals to reflect on privacy risks from their personal perspective in an interactive workshop. Individuals can be affected in different roles, as employees, as consumers or, as in this case, as teachers and students. They can also be affected in multiple roles, for instance as agents of a company that collects data about others and, simultaneously, as employees whose data is processed by that same company. The context of the workshop is an activity encompassing the processing of personal data. Examples of such a processing activity might be video surveillance, a workflow management system, an LMS, or a location-based service in a specific context. The analysis of privacy risks is always dependent on the specific context.
In order to define and implement technical or organizational countermeasures to address the privacy risk, the key challenge is to understand what such a potential risk is and what the potential harm or damage might be should it occur. To this end, a scenario-based approach discusses a specific case from the participants’ daily use as the basis for the study. Privacy risks for students in an LMS-based learning scenario can potentially result from tracking and metadata analysis employing machine-learning. Machine-learning approaches can be used, for example, to predict student performance (Kim et al., 2018), which could lead to incorrect classifications and wrong perceptions by teachers (O’Neil, 2016, Ch. 3). Greater awareness is therefore required of the need to reflect critically on machine-learning classifications. Further privacy risks might arise when cloud services are used in the context of the LMS where it is not sufficiently transparent to what extent data and metadata might be used for additional purposes.
These scenarios were jointly identified and described by the DPIA team, which comprised a moderator and members with expertise on data protection and on the context under investigation. In the context of a DPIA, the latter would be those working in the application area or who are affected by the data processing. Potential damage is identified for the scenarios and the analysis investigates what might trigger this damage and examines the nature of the causal chain (see Fig. 8.2).
Analyzing privacy risk
The first step is to identify whose data is being processed and what kind of personal data are incorporated. This includes immediately identifying information, including names, location data, health data, or even log data revealing details pertaining to the identity of a natural person using digital services in a learning or work context. Based on this information and the scenario description, a discussion ensues as to what might be potential damage or harm based on the scenario for the affected person. It is then important to analyse how the potential damage might be caused. This could include technical aspects such as access to data or systems, technical defects, processes and stakeholders, such as people using data outside the initially intended application area. Since all these potential effects are important for defining adequate risk mitigation measures, these elements and persons need to be identified. Persons in this context are referred to as “actors” or “stakeholders.” Workflows or technical aspects are referred to as elements triggering harm or damage.
For people with only limited expertise in privacy and legalese, it is usually difficult to identify and describe in detail potential harm caused by the processing of personal data. For this reason, we used the concept of data protection goals which translate the data protection principles formulated in Art. 5 GDPR into five objectives that are more generally comprehensible and more easily applicable in workshops (see Fig. 8.3). Data protection goals are also part of the Standard Data Protection Model developed and recommended by the Conference of the Independent German Federal and State Data Protection Supervisory Authorities (SDM, 2020), defined in the following:
Data protection goals
-
Data Minimisation stands for the principle of necessity, according to which no more personal data are to be processed than are needed to achieve the purpose.
-
Availability refers to the requirement that personal data must be available at any time and can be used properly in the intended process.
-
Integrity stands for the requirement (a) that IT processes and systems continuously comply with specifications and (b) that the data to be processed remain intact, complete, and up-to-date.
-
Confidentiality means that no person is allowed to access personal data without authorisation.
-
Unlinkability is the requirement that data shall be processed and analysed only for the purpose for which they were collected.
-
Transparency means that the data subject, system operators, and supervisory authorities must be able to understand the how and why of any data processing.
-
Intervenability finally refers to the requirement that data subjects can actually exercise their rights of notification, access, rectification, blocking, and erasure at any time. (Friedewald et al., 2022, p. 430 f.)
It is important to note that these objectives are highly interdependent and sometimes in conflict with each other. For instance, data cannot be both completely confidential and available at the same time (goals on opposite sides in Fig. 8.3 are generally contradictory).
Participation in the workshop described above can change how an affected person reflects on data and privacy within their postdigital everyday practices, and lead to their having a say in decision-making processes concerning the implementation and use of data processing systems. In the example of an LMS that predicts a student’s performance, such a workshop could have two outcomes: first, that students and teachers become aware of what data are processed in order to make a prediction and that it is only a statistical probability that the prediction will actually occur; and second, that if a decision based on the prediction will have a significant impact on the student, it will be important to uphold transparency or perhaps even to refrain from using the prediction altogether. At this point, however, it is also necessary to point out the fundamental limits of participation. First, there is the question as to whether genuine participation is really possible within the contexts considered here, determined as it is in any structured process by defined roles. The implementers of this process determine a priori what will or will not be negotiated and with whom within the participation framework. Ideally, the organizers see themselves as “honest brokers” and aim to give all participants the best possible opportunity to get involved. In many cases, however, they will also have their own interests or have to represent the interests of certain stakeholders, an aspect that only underlines further the ambivalence of placing the responsibility for conducting a DPIA with the actual data controllers or companies. Second, there are inevitable differences in participants’ knowledges, especially when involving different stakeholders. Lawyers and technicians, for example, will always have an advantage in DPIAs over those from other backgrounds, because they will be familiar with the relevant technical details and legal terminology. Under these circumstances, it will hardly be possible to guarantee the participation of those without such qualifications, at least not on an “equal footing.” Finally, there is the practical problem of how to obtain such comprehensive information or assessment within a limited timeframe in order to design a technical solution that will minimize conceivable risks to citizens’ rights and freedoms (see Schiering et al., 2020; Weinberger et al., 2021).
The (Participatory) Potential of Educational Media
In recent years, digital services have been increasingly used in the context of education, in administration, video conferencing, Learning Management Systems (LMS), or other specific learning applications. Based on information processed such as answers to questions, login times, clicks, and so on, further details can be derived via learning analytics and machine-learning. A DPIA workshop on risk can thus be applied in schools on different levels: (a) in terms of participatory reflection and decision-making around the introduction of digital services in education, such as learning apps, LMS or administrative systems in the sense of a DPIA; (b) it can also be used to raise awareness of privacy and security issues in the context of digital services in general. The main difference, and therefore constraint, between the classic DPIA and an adapted DPIA workshop in an education context as specified in (b) is that the focus is not on a specific, planned data-processing activity, but rather typical digital services in education are analysed as use cases in the context of the workshop.
For both (a) and (b), we propose beginning the workshop with a prolonged introduction to the envisaged processing operation with a focus on the end user’s individual perspective. As in an education context the majority of the team is usually unfamiliar with processing operations, we propose a narrative approach with which to introduce the user interaction in the envisaged processing operation. For the identification and the analysis phases, it is essential to streamline the workshop as compared to the more open classic approach. To this end, detailed boards can be prepared for the team members to fill, perhaps with detailed instructions that help them phrase their perspectives, as compared to the more discussion-focused classic approach with a team of experts.
Comparing and Combining
Similarities and Differences
The workshop concepts detailed above originated in very different fields. In this section, we will outline similarities and differences between them in order to identify potential synergies in combining them. In terms of the notion of the postdigital, both approaches share the basic assumption that our everyday lives are fundamentally entangled with digital systems and media. At the same time, their analytical focus is not limited to the digital as they also take analogue elements into account, inquiring as to their interplay.
Both workshop concepts share similar objectives, seeking to identify relevant elements of a given context, to analyse them and their interplay from the participants’ point of view, and to find measures with which to improve the context for them. Within the workshops, both approaches introduce their specific context, which is unique for each of them. In the case of the MCA workshop, the context is a given media constellation in a classroom situation, while in the case of the DPIA workshop, it is an envisaged processing of personal data as described by the GDPR in any context including, but not limited to, educational media. In both cases, participants with a little specialized knowledge with regard to privacy and data protection as related to media are given a brief introduction to these fields. This is followed by an identification of the fundamental elements of the given context as well as a deeper analysis of the elements and their interplay. In this phase, the participants contribute rich and highly valuable knowledges from their everyday practices within the given context in both of the workshops. Apart from their main goals, both workshops raise the awareness of non-experts of a field that permeates their daily lives. The media constellation workshop seeks to raise the participants’ awareness of the media that surround them, while the DPIA workshop fosters participants’ awareness concerning privacy risks.
Despite these similarities, some aspects differ between the two approaches. Whereas the MCA is open to all kinds of aspects that might be of interest for the participants in terms of the elements of a media constellation, the DPIA focuses inherently on privacy risks within the existing legal provisions. And while the MCA might mostly be focused on challenges, dysfunctionalities, or political and ethical issues that arise within media constellations, it neither specifies a particular group of problematic topics nor does it exclude the analysis of good practice examples per se. The aim of the DPIA, on the other hand, is to identify and analyse privacy risks and to eliminate or mitigate these risks via adequate measures. The GDPR and the data protection goals integrated in the SDM is oriented to external norms, whereas the MCA is primarily analytical and elicits norms that are inscribed into educational media and the participants’ practices, values, and goals. And while the DPIA primarily inquires as to how (personal) data are found or collected, the MCA focuses on how data are made within media constellations.
A DPIA workshop is built upon specific questions defined by the legal provisions and encourages the participants to answer these, which gives the workshop a fixed structure. By contrast, the media constellation workshop is designed around open questions which are discussed and in part also raised by the participants. These aspects render the MCA a rather vague, and the DPIA a more focused endeavour.
Finally, the underlying theoretical concepts differ: the DPIA is based on concepts from legal discourses and digitization, such as natural persons, contracts, data subjects, stakeholders, risks, damages, processing operations, data (flows), and measures. The MCA, on the other hand, is based on concepts from (poststructuralist) media and cultural theory, such as mediality, knowledges, practices, materialities, content, and subject positions.
However, one inherent weakness of DPIAs is obvious: they tend to be limited in scope due to their specific legal regulations, and usually only focus on data protection risks. This blind spot has occasionally been criticized; the GDPR states that it “protects fundamental rights and freedoms of natural persons” (Art. 1(2)), and not just their personal data (Hallinan & Martin, 2020; Bieker & Bremert, 2020). In this narrow interpretation, however, there is a danger that important risks such as discrimination, which are caused by the asymmetry of power between data controller and data subject, remain unnoticed by a DPIA.
(Potential) Synergies Through Combination
One promising opportunity lies in focusing on privacy in a MCA based on elements of the DPIA. This would mean constructing a privacy-related scenario (DPIA) based on the analysis of a media constellation (MCA). In a first step, the MCA would outline the constellation by identifying the relevant materialities, knowledges/practices, contents, and subject positions as well as their interplay. To return to the vignette on homework and LMS from the beginning of this chapter, this would mean taking into account the servers, routers, network connections, tablets, smartphones, the software and its interface, the tasks, the students’ results, the metadata (such as timestamps), the teacher’s feedback, knowledge about homework, practices of submitting, checking, and giving feedback as well as the subject positions of an all-seeing supervisor and feedback-giver on the one hand and the subject positions of the supervised and controlled task-workers on the other. The DPIA would now focus on a concrete privacy-related scenario within this constellation; for example, the fact that the teacher might see that a student submitted their homework at 2 a.m.
In a combination of MCA and DPIA, the submitted homework and the metadata would be seen as content that came into being because of a certain media constellation from the perspective of the MCA (and has thus not merely been “collected” as the GDPR would assume). In the DPIA approach, this would be framed as personal data (DPIA). The practices (MCA) of handing-in, submitting, checking, and correcting homework as well as giving feedback would be taken into account as data processing (DPIA). The subject positions (MCA) of the teacher and the students could be framed as data subjects and stakeholders (DPIA). If the LMS is Google Classroom or another proprietary system, the corporation as a kind of corporate subject position (MCA) would also be considered as a stakeholder (DPIA). The materialities (MCA) of the technological infrastructure such as tablets, servers, routers, network connections and so on, as well as the software as the content (MCA) and practices (MCA) of teachers, students, and the provider of the LMS would be analysed in terms of the processing operations (DPIA).
Constructing damage scenarios (see Fig. 8.4) and taking into account the participants’ perspectives on privacy-related risks (DPIA) could provide insight into the knowledges (MCA) that might inform their media practices (MCA), for example, whether or not the student considers the teacher’s ability to monitor when homework has been submitted as a privacy violation. This can help to bridge the gap between knowledges about and attitudes towards privacy and actual behaviour, which has been referred to as the “privacy paradox” (Dienlin & Trepte, 2015; Coopamootoo & Groß, 2017). By adapting input on privacy goals (DPIA), the media reflection can be connected to a normative framework that is either taken for granted or itself reflected upon as knowledge (MCA).
A damage scenario
The potential of this combination for enhancing the MCA lies in taking advantage of the clear focus of the DPIA and reframing it for a broader cultural reflection instead of for legal and organizational consideration. For educational media in the postdigital condition, it would enable the participants to reflect on privacy issues in the context of LMS or learning apps, for example, while putting them into the context of their everyday media practices and the roles they play as subjects in the educational media constellations in which they are involved.
But this integration would not only benefit the MCA, but also the elements of the risk workshop from the DPIA, as it relates the risks to additional aspects based on components and interplays from MCA. This means that the digital systems, the processing operations, the data flows, and the data processing (DPIA) would be interpreted as parts of an interplay that creates a symbolic sphere and therefore meaning (MCA). So the scenarios would not only be assessed in terms of legal (DPIA) but also cultural and political (MCA) issues. To return to the homework/LMS scenario discussed above, this would involve the question as to how power relations between students and teachers change, what kinds of (self-)images of teachers (as supervisors) and students (as supervised) are inscribed as subject positions (MCA) within the software and how they unfold within actual practices (MCA) in which the processing operation (DPIA) is taking place. While the risk assessment in the DPIA workshop already touches on these questions, an MCA would provide a frame to render them explicit in different terms. The data subjects and stakeholders (DPIA) would not be conceptualized as given natural persons but as products of subject positionings (MCA) and therefore power relations that go along with certain agency and affordances. This could specify roles, mentioned above in relation to the DPIA, from a media studies point of view. Data processing (DPIA) in Google Classroom would be framed as a (media) practice (MCA) with not only legal (DPIA) but also cultural (MCA) relevance in terms of school culture and a change in deciding which mark each student is given. For educational media in the postdigital condition, it would enable the participants to reflect on not only legal and digital components within a scenario, such as in the context of LMS or learning apps, but also the cultural (teaching and learning) practices, and the production of knowledges and meanings as well as on their own position as subjects. Additionally, integrating elements of a DPIA into an MCA would allow for reflections that would not even take place within a classic DPIA. To return to the vignette, for instance, and assuming that the LMS is Google Classroom, the use of the system in schools is not even possible from a legal point of view and therefore would not be a suitable case for a DPIA. An MCA, in contrast, is not limited in this way but can and should also focus on legally problematic media constellations.
Such a synthesis has the potential to raise not only awareness of privacy and data protection, but also to address the discrepancy between knowledge and action. Combining legal, technological, and (media-) cultural aspects might lead to a more comprehensive reflection that relates everyday media practices to the design of systems and services and thus the opportunity to shape both as parts of a postdigital condition that takes the participants’ needs and values into account.
Enriching a DPIA with elements of an MCA could also remedy the blind spot of a DPIA in the narrower sense and shift in the direction of a “Privacy Impact Assessment” (PIA) as was discussed before the adoption of the GDPR (Wright & de Hert, 2012). These aim to uncover unknown properties and risks of a technology or system, are not limited to data processing, and assess not only data protection and privacy aspects but also ethical, economic, and security considerations. Although they do not fulfil the legal requirements for a DPIA, they can provide important impulses for social and political discussion (Friedewald, 2017).
Conclusion and Outlook
This chapter has introduced the MCA and the DPIA as two possible approaches for reflecting on and shaping certain aspects of educational media within the postdigital condition in a participatory manner. While both are valuable in their own right, a combination of the two generates synergies by integrating the perspectives and expertise of media studies, digitization, and data protection. In order to evaluate how far these synergies can be made productive, further research is required in participatory research into media constellations that are potentially harmful for the privacy of the persons involved and that implements interdisciplinary co-design and, ideally, also the interdisciplinary co-facilitation of workshop concepts. Additionally, other approaches such as design justice or design thinking could be taken into account for further synergies in interdisciplinary constellations.
Notes
- 1.
- 2.
This introduction to the approach is closely based on Weich (2023).
- 3.
Modelling media as integrated in or consisting of heterogeneous interconnections and analysing these interconnections is by no means new. Leschke writes, for example, with reference to McLuhan: “The basic assumption, namely that heterogeneity, but especially materiality and idea, social practice and theory are institutionally, aesthetically, and functionally coupled, was in this respect not a surprising insight for media studies, but a simple condition of its existence” (2015, p. 76). In this respect, the media constellation model and media constellation analysis connect to an established figure of thought in media studies. As stated elsewhere, in contrast with other media studies approaches such as the dispositif (in terms of an apparatus), this approach avoids the assumption that “the” video conferencing dispositif exists in the same way as there is “the” cinema dispositif as a medium, in favour of a more differentiated perspective and the opportunity to conceptualize complex and variable interconnections. In contrast to a broader and more Foucauldian understanding of a dispositif, it also avoids the suggestion that there is a general applicability or a strategy and urgency as Foucault did for sexuality, for example (although the question of urgency seems promising in this case as well). An Actor-Network-Theory approach would not allow subject positioning to be taken into account due to a different underlying ontology. Framing video conferences as situations, on the other hand, would not address the question of media or mediality as such. At the same time, the term mediality itself remains abstract as it only addresses the distinctions and distinctiveness of certain media without addressing what to look at when analysing it. The media constellation approach offers groups of elements and relations that can be used for a heuristic analysis of this or their specific mediality.
- 4.
References
Barad, K. (2005). Posthumanist performativity: Toward an understanding of how matter comes to matter. In C. Bath, Y. Bauer, & B. B. von Wülfingen (Eds.), Materialität denken. Studien zur technologischen Verkörperung—Hybride Artefakte, posthumane Körper (pp. 187–216). Transcript.
Bieker, F., & Bremert, B. (2020). Identifizierung von Risiken für die Grundrechte von Individuen: Auslegung und Anwendung des Risikobegriffs der DS-GVO. Zeitschrift für Datenschutz, 10(1), 7–14.
Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., & Rost, M. (2016). A process for data protection impact assessment under the European general data protection regulation. In S. Schiffner, J. Serna, D. Ikonomou, & K. Rannenberg (Eds.), Privacy technologies and policy. APF 2016 (Vol. 9857, pp. 21–37). Springer (LNCS. https://doi.org/10.1007/978-3-319-44760-5_2
Burkhardt, M. (2015). Digitale Datenbanken. Eine Medientheorie im Zeitalter von Big Data. Transcript.
Coopamootoo, K. P. L., & Groß, T. (2017). Why privacy is all but forgotten. Proceedings on Privacy Enhancing Technologies, 2017(4), 97–118. https://doi.org/10.1515/popets-2017-0040
Couldry, Nick. (2008). Actor network theory and media: Do they connect and on what terms? In: Hepp, Andreas/Krotz, Friedrich, Moores, Shaun, & Winter, Carsten (Eds.), Connectivity, networks and flows: Conceptualizing contemporary communications, : Hampton Press, Inc, 93–110.
Dienlin, T., & Trepte, S. (2015). Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors. European Journal of Social Psychology, 45, 285–297. https://doi.org/10.1002/ejsp.2049
Franzke, A. S., Muis, I., & Schäfer, M. T. (2021). Data ethics decision aid (DEDA): A dialogical framework for ethical inquiry of AI and data projects in The Netherlands. Ethics and Information Technology, 23, 551–567. https://doi.org/10.1007/s10676-020-09577-5
Friedewald, M. (2017). Datenschutz-Folgenabschätzung: Chancen, Grenzen, Umsetzung. TATuP: Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis, 26(1–2), 66–71. https://doi.org/10.14512/tatup.26.1-2.66
Friedewald, M., Schiering, I., Martin, N., & Hallinan, D. (2022). Data protection impact assessments in practice: Experiences from case studies. In S. Katsikas et al. (Eds.), Computer security. ESORICS 2021 international workshops (pp. 424–443). Springer. https://doi.org/10.1007/978-3-030-95484-0_25
Gellert, R. (2018). Understanding the notion of risk in the general data protection regulation. Computer Law & Security Review, 34(2), 279–288. https://doi.org/10.1016/j.clsr.2017.12.003
Hallinan, D., & Martin, N. (2020). Fundamental rights, the normative keystone of DPIA. European Data Protection Law Review, 6(2), 178–193. https://doi.org/10.21552/edpl/2020/2/6
Kerssens, N., & van Dijck, J. (2022). Governed by Edtech? Valuing Pedagogical Autonomy in a Platform Society. Harvard Educational Review, 92(2), 284–303. https://doi.org/10.17763/1943-5045-92.2.284
Kim, B. H., Vizitei, E., & Ganapathi, V. (2018). GritNet: Student performance prediction with deep learning. arXiv preprint arXiv:1804.07405.
Krämer, S. (1998). Das Medium als Spur und Apparat. In S. Krämer (Ed.), Medien, Computer, Realität. Wirklichkeitsvorstellungen und Neue Medien (pp. 73–94). Suhrkamp.
Leschke, Rainer. (2015). “Die Einsamkeit des Mediendispositivs in der Vielheit der Medien.” Zur Logik des Wandels von der Ordnung des traditionellen zu der eines post-konventionellen Mediensystems. In: Othmer, Julius, & Weich, Andreas (eds.): Medien—Bildung—Dispositive. Beiträge zu einer interdisziplinären Medienbildungsforschung. : Springer VS, 71–85.
Macgilchrist, F. (2020). Digitale Bildungsmedien: Diskurse und deren Wirkkraft in der Corona-Pandemie. Lernende Schule, 91, 14–19.
Macgilchrist, F. (2021). Theories of Postdigital heterogeneity: Implications for research on education and datafication. Postdigital Science and Education, 3, 660–667. https://doi.org/10.1007/s42438-021-00232-w
Martin, N., Friedewald, M., Schiering, I., Mester, B., Hallinan, D., & Jensen, M. (2020). The data protection impact assessment according to article 35 GDPR: A practitioner’s manual. Fraunhofer Verlag. https://doi.org/10.5281/zenodo.3855149
McLuhan, M. (2003[1964]). Understanding media: The extensions of man. Corte Madera, CA: Gingko Press.
O’Neil, C. (2016). Weapons of math destruction: How big data increases inequality and threatens democracy. Penguin Books.
Schiering, Ina/Friedewald, Michael/ Mester, Britta A./ Martin, Nicholas/Hallinan, Dara. (2020). Datenschutz-Risiken partizipativ identifizieren und analysieren: Tests zur Datenschutz-Folgenabschätzung in Unternehmen und Behörden. Datenschutz und Datensicherheit 44(3), 161–165. https://doi.org/10.1007/s11623-020-1243-y.
Schüttpelz, E. (2013). Elemente einer Akteur-Medien-Theorie. In E. Schüttpelz & T. Thielemann (Eds.), Akteur-Medien-Theorie (pp. 9–37). Transcript.
SDM. (2020). The Standard Data Protection Model: A method for Data Protection advising and controlling on the basis of uniform protection goals. Version 2.0b. Conference of the independent data protection authorities of the Federal and State Governments of Germany. https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V2.0b.pdf
Striano, F. (2019). Towards “post-digital”. A media theory to re-think the digital revolution. Ethics in Progress, 10(1), 83–93. https://doi.org/10.14746/eip.2019.1.7
Weich, A. (2020). Digitale Medien und Methoden: Andreas Weich über die Medienkonstellationsanalyse. Open-Media-Studies-Blog, 16.06.2020. https://www.zfmedienwissenschaft.de/online/open-media-studies-blog/digitale-medien-und-methoden-weich
Weich, A. (2023). Medienkonstellationsanalyse. In S. Stollfuß, L. Niebling, & F. Raczkowski (Eds.), Handbuch Digitale Medien und Methoden. Springer VS.
Weinberger, N., Woll, S., Kyba, C. C. M., & Schulte-Römer, N. (2021). The value of citizen participation in technology assessment, responsible research and innovation, and sustainable development. Sustainability, 13, 11613. https://doi.org/10.3390/su132111613
Winkler, H. (2004). Mediendefinition. Medienwissenschaft—Rezensionen, Reviews., 1(04), 9–27.
Winkler, H. (2008). Zeichenmaschinen. Oder warum die semiotische Dimension für eine Definition der Medien unerlässlich ist. In S. Münker & A. Rösler (Eds.), Was ist ein Medium? (pp. 211–221). Suhrkamp.
Wright, D., & De Hert, P. (Eds.). (2012). Privacy impact assessment. Springer. https://doi.org/10.1007/978-94-007-2543-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Weich, A., Schiering, I., Friedewald, M., Deny, P., Priedigkeit, M. (2023). Let’s Figure It Out: Participatory Methods for Reflecting on Educational Media in a Postdigital World. In: Weich, A., Macgilchrist, F. (eds) Postdigital Participation in Education. Palgrave Studies in Educational Media. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-031-38052-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-38052-5_8
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-031-38051-8
Online ISBN: 978-3-031-38052-5
eBook Packages: EducationEducation (R0)