Skip to content

How do I comply with legal consent requirements?

Objectives and content of this instruction

As the author of a course that involves working with sensitive data, you need legal protection. This raises the following questions:

Target group

[x] Authors [x] Coaches [ ] Participants

[x] Beginners [x] Amateurs [x] Experts

Expected previous knowledge

Case study of a teacher

As the instructor of a course on "Managing Patient Data," you are aware that all course participants will be handling sensitive data. It is therefore essential that all participants sign a written data protection agreement.

Since part of this internship takes place online, you want to ensure that, as the course instructor, you cannot be held liable for data protection violations in your course.

How do you proceed?

Below is a description of the available OpenOlat tools and their intended uses.

To the top of the page ^

Clarification 1: Objective

Determine which terms of use and privacy policies course participants must agree to. For example:

WHAT?

  • Do students have to submit an "affidavit"?
  • Is it necessary to submit a statement confirming that the submitted work was completed independently?
  • Is an NDA required?
  • Do specific consents regarding use and data sharing need to be confirmed?
  • ...

WHEN?

  • Do consents need to be obtained before participants can access certain content?
  • Do consents need to be obtained only when specific content is accessed? For example, before or after participants take exams, submit assignments, etc.
  • ...

To the top of the page ^

Clarification 2: OpenOlat Platform

The first time you open OpenOlat, all users are asked to accept the Terms of Use and Privacy Policy. You can review them here:

  • What has already been confirmed by all users of the OpenOlat platform?
  • Would corrections need to be made at this stage?
  • What additional consents need to be obtained given the particularly sensitive nature of your course?

All users can review the Terms of Use and Privacy Policy, which they have previously agreed to, at any time in their personal menu:
Personal Menu > Settings > "Terms of Use" tab

Information about the OpenOlat platform's Terms of Use and Privacy Policy, as well as the confirmation required from OpenOlat users upon their first visit, can be found here: OpenOlat Platform Terms of Use >.

To the top of the page ^

Clarification 3: Rights within OpenOlat

Within OpenOlat, you collaborate with many different people. These include administrative roles such as user administrators, learning resource administrators, and system administrators, among others, who may have access to your sensitive course content due to their roles.

In OpenOlat, you can therefore set restrictions for these administrative roles under Administration > Modules > Data Protection.

You can specify which system roles are allowed to view administrative user properties—for example, during account searches or in lists—and which user properties are considered administrative.

If you have any questions, please contact your administrator.
You can find more information here: Data Protection Module (Administration)

To the top of the page ^

Clarification 4: Course

Does it turn out that additional consent must be obtained from all participants specifically for your course?

OpenOlat also allows you to create course-specific terms of use. As a course owner, you can obtain consent for your course under Administration > Settings > "Terms of Use" tab.

You can find more information here: Terms of Use for a Course >

To the top of the page ^

Clarification 5: Course internal areas

In learning path courses, you can also use the learning path’s features to restrict access to certain content or obtain participants’ consent in advance.

Using the learning path settings (Course Editor > Select course blocks > Learning Path tab), you can, for example, make a page containing information on data protection and data use mandatory. Participants must then confirm that they have “completed” this page before they can access the subsequent course blocks in the course menu.

The learning path feature also allows you to use exception rules to configure a course module so that it is visible only to specific groups of people.

To the top of the page ^

Clarification 6: Individual course elements

If privacy policies or notices apply specifically to individual course elements, OpenOlat also provides options within those elements for obtaining consent from course participants.

Example: Course element task
The Course Element Task has its own workflow. It consists of several steps, ranging from the task prompt to uploading answer documents, providing feedback, and viewing the sample solution.
You can use the task assignment feature, for example, to create a message for participants with relevant instructions. ("By downloading this assignment, you agree to ...")
In the "Submission" step, the task instructions can be set as a template. A consent form could also be included this way. ("By uploading your files, other people may be able to view ... Please therefore check ...")

Example: Course element Checklist
In the "Checklist" course module, you can add checkboxes for required confirmations. Points can also be awarded that count toward passing the course. A checklist that has been "passed" can then be used as one of the criteria for passing the entire course.

To the top of the page ^

Clarification 7: Forms

When filling out a form, the information entered may require participants to accept the terms of use. For this reason, the "Form" learning resource includes a dedicated content element that authors can insert using the form editor.

Terms of use of a form >

To the top of the page ^

Clarification 8: External tools

If external tools are used—that is, programs that are not part of OpenOlat itself but are integrated into it—OpenOlat has no way of verifying whether data transmitted to these tools is stored elsewhere or used for other purposes.

Example: Office Programs
For example, if Microsoft products such as Word, Excel, and PowerPoint are to be used and have been set up by administrators after obtaining the necessary licenses, users can collaborate on the same document. While collaborating, the files are stored on Microsoft servers and not in OpenOlat. You should simply be aware that this may have implications under data protection laws.

Example: Course Module – External Page
The "External Page" course module can transmit data about the current account to the external system via the HTTP header of the request in order to implement certain learning scenarios (username, email, first name, last name, and the user's current IP address). In System Administration > Modules > External Page, administrators can specify whether this data should be transmitted or not. Alternatively, this setting can also be configured under Administration > Modules > Privacy > "Data Transmission for External Page Course Block" section.
However, OpenOlat has no control over what happens to this data on the external site.

In OpenOlat, all external tools are configured under (System) Administration > External Tools > ....

To the top of the page ^

Clarification 9: Connected platforms

With OpenOlat, it is possible to access courses that are technically hosted on a different platform (another OpenOlat instance or another LMS). The technology for this is provided by the LTI connection. This is similar to an external page. However, it is not just a single page, but entire courses that appear as if they were part of your own LMS.

Data is also exchanged between the connected platforms—subject to strict security measures. It may also be necessary to determine whether additional information and consent from participants are required for particularly sensitive data.

To the top of the page ^

Checklist

  • What general consents did participants already have to provide in order to use the OpenOlat learning platform?
  • I have read and understood the General Terms of Use and the General Privacy Policy.
  • All course participants have already agreed to the General Terms of Use and the General Privacy Policy.
  • Are additional course-specific explanations required?
  • Are the texts for the course-specific explanations available?
  • Have the course-specific explanations already been integrated into the OpenOlat course?
  • Are they integrated in such a way that the course cannot be modified without prior consent?
  • Do the consent forms need to be filed and archived somewhere?
  • Are forms being used? Should a statement regarding the terms of use be included there?
  • Does the course use external tools that access other external servers?
  • Is separate consent required for these external tools?
  • Are courses shared with other learning platforms via LTI? Are there any legal issues regarding data transfer to or from those platforms?

To the top of the page ^

Further information

Terms of use >
Terms of use: OpenOlat Platform >
Terms of use: Course >
Terms of use: Form >
Terms of use: External tools >
Terms of use: User management >
Module Data privacy (Administration) >

To the top of the page ^