a) Understanding and engaging with legislation

The Public Sector Bodies (Websites and Mobile Applications) (No.2) Accessibility Regulations 2018

As part of UCL’ institutional response to The Public Sector Bodies (Websites and Mobile Applications) (No.2) Accessibility Regulations 2018 I was one of a number of colleagues within the Digital Education and Digital Accessibility team who collaborated to create the Acessibility Fundamentals guidance and the more detailed content specific content for the Creating Accessible Content webpages. In addition, I delivered a number of initial briefing sessions to colleagues across the institution and practical training sessions focusing on MS Office applications.

Prior to the regulations I had been proactive in trying to make any materials that I created as accessible as possible. This has been part of my practice since qualifying to teach in 2004. During my secondary teaching career I initially worked in a school with a specialist hearing impairment unit and throughout taught students that are neurodiverse, amending teaching plans and resources accordingly.

Digital technologies can either be inclusive or exclusive in their design and application. This was of concern to me in the Spring of 2020 when there was initally emergency remote teaching, then a more strategic approach to teach online for the 2020/21 academic year alongside the requirement for as many staff as possible to work remotely. In response I wrote the following blog posts:


There are parts of my personal practice that could be improved regarding digital accessibility, I do sometimes do things in a quick and dirty way. However, if I’m aware that I will be sharing the resources I do work on making improvements. Most of they principles are embedded in my practice as they been added over time and were part of my professional requirements.

In my role as an FLTL I have found promoting and reminding colleagues about digital accessibility requirements a tricky balancing act. I want to support, and be seen to be supporting, innovative pedagogy using new tools, but at the same their a legal and, in my mind, moral imperative to not knowingly role out en mass tools and systems with known accessibility issues. These are sometimes in conflict. It has been commented informally, that I sometimes push the digital accessibility agenda a little too hard.

Something I need to work on is finding ways to encourage the creation of more digitally accessible resources and tool selection, without being seen to be negative when I raise queries about what is planned or has been created. If digital accessibility is to be embedded, then it needs to have buy-in. To have buy-in, it needs to be seen as a positive, not a burden.

UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018

GeekGirlMeetupUK Conference 2016 schedule
GeekGirlMeetupUK Conference 2016 schedule
Email reminder to update IG Framework requred training
Email evidence requirement for additional training
Screen capture of training record showing GDPR training completed
Training record showing completion of mandatory GDPR training









GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. At the time of adoption I was on secondment to the Information Security Group as Senior Information Security Officer (Awareness). As part of my role I needed to be aware of the new regulation and how it differed from the previous legislation, Data Protection Act 1998. In November 2016 I gave a talk at the GeekGirl MeetUp conference titled: Data, Ethics and the Law. The talk incorporated and overview of both the DPA 1998 and GDPR.

As the Exploring Learning Analytics project that I worked on upon returning from secondment, and my subsequent research utilise personal data, and potentially sensitive personal data. it has been important for me to have a good understanding of GDPR and data protection processes. For the Exploring Learning Analytics project I collated and combined student data from a range of data sources. As this potentially could have identifed individual students, and potentially sensitive data about the students I requested use of UCL’s Data Safe Haven facility for storing and working on the data. In order to be collect the personal data my project(s) were registered with UCL’s Data Protection Office, were subject Research Ethics Committee review and additional information governance training was undertaken.

In addition to my research activity I also review and provide guidance to colleagues on GDPR with regards to learning technologies they wish to use. This is particularly important due to the power dynamics at play with regards to staff and students. If staff are requesting students to sign-up for an online service as part of a taught module, it is difficult for students to truly give informed consent. It is therefore especially important that these services are GDPR compliant and only gather data that is truly neccesary.


My experience of being seconded to UCL’s Information Security Group and my understanding of GDPR frame my approach to handling data. It also affects how I select which technologies and choose to use and those I recommend to colleagues. I’m very mindful of the power imbalance of requesting students to create accounts for various things such as Twitter, as it makes it difficult for students to truly give informed consent.

It very much fits into broader ethical considerations of learning technologies and relates to this statement in Edinburgh’s Manifesto for Teaching Online: “Online courses are prone to a culture of surveilance. Visibility is a pedagogical and ethical issue.” I would argue that this is also true for many digital platforms, cookie tracking is a form of surveillance. Should we be subjecting our students to this surveillance?