Disclosure: I am an Assistant Professor at the University of Zurich. I believe it is in the general interest for this topic to be more widely known (at least of the population of the Zurich canton, which is technically my employer). While this post could be seen as damaging to the University of Zurich, it should on the contrary be seen as a vigorous endorsement of the excellent work conditions enjoyed here by academics, and in particular the strong emphasis on academic freedom (written in the Swiss constitution).

I have previously written about my dual complaint to many European data protection authorities concerning data protection issues in Massive Open Online Courses, and specifically the U.S. company Coursera. The complaint was twofold, as it involved my personal case and a more general request to investigate this new global business around educational data, and surrounding transatlantic data transfers.

Today, I received a response from the data protection authority of the canton of Zurich. The first part of the letter signals that it is really up to the federal authority to address my personal complaint and to investigate the Coursera side of things, since Coursera is a private company.

The second part of the letter, on the other hand, informs me that their office is tasked with data protection issues for public bodies, and that the University of Zurich, a Coursera partner, is in their jurisdiction. The letter is also pretty clear in the outlook of the Zurich authority on MOOC data transfers:

[W]e share your concerns with regard to the emergent market of MOOCs and the processing and growing use of educational data.

In light of those concerns, the Data Protection Authority is thus now asking the University of Zurich and its Data Protection Officer many questions, listed below.

The scans of the originals are available here.