Information Age recently ran a story about the University of Newcastle trialling automated roll-call technology that uses student's mobile phone location to mark class attendance.

University technology projects such as these should prompt questions about informed consent and privacy for an essentially captive group and the possible unintended consequences of the implementation of such a system.

It also calls into question whether universities are getting the balance between efficiency and duty of care to students right, and whether the University Council as governance body of the University is sufficiently engaged with the new world of data, cybersecurity and electronic surveillance (as is being urged by the ACS, AICD and other experts) to form a view on the risks that these technology implementations may pose to the University if something were to go wrong.

Universities are big businesses, and are increasingly behaving as big businesses, however, unlike other businesses, universities may owe their students rather more in the way of a duty of care and trust than is owed to other types of customer.

The introduction of technology is often pitched as being about learning and teaching, but often it is at least dual use, and of greater benefit to the institution than the students.

Check-in technology isn’t novel, and the ExLibris campusM platform has been used for this application and others in various places – such as Lancaster and Aston Universities in the UK.

A student’s record of attendance is integrated with their timetable (so that the system knows where they are supposed to be at a particular time), and with the facilities systems (that know precisely where all teaching spaces are located on campus).

What is slightly unusual is that in this instance, the university’s statement seems unclear on whether the check-in is to be automatic and transparent, rather than requiring the student to manually use the app to check in, as is the case in some of the product descriptions on the ExLibris website.

Newcastle's proposed solution does seem to require the student to turn on location services for their phone as tracking uses GPS latitude/longitude readings, leaving devices (and students!) open to tracking by other less scrupulous app vendors and possibly state actors checking up on their nationals.

This is obviously a privacy issue for students, as is the fact that as ExLibris is a 'cloud service provider', the location of student data and its retention by the company could be of concern.

The University has promised no tracking but the collection of exact latitude/longitude or beacon data using phone geolocation means that tracking may be possible, by it or anyone else who gains access to the data, especially if combined with data from wireless access points or social media.

Unlikely perhaps, but these are the sort of possibilities that should be top-of-mind in the age of data.

Collecting data on students for teaching and learning purposes is often at least as much about compliance – as it would seem to be in this case – with a new 80% attendance requirement regime.

More importantly, data once collected can be used or re-used by the university or by external actors for purposes not originally envisaged or consented to (such as, research on the effects of class attendance on course outcomes such as grades).

Universities need to be careful in rolling out technology that collects data about students and university councils should have oversight of any projects that surveil or collect data on students or otherwise may have privacy impacts in their role as the head of governance of the university.

They need to be asking ought, not just could, about technology projects, and balance the potential benefits and harms to students and very real reputational risk for the university with any efficiency gains for the institution.

Michael Wildenauer is Chair of the ACS Ethics Committee.