UTS creating middleware to protect international students' data

Researchers at the University of Technology Sydney (UTS) are developing a platform to help businesses and universities operating in different jurisdictions to comply with local data protection laws.

The work is supported by Melbourne-based Australia Education Management Group (AEMG), who facilitate international study links in the tertiary sector and have seen first hand the policy-induced difficulties Australian and Chinese universities face when sharing students’ results and data.

Head of UTS’ School of Software Professor Wanlei Zhou told iTnews that one difficulty, especially in education, was that different international standards dictate where data must be stored and what can be transmitted across borders.

Zhou said this can pose a problem to universities when it comes to marrying up students’ results from other countries that might be looking to get different values out of datasets.

One example he highlighted is when countries such as China, where students are ranked against each other, are unable to obtain the necessary data from their Australian counterparts due to different practices and regulations between the countries.

Maintaining compliance is a task that has so far been done manually, which Zhou said can be costly and time-consuming.

He said that middleware sitting on each institution’s servers could enable more effective communications between universities and third parties like AEMG by only allowing compliant data to be transmitted across borders.

“We can put [middleware] in place in individual countries so that when two countries exchange data they have these automatic systems to make the minimum requirement so you can still exchange data and still conform with local laws.”

While work on the project has already started, Zhou and UTS cyber security lecturer Dr Tianqing Zhu anticipate some difficulties when it comes to operating with multiple institutions across jurisdictions operating on different network systems.

The AEMG, for example, facilitates exchanges across Europe, the US, China and New Zealand - all of which have differing data regulation requirements.

A small proof-of-concept has already been developed, which has already inspired Zhou to think about the platforms applications in any other industry that operates in different legal jurisdiction.