The Tin Can API allows for the collection of a lot of data — so much data that it’s hard to draw the line between powerful reporting and what would be considered a breach of privacy. The natural question to ask is “who has access to the data, and how do we protect the privacy of learners?”
The accountability will largely be on the LRSs. Multiple user levels with different privileges will most likely be necessary, and an industry-wide list of best practices should be created. There should be a clear line between LRSs being too open, but not too restrictive.
Permissions get more complex when you look at team-based and collaborative learning. Should learners have access to each other’s data? How much access?