New European rules give parents and students more control over their personal data as of May 25. Education magazine answers seven questions about the implications for teachers.
Why a new law?
It's not that new at all. Back in 2016, the European Parliament approved the General Data Protection Regulation (AVG), regulations designed to protect the personal data of all citizens in the European Union in a uniform and better way. Organizations, such as schools, were given two years to comply with this law. As of May 25, the AVG replaces all national privacy laws, such as "our" Personal Data Protection Act. Schools that fail to comply by then risk a hefty fine.
What data is involved?
First of all, the NAW data: names, addresses, phone numbers and e-mail addresses. New is that e-mail addresses from your work also fall under personal data. So all this data may not be distributed without permission in a school guide or class list. It also includes data such as BSN number, religious beliefs or medical data. Even stricter rules apply to this type of sensitive information.
What will change?
A school is required to justify why it wants to collect student data and how long it wants to keep it. In doing so, you may not ask for more data than is strictly necessary, and after termination of use, everyone has the right "to be forgotten. This means that a school must also delete the data again. In addition, the school must ensure proper security of the student administration and student tracking systems and record who has read or modified which files.
Requesting permission more explicitly is another issue, for example when using photographs. For students under the age of 16, a parental signature is required. It must be clear what they are consenting to (specific purpose), the consent must be asked again every year and just as easily withdrawn. So it is not: once given, stays given.
What does this mean for your work?
Each school must make clear arrangements about who has access to student data, when and for what purpose. You may only access data that is relevant to you, unless otherwise agreed. As a teacher, you may only access the data of your class and an internal supervisor may only access the files of students who need extra care or guidance. A substitute teacher is given access to relevant information only temporarily: for the duration of his contract.
What about social media and app groups?
The privacy of WhatsApp, for example, is not guaranteed: because data such as phone numbers are visible to every participant. Teachers should ask students or their parents for permission to share data via WhatsApp. In addition, agreements must be made with providers of apps and social media about what they do with data. This does not seem easy, but at least an app like Parro is more secure.
Who controls what
The school is responsible for ensuring student privacy and must conduct risk assessments. The so-called privacy covenant helps schools make it easier to reach agreements with suppliers and publishers on how to handle student data securely. The new "data protection officer" (FG) will play a major role in this. The Autoriteit Persoonsgegevens supervises compliance with these privacy laws. The regulator can ask the FG for clarification and explanation and has the power to impose fines.
What can I do myself to ensure privacy?
First of all, be careful with login information: use a good password made up of several letters and characters, keep it secret and replace it every so often. Check that the connection you use is secure. A public Wi-Fi connection in the library or at the train station is easily tapped. Before sending personal data, think carefully about the purpose and to whom you are sending it: are the recipients allowed to have this information? Finally, do not use USB sticks for sensitive information because they tend to get lost.
