The recent EU GDPR (General Data Protection Regulation), due to come into effect May 2018, is important. It is a bit dull to read, but should be checked out by everyone.
GDPR is generally very good news for all digital citizens. It simplifies territorial compliance, and protects users from baffling legalese in the terms and conditions they sign up to every time they register with a web service. The EU GDPR website (https://www.eugdpr.org/) is helpful, written in readable language, and should be read by everyone.
I said it’s ‘generally’ good news, but there are some controversial topics (https://www.eugdpr.org/controversial-topics.html). Portability of data is one of those. This is the right to ‘move’ personal data, and appears to my (novice) eyes to only apply to data provided by us, the users. From the webpage previously given: “… all (policy) texts only apply portability to data provided by the data subject, and the Commission and Council texts only apply to data which is processed based on consent or contract”.
Looking into it a bit further specifically relating to education, there are some useful pages and videos from the Information Commissioner’s Office (ICO). They also provide a quick glance PDF infographic that encapsulates the areas you need to be aware of, as individuals and as an organisation. Please browse the ICO pages so you know what is there. https://ico.org.uk/for-organisations/education/ and download or save their pdf infographic: https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf.
Also be aware of what JISC has provided in this area. https://www.jisc.ac.uk/blog/a-year-to-get-your-act-together-how-universities-and-colleges-should-be-preparing-for-new-data-regulations. A key quote from this page is “the biggest change is that institutions will be held far more accountable for the data they hold”. JISC also highlight this quote, and also link to ICO. It *might* be the case, that as institutions are held more to account, they will pass on that accountability to individual lecturers who provide digital learning materials or encourage use of apps not controlled by institutional compliance measures. This is a guess, but it might be the case, and is worth clarifying. Your librarian might be able to help.
Make sure you save this material somewhere safe and readily accessible to find again easily. It might be down to you if there is an infringement, so you need to take reasonable steps to ensure you are not held liable. This is a personal view and I’ll continue to check into this.
Aside: For those from the UK, googling ‘brexit and GDPR’ returns interesting results: the general reaction is one of ‘will we still have to comply?’ Worrying, to say the least, but I don’t think this is representative of everyone in the UK.
Additional Helpful Links
- Times Educational Supplement: https://www.tes.com/news/gdpr-schools-how-will-new-data-regulations-affect-my-school
- EdExec: https://edexec.co.uk/gdpr-in-the-education-sector/
- UK Gov website: https://www.gov.uk/government/publications/data-protection-toolkit-for-schools
- UK Gov website teaching blog: https://teaching.blog.gov.uk/2017/10/24/general-data-protection-regulation-evolution-or-revolution-for-schools/
- A warning, from 3 years ago: https://www.nytimes.com/2015/03/12/technology/learning-apps-outstrip-school-oversight-and-student-privacy-is-among-the-risks.html