What does the right to data protection imply in an educational setting? What schools have to do, and what they should stop doing?

programme

2 July (Thursday)

3pm-4pm     Educational setting
  • Jen PERSSON, Director Digitaldefendme, Council of Europe expert
  • Pascale SERRIER, Senior Advisor- Digital Education CNIL - France
  •  Patricia POKU, Director, Data Protection Commission - Ghana

See full programme on the main page

Visit the dedicated webpage on Data Protection Views from Strasbourg in Visio (1-3 July) and see other themes:
Session 1: How to ensure that countries that commit to Convention 108+ comply with its provisions? Why do we need a follow-up and evaluation mechanism, and which one?
Session 2: How do we address the latest challenges posed by profiling in an AI era?
Session 3: What does the right to data protection imply in an educational setting? What schools have to do, and what they should stop doing?
Session 4: Are digital identity programmes being implemented with privacy by design?
Session 5: Mirror of our souls: learning Cicero’s lessons and addressing facial recognition risks
Session 6: Political campaigns and elections: why is data protection so crucial?
speakers' presentations

Children’s data protection in an education setting, Jen Persson

Protecting Personal Data in the Educational Setting? , Patricia Adusei Poku, Commissioner / Exec Director Ghana, Data Protection Commission

What does the right to data protection imply in an educational setting? What schools have to do, and what they should stop doing? Pascale Raulin-Serrier,Coordinator of the international Digital Education WorkingGroup, DEWGDigital Education Unit, CNIL

documentation

Summary

Main argument of the panel: “The way we assess our children shows the way we assess our humanity”.

National education systems process a growing number of personal data belonging to children by or via commercial platforms or applications. In this context, it is of high importance that control over that data is given back to children and their legal guardians. The panel argues that by implementing the provisions of the modernised Convention 108, such as purpose limitation, data minimisation, access to data, data security, data retention, more control could be ensured.

Concrete application in an African context (Ghana), in particular in the current COVID-19 crisis, shows how the impact of the implementation of Convention 108+ principles could have particular significance, including in education: (1) avoidance of stigmatisation; (2) education on privacy and data protection rights; (3) implementation of the need-to-know principle; (4) use of fair processes; (5) notification of data subject; and (6) importance of overall transparency in public or private systems.

Some achievements by the data protection community are highlighted, starting with ICDPPC’s Resolution on e-learning platforms (2018) and the development of awareness raising and educational materials at national level, shared through websites, magazines, video games, booklets, codes of conduct, etc.

The panel concludes by stressing that, the modernised Convention 108 being based on the control of data by the data subject her/himself, the community needs to stay firm when it comes to the debate around the ownership of data. In the precise context of children’s data in educational settings, this is particularly critical.

The Q&A session focuses on discussing the legal base suitable for the processing of personal data in the education sector. This confirms that consent is one of the most difficult areas to address, especially with relation to the processing of biometric data.