In the Netherlands – and presumably in all EU Member States – the EU General Data Protection Regulation (GDPR) is being converted into national legislation. It is a very good thing that the privacy invasion by Molochs like Facebook and Google and their cronies are countered by the government (the closing down of Cambridge Analytics is a mere hick-up, I’m afraid). And it is a good thing this is done at the European level. But – there really is a big but.
What we see now is regulation which is creating huge difficulties for education institutions and probably a lot of other public and semi-public institutions to do their jobs – while we may doubt if it keeps the Molochs at bay for more than a brief instance.
At my university, simply logging in to my account will become complicated – to protect my privacy against myself, thank you very much.
At my university – and probably many others – you can’t use student data to help improve their study success, because you didn’t explicitly state exactly which use you were going to make of it when you asked for the data.
At my wife’s primary school, if you will be teaching a child next year, you can’t have access to their data now, nor if you’re a remedial teacher or in any other indirect role working with/for that child.
It is very easy to blame “Europe” or more generally the legislator. Without claiming to be an expert on this particular GDPR, I’m pretty sure that it is easy, but wrong to do so. Usually, the legislators are pretty generic in the requirements. It is the LOCAL LAWYERS AND ADMINISTRATORS to worship the “better safe than sorry” principle – as well as the “keep my workload low” principle. They tend to say: “We collect these data for this one specific purpose and will not allow access for other uses”.
If we could only convince them to be more generic!
Don’t tell the students: “We collect information on your scores only to calculate your grades and not for anything else”.
Why not tell the students:
“The purpose of the information we collect from you is to provide the best possible education to you and all students. So we will use – and ask your consent – in our effort to provide you and other students the best education and to continuously look for ways to improve that education. We will not share your information in a way that can be traced to you with any organisation or person outside the university; we will not share any information – even untraceable to you – with any organisation or person, except to public or non-profit organisations for clearly defined purposes in line with our goal of optimising education.”
This would probably need a more legal wording, but I hope the message is clear.
Use of privacy-sensitive information in education is much too important to leave it to lawyers or administrators. Privacy * Lawyers = Nightmare