Ensuring schools are GDPR compliant could involve significant changes to schools’ processes, bringing about a whole host of challenges that will impact schools’ resources and finances. This chapter will elaborate on possible GDPR challenges you might face when using Media Rich content tools in your classes.
As a teacher, there are some legal considerations you should be aware of when offering media rich content. As long as you offer homemade lesson videos to students, there’s nothing wrong. Especially not if you mention the source of material made by others and have taken a good look at the licensing conditions under which the material was published.
However, with the introduction of the GPDR (privacy legislation) something has changed when it comes to free tools that are widely available on the Internet for use in the classroom.
We offer the following checklist to determine whether an educational app or website can be used from a privacy law perspective.
- What is the name of the application and who is the supplier?
- Will personal data be processed in the application?
- Can the application be used without personal data?
- Who’s going to use the application?
- Are students obliged to use this application?
- Is there a processing agreement with the supplier?
- Is it possible to commit fraud or damage with this application?
What are personal data?
The General Data Protection Regulation (GPDR) states that personal data is all information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to that person. Data of deceased persons or organisations are not personal data according to the GPDR.
Examples of personal data
There are many kinds of personal data. The obvious details are a person’s name, address and place of residence. But telephone numbers and zipcodes with house numbers are also personal data. The same goes for example for an IP code of a home computer. Sensitive data such as someone’s race, religion or health are called special personal data. These are protected extra by law.
What does this mean for the use of digital didactical tools in the classroom?
That depends very much on what data the instrument needs to be able to function properly. For example, it is perfectly possible to work with Mentimeter at school. At Mentimeter the students use their own laptop via the internet network of the school. So the IP address of the school is used. Furthermore, a student doesn’t have to fill in a name anywhere, just a code to get to the question. The answers given are anonymous, nowhere is a concrete person linked to a concrete answer. This means that no personal data is collected when using Mentimeter and that it is easy to use in the classroom.
With a small adjustment, you can also use Kahoot, Drillster, Nearpod and many other digital didactical applications. In these applications, it is necessary to enter a name, but all you need to do is ask for the first name. In this way, answers (to didactically sound knowledge questions) are linked to the student’s first name. But a first name alone is not personal data.
Test your knowledge: