This page contains automatically translated content.

01/03/2022 | Pressemitteilung

How to make digital education compliant with data protection laws

Distance learning and the use of digital platforms have been everyday experiences for students since the Corona pandemic began. But some learning platforms raise questions about data privacy. Researchers at the University of Kassel and partners want to remedy this with the first data protection certification in the school sector.

Image: Tamz Craig.

In the DIRECTIONS project (stands for Data Protection Certification for Educational Information Systems), they are developing criteria and procedures for such a certificate. The Federal Ministry of Education and Research (BMBF) is funding the project with almost 6.5 million euros, of which around 2.15 million euros are going to the University of Kassel. Prof. Dr. Gerrit Hornung, Department of Public Law, IT Law & Environmental Law, is responsible for the Kassel part of the project.

The researchers' goal is to design, implement and ultimately test a data protection certification for school information systems. This is because certifications have proven their worth as a means of checking cloud services, and seals of approval are already familiar from online retailing in particular. The DIRECTIONS certification is intended to be the very first data protection certification in the education sector to demonstrate compliance with the General Data Protection Regulation (GDPR) in a legally secure manner.

In the Kassel subproject, the data protection requirements for learning platforms are determined and then transferred into a criteria catalog that is manageable for later certification. In addition, the legal scientists are determining specifications for how compliance should be evaluated. "During the pandemic, privacy regulators often transitionally accepted systems whose privacy was controversial," Hornung says. "Corona has caused a digitization push, but it can't be left permanently without data protection."

"Through our work, we want to develop auditable specifications that protect the sensitive data of students, as well as teachers and parents," Hornung further describes. The aim is for an independent and accredited certification body to determine whether a system and the provider meet all the requirements of the certification criteria catalog. Technical security measures such as a firewall or the use of encryption and anonymization procedures are checked, as are organizational measures such as the training of the provider's employees or the appointment of a data protection officer. If the test is successful, the provider can advertise with a certificate and a seal of approval.

The University of Kassel, the Karlsruhe Institute of Technology (KIT, lead) and datenschutz cert GmbH are involved in the project.

 

Contact:

Prof. Dr. Gerrit Hornung
University of Kassel
Department of Public Law, IT Law & Environmental Law
Tel: +49 561 804-7923
Mail: gerrit.hornung[at]uni-kassel[dot]de

 

This text contains information from a KIT press release.