Since the beginning of the pandemic, distance education of children has become a matter of routine. The market of educational information systems and learning software is booming worldwide. However, media report that learning platforms, chat programs, video conferencing tools, or cloud storage systems for virtual classrooms often neglect data protection. Researchers of Karlsruhe Institute of Technology (KIT) want to remedy this by data protection certification. Within the DIRECTIONS project, they develop dependable criteria for such a certificate. The project is funded by the Federal Ministry of Education and Research (BMBF) with about EUR 6.5 million.
“When new technologies are used in education, data protection must be guaranteed, of course,” says Professor Ali Sunyaev from KIT’s Institute of Applied Informatics and Formal Description Methods (AIFB). As outlined in the EU General Data Protection Regulation (GDPR), providers of IT systems for schools are obliged to guarantee that their products comply with all data protection requirements. At the same time, schools only should use systems that guarantee data protection. “There were cases, in which confidentiality of the data was not guaranteed,” says the Head of the Critical Information Infrastructures Research Group.
First Data Protection Certification in the Education Sector
One possibility to solve this problem is to subject educational information systems to data protection certification. Such a procedure is now being developed by researchers of KIT within the DIRECTIONS (Data Protection Certification for Educational Information Systems) project. The researchers want to design, implement, and test a suitable data protection certification. Certifications have already proved to be a good means for inspecting cloud services and quality labels are known from online trading, for instance. “The DIRECTIONS certification will be the first data protection certification in the education sector that confirms conformity with the GDPR,” Sunyaev announces.
Clear Criteria for Schools When Procuring Learning Software
“It is a problem that schools sometimes lack knowledge and experience to assess whether online services and IT products meet data protection requirements,” Sunyaev says. Data may be transferred to third countries outside of the EU when providers of learning tools are located in the US, for instance. “This makes the control of what happens with the data of pupils far more difficult,” the expert warns. Moreover, he considers the often lacking encryption of data a big security hole. “Personal data are partly stored or transmitted in plain text and, hence, may be read in principle.”
Clear guidelines for assessing products are lacking, recommendations differ among the federal states. “As a result, educational information systems are not used at all or to a limited extent only and many digital education potentials are far from being exhausted,” Sunyaev says. “With the certification developed now, the provider can prove that all requirements are met. Certifications create transparency and improve the comparability of systems.”
Certification will require an inspection by an independent and accredited certification office, such as TÜV or DEKRA, which determines whether a system and the provider meet all requirements listed in the catalog of certification criteria. The inspection will cover technical safety features, such as a firewall or the use of encryption and anonymization processes, as well as organizational measures, such as the training of the provider’s staff or the existence of a data protection commissioner. In case of a successful inspection, a certificate and a quality label will be awarded and can be used by the provider for promotion purposes.
The BMBF funds the project with about EUR 6.5 million. Of these, KIT receives about EUR 4 million. The project partners are the University of Kassel and datenschutz cert GmbH.
More information: https://cii.aifb.kit.edu/english/110_1121.php
More about the KIT Information · Systems · Technologies Center: https://www.kcist.kit.edu/
Being “The Research University in the Helmholtz Association”, KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility, and information. For this, about 10,000 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 22,800 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life. KIT is one of the German universities of excellence.