Online privacy van leerlingen: een ondergeschoven kindje?

Student Privacy pledge - Expanding VisionsWe lezen steeds vaker over de online privacy van leerlingen. Maar wat doen scholen daar in de praktijk mee? In de dagelijkse praktijk zien we nog veel te weinig dat scholen de privacy als beslis-criterium meenemen. Tablets in de klas, op zich een prima ontwikkeling natuurlijk.

En wie is er verantwoordelijk voor de privacy-aspecten van de gebruikte apps? Of het gebruik van One Drive, Dropbox of Google Drive voor het opslaan en uitwisselen van content van leerlingen. Hoe veilig is dat eigenlijk? En hoe zit het met de technische maatregelen die uw cloudleveranciers getroffen hebben om gegevens van leerlingen veilig te stellen? Het schoolbestuur is hiervoor verantwoordelijk en moet dit daarom adequaat geregeld hebben cq. minimaal over nagedacht hebben en er wat van vinden.

De grote leveranciers uit Verenigde Staten hebben de reputatie nogal makkelijk met privacy aspecten om te gaan. Toch is daar een tegenbeweging gaande die wel degelijk aan de bescherming van leerlingen werken. Zo kwam op 7 oktober 2014 de ‘Student Privacy Pledge’ tot stand. (Bron: studentprivacypledge.org). Dit is opgezet door het Future of Privacy Forum en de Software & Information Association en wordt ondersteund door president Obama.

obama-state-of-the-union-1080x675
President Obama draagt de Student Privacy Pledge een warm hart toe

Deze ‘pledge’ is bedoeld om leerlingen van onder de 18 jaar, online bescherming te bieden zoals bijvoorbeeld het opbouwen van persoonsprofielen anders dan onderwijsdoeleinden en het afschermen van reclame die op kinderen gericht is.

Leveranciers kunnen zich vrijwillig conformeren aan de Student Privacy Pledge door deze te ondertekenen. Een ‘pledge’ klinkt als een intentie/convenant en/of een voornemen voor een belofte. In de VS gaat de impact toch behoorlijk ver omdat deze pledge rechtsgeldig is. Onder section 5 van de Consumer Protection Act kan de Federal Trade Commission gerechtelijke actie ondernemen tegen bedrijven die zich misleidend gedragen.

Tot op heden hebben 216 bedrijven de Student Privacy Pledge ondertekend. Bekende namen zoals Apple, Microsoft en Google maken deel uit van deze lijst. Google was (als advertentiebedrijf) in eerst instantie nog terughoudend om zich hieraan te conformeren maar is vorig jaar toch door de bocht gegaan. Wie ingelogged is met een Google Apps for Education (GAFE) account, zal merken dat er bij zoekopdrachten in Google in de rechterkolom geen reclame verschijnt en er ook geen sponsored links vertoond worden. Helaas wordt ‘student’ in de pledge gedefinieerd als studenten in de Verenigde Staten waardoor we er in Nederland niet zo veel mee kunnen. Daar moet toch wat op te bedenken zijn, of mis ik iets? En staat online privacy van leerlingen al bij u op de agenda?

Student Privacy Pledge

SPP_Pledge_1-1024x609 We Commit To:

✘     Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.

✘     Not sell student personal information.

✘      Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.

✘     Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.

✘     Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.

✘     Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

✔     Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.

✔      Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.

✔     Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.

✔     Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

✔     Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.

✔     Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.

 

Notes:

  • Some school service providers may be subject to additional legal obligations, contractual commitments, or requests from educational institutions or parents/students that direct or otherwise authorize additional uses of student data, other than those specified above.
  • Nothing in this pledge is intended to prohibit the use of student personal information for purposes of adaptive learning or customized education.
  • This pledge is intended to be applicable to new contracts and policies going forward and addressed — where inconsistent and as agreed to by the educational institution or agency — in existing contracts as updated over time.
  • This pledge shall be effective as of January 1, 2015.

Definitions:

  • ‘School service provider’ refers to any entity that: (1) is providing, and is operating in its capacity as a provider of, an online or mobile application, online service or website that is both designed and marketed for use in United States elementary and secondary educational institutions/ agencies and is used at the direction of their teachers or other employees; and (2) collects, maintains or uses student personal information in digital/electronic format. The term ‘school service provider’ does not include an entity that is providing, and that is operating in its capacity as a provider of, general audience software, applications, services or websites not designed and marketed for schools.
  • ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).
  • ‘Student personal information’ is personally identifiable information as well as other information when it is both collected and maintained on an individual level and is linked to personally identifiable information.
  • ‘Student’ applies to students of United States elementary and secondary schools, and with regard to notice and consent applies only to students of appropriate age as authorized under relevant United States federal law.
  • ‘Consumer privacy policies’ include those privacy policies that are posted by the company to be available to all users to the site or service.
  • ‘Parent’ includes a student’s legal guardian.

This Pledge is neither intended as a comprehensive privacy policy nor to be inclusive of all requirements to achieve compliance with all applicable federal or state laws. For more information, visit http://studentprivacypledge.org.

 

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *