Survey of European data protection officials shows European school children require stronger privacy protection
Children using cloud computing technologies at school are at risk of privacy violations if they don’t receive special protection, according to a new survey of European data protection officials released today by SafeGov.org. The report was released to coincide with the International Conference of Data Protection and Privacy Commissioners, taking place this week in Warsaw.
The survey shows broad support for safeguarding especially vulnerable cloud user populations in public organisations, such as school children, civil servants, and healthcare professionals and their patients, who are at risk of being tracked and profiled for online advertising purposes. The majority of respondents endorsed the use of Codes of Conduct establishing rules that schools and cloud providers could voluntarily sign up for, which SafeGov.org recommends include a binding pledge to ban targeted advertising in schools and the processing or secondary use of data for advertising purposes in schools.
“The use of commercial cloud services by schools in Europe is growing, and while the benefits of such adoption are indisputable – ease of use, cost and simplicity -- the education sector contains particularly vulnerable users who require special privacy protection. We’re comforted by the support voiced for safeguarding school children, and today we’re asking for a clear, principled commitment from cloud, policy and education actors banning targeted advertising in schools,” said Jeff Gould, President of SafeGov.org.
SafeGov.org undertook the research given its concern that the implementation of cloud services based on consumer technologies designed to track and profile users and their behaviour for ad-targeting purposes, may allow cloud providers to gather information about school children and members of other public sector organisations that they should not have – in clear violation of EU data protection laws.
Based on the findings of the survey, SafeGov.org calls on Europe’s Data Protection Authorities (DPAs), the European Commission, national education ministries, European schools and parent associations to recognise that while free commercial cloud services provide great benefits to schools, they must be carefully regulated in order to prevent violations of data protection rights or the introduction of advertising into schools. They should embrace Codes of Conduct at the national level and possibly also at the EU level as a mechanism for insuring the data protection rights of school children. This framework could also be applied to other sensitive user populations of cloud services in public sector organisations.
In the conversations SafeGov.org had with the data protection officials, it was suggested that DPAs work with schools to develop a set of criteria for use during the cloud provider selection process.
SafeGov.org also recommends that cloud service providers review their privacy policies and associated practices and revise them as necessary to meet the standards of school online privacy discussed in this report, namely including a legally binding pledge not to conduct user profiling or data mining for advertising purposes when providing services to schools.
In light of its findings, SafeGov.org called on European DPAs to extend the current focus of their investigations of the consumer privacy policies of large Internet firms to address the specific scenario of data subjects who use cloud services in public sector organisations like schools, but also national and local government and hospitals.
The report can be found here.