The debate on the use of technology in classrooms is still very topical, and even more so with statements such as the one made yesterday by the Spanish Data Protection Association (AEPD), which has prepared a guide in which it addresses the responsibilities and obligations in the use of mobile devices in Early Childhood, Primary and Secondary education. It thus establishes a legal framework for the use of devices in classrooms (mobile phones, laptops, tablets…) that, in many cases, belong to the students themselves and that do not have the administration of the educational centers and authorities in aspects related to privacy and security. And, therefore, they do not comply with the regulation that regulates the processing of personal data – Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons in regarding the processing of personal data and the free circulation of these data.
Security of personal data
What does this mean? That many of these devices are used both educationally and personally, installing multiple programs and apps without supervision. For this reason, much of the information they collect is subject to processing by third parties, without active user intervention and without effective control by educational centers and authorities: device identifiers, advertising identifiers, user account identifiers, user telemetry. device or applications, geolocation, usage habits, etc., and can be processed for different purposes. “The very design of these systems requires users to have in-depth knowledge of the risks to rights that their use entails, which should not be required of Primary or Secondary students, as well as knowledge to protect their personal information from unwanted processing by third parties. . The control that the user or the teaching center has over the collateral treatments carried out is, in some cases, poor or even non-existent, and the responsibility that this implies cannot be ignored,” the guide specifies in its introduction.
The cell phone in class
Taking into account that students' mobile phones are the devices most used by minors, the guide reserves a prominent space for the responsibilities of their illicit use, which depend on the regulations applied at the center. If, for example, it is prohibited for students to carry it and they still carry it and make inappropriate use of it, “students over 14 years of age may be subject to an administrative sanction of a financial, proportionate and dissuasive fine, and of which, for it to be effective, their parents, guardians, foster parents or legal guardians will be jointly responsible.” Responsibility could also extend to the center or teachers for not preventing and controlling its use. On the other hand, in the event that, despite its limited use, it is used in class at the request of the teacher for educational purposes, the teacher will be responsible for what the students do with it. “If the use involves the processing of personal data due to the access and use of digital services or products approved by the center or the Educational Authority, the teachers would be considered responsible for their processing having decided on the purposes and means, in execution of the mission in the public interest that the exercise of the educational function by the center's teachers entails,” he specifies. Finally, if there is no regulation on its use, the responsibility for the processing of personal data would fall on one or the other depending on the use that had been made of the device following the examples cited above.
And social networks?
The AEPD guide is clear regarding the use of third-party applications and tools on the devices used by students, including social networks: centers and teaching staff “must previously reflect on whether their use, and the treatment of data that it could entail, would comply with the requirements demanded by the principle of proportionality, such as suitability, necessity, whether the educational function can be provided without its use, through a more moderate measure regarding the intrusion into the privacy of the students. , especially when it is carried out with devices that are not provided by the center or the educational authority, and proportionality by analyzing whether its use brings more benefits or advantages than harm to those affected in their rights and interests. That said, in addition, even when its use is requested outside the classroom, it can only be done to facilitate communication, direct the student's training process, manage activities and access teaching content. For nothing else.