The General Data Protection Regulation (GDPR), which came into effect on 25th May 2018, provides a legal framework for keeping everyone’s personal data safe by requiring companies to have robust processes in place for handling and storing personal information.
The GDPR is based on seven principles and establishes rights for the citizens and obligations for the platforms.
GDPR’s seven principles are: lawfulness; fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability.
Let us mention some of these rights and obligations, particularly relevant in our context:
- The right to be informed specifies that a citizen has to be informed of the usage which can be made of their data;
- The right to erasure is what allows a citizen whose data has been collected by a platform to ask for their data to be removed from the dataset built by the platform (and which may be sold to others);
- The right to access means that the citizen can know (easily) what data is being collected about them.
Even if the GDPR was written before the main questions about AI and education became important, the framework does address a lot of issues about data., Since data is the petrol AI thrives on, GDPR is particularly relevant for AI and education.
Rather than giving our own easy-to-understand explanation on what GDPR is and what a teacher should understand, let us recommend looking at a website that has done this simplification work for us.
The name of the website, of “GDPR for dummies” may irritate you (teachers are not dummies). But the analysis has been done by independent experts from the Civil Liberties Union for Europe (Liberties), which is a watchdog that safeguards the human rights of everyone in the European Union.