Digitalisation, data protection & IT security are important pillars of long-term success. More and more companies are developing an awareness of the relevance of secure IT and the responsible handling of personal data.
By 2020 at the latest, existing weaknesses in this area became painfully obvious to those concerned. But the digitalisation backlog in the area of school education has become clear in this context not only to the schools themselves, but also to teachers, parents and students.
(Image source: Marc Thele / Amr Thele @ pixabay.com)
The current blog article not only deals with the technical and organisational weaknesses that have become apparent in school education – it also gives indications of the
In March 2020, 90 % of all pupils were not in school due to the exceptional global situation – but were home-schooled ( see IT-Business, 02/2021). For months, pupils in Germany had been sitting at home in front of their worksheets. With the support of their parents (who in the meantime acted as part-time teachers in addition to their 40-hour job in the home office), they tried to acquire the learning material that had previously been taught to them by studied professionals. It should be clear to everyone by now that this form of distance learning is not optimal – and does not happen without consequences for all involved.
The students will probably not be able to catch up on the learning that has occurred due to the lack of face-to-face teaching and also the lack of digital solutions.
The fact is: even if technical developments would long since allow for a high degree of digitalisation in schools, this has nevertheless only happened very insufficiently in recent years. Germany lags quite a bit behind here! This became quite a big problem in 2020/2021.
Certainly there are reasons for this - and certainly the school closings are a situation that no one foresaw. Otherwise, the necessary precautions would probably have been taken. Nevertheless, the question arises: "What would the situation look like if more had been invested in the technical equipment of the schools so far?" – and this does not only mean financial resources.
Quick solutions needed – devices, cloud and video conferencing tools
In order not to let the educational backlog grow ever larger, it has been important to act particularly quickly in recent months. More and more schools – and also politicians – have become aware of the value of digital teaching. And indeed, things slowly started to happen.
In order to continue to manage school operations reasonably well, many schools have chosen digital solutions. These include online seminar software and cloud solutions. In principle, these bring with them many advantages that can be of real benefit in the current times - and also in the future.
During the lockdown, some schools have already switched to digital education – that is, online conferences with teachers and students have taken place to replace classroom learning. One might think that schools are on the right track. However, the fact that enough educational institutions still have construction sites in the area of digital teaching – perhaps even without knowing it – is shown by numerous articles and reports in the media.
Aspects which unfortunately came and still come far too short in the forced conversion to distance learning are the topics of data security, data protection – especially the informational self-determination of the students, responsibility (in various respects) and also the topic of user-friendliness.
Furthermore, the knowledge of teachers in the area of digital information transfer is not yet sufficient for digital teaching. (IT-Business, 02/2021, p. 42).
On a positive note, authorities are becoming more and more aware of the lack of data protection in the context of home schooling and digital distance learning.
There are repeated reports in the media of such critical incidents – but also of reactions by authorities and associations.
There are several reasons why the topic is so controversial. First of all, let's take a look at the EU Data Protection Regulation. Its purpose is to protect natural persons with regard to the use of their personal data (cf. dejure.org).
An important aspect here is informational self-determination. Everyone can decide for themselves what information they want to disclose and what it may be used for (see datenschutzexperte.de (2)). Children and young people have less awareness in the area of data protection than adults. Therefore, they deserve special protection, for example when data is collected for the use of services. (see datenschutzexperte.de (1); see dsgvo-gesetz.de)
Schools and teachers should therefore be particularly concerned to pay attention to the issue of data protection and data security, especially for children. Furthermore, the question arises: What are we teaching the growing generation in terms of data protection if parents, schools and supervisors themselves do not pay attention to important aspects? Shouldn't exactly this generation – which is growing up completely with digital media – get a special awareness for this area? Couldn't it even be an important part of teaching students why exactly this and no other cloud or video conferencing solution was chosen?
Students are the founders and entrepreneurs of the future, who in turn work with our data. Thus, everyone benefits from the media competence of the upcoming generation.
The school is responsible for data protection and is therefore responsible for compliance with the GDPR. It is therefore obvious that it is not the individual teachers who should decide on the use of educational software, for example, but that the school must make wise regulations here so that everything runs optimally.
But what are the points that make sense to ensure a high level of data security for all involved? In the following, we would like to shed light not only on technical aspects, but also on the necessary behaviour. Because without this, even the best technology is useless.
Furthermore, a few points are mentioned which are important for user-friendliness. After all, it is precisely this point that has so far encouraged schools to use less data protection-compliant solutions. Therefore, it should not be neglected here in any case!
When choosing a cloud or software solution, it is very important that educational institutions look carefully and rather invest once more in training for teachers (or the necessary training time).
We have already reported on the advantages of open source applications in previous blog articles. These are also referred to as open-source tools. This means nothing other than that theoretically almost anyone can have an insight into the source code of the programme. With commercial offers, on the other hand, only the corresponding company has access to the source code. Not all processes running in the background can be traced. With open source software – due to its openness – an entire community pays attention to the (data) security of the software.
So it is not just a team of developers. Security gaps can be detected very quickly and accordingly also remedied. Perhaps this is the reason why the Jitsi Meet and Big Blue Button applications in particular are regarded as meeting applications that comply with data protection regulations (see also Xing, 18.02.2021). More on the topic of open source can also be read here. The decision on whether to use open source software or "commercial providers" should be made carefully.
When choosing an application, it is also important to ensure that it is encrypted – both with regard to the data and the transmission of the data. If this does not take place, it is particularly easy for criminals. Therefore, the transmission should take place by means of end-to-end encryption. Here, the information is encrypted at the sender and decrypted at the recipient. It is also important that the data is encrypted on the transmission paths and the server.
The tools should replicate the learning familiar from the classroom as well and easily as possible. This could be done, for example, through an online whiteboard, digital "reporting", "group workspaces", sharing of documents (for example, worksheets) or other useful functions. Here it makes sense to note down the most important and necessary functions before choosing a tool and then compare these with the available offers.
User-friendliness and use via browser – especially for children, the operation of the software should be simple and intuitive. It also makes sense that the application runs browser-based – and that no complex installation is necessary before use. Because not only the pupils, but also their parents could easily be overwhelmed by installation processes. If there are about 15 or 20 classes with 30 pupils, the school's IT department would probably also welcome a simple installation and operation of the software. In a worst-case scenario, they would have to provide parallel help to families who have problems using the software.
Which brings us to the next point: good support at all important times. Problems with the software or the cloud should be solved as quickly as possible, because every minute lost is ultimately missed by the students. So when choosing suitable software, you should definitely take a look at the user ratings for the support of the service! It is also important that the support is provided in your own language. Because with many teachers, pupils and parents involved, it cannot be assumed that they all speak subject-specific English, for example.
The functions of the respective tool should also support data security and data protection. For example, it is important that no one but the participant can decide when their microphone or camera can be switched on and off.
In order for the application that the students and teachers share to run independently of devices and locations, it must be located on a server. The "cloud" is not just anywhere, but on a server in a data center. It should therefore be clear in advance where the provider has "its" servers.
Insecure servers are a popular point of attack for criminals. Therefore, the data centers in which the corresponding server is located should have high security standards and ideally guarantee good performance and availability. An indication of corresponding security and quality criteria can be, for example, a current TÜV certification of the data center. In order for the EU Data Protection Regulation to apply, it is also important that the server is located in an EU country. In order for the German Data Protection Act to apply, the server should be located in Germany.
Schools should find out in advance where which information about the online courses is stored or ideally determine this themselves. You can't find any information about where the provider's servers are located? Then you should be more alert than ever. A transparent approach to data protection on the part of the provider is an important argument for using the service!
Business email accounts, services and devices
Did you know that the use of pupils' personal data on private devices or via private email accounts or via cloud services with which there is no contract for commissioned processing with the school is not legally compliant? (datenschutz-schule.info, 19.02.2020)
Thus, it is important that student data is only exchanged with the school itself and its online services – or the teacher's school email account, so to speak. It is important for schools to conclude the contract for commissioned data processing in order to be on the safe side.
It should be clear that the use of private devices can pose a security risk under certain circumstances. If a teacher catches a virus on his or her private laptop and then spreads it to the pupils, disaster is inevitable. The same applies to online services, which may not be secure.
External storage of personal data outside the school requires a contract for commissioned processing between the school and the provider if it is not a solution operated by the school itself. (see datenschutz-schule.info, 19.02.2020)
The use of a video conferencing tool should comply with data protection guidelines and be approved by the school (see Xing, 18.02.2021).
The criteria mentioned for the technical conditions are also similar to our articles on the subject of home offices and secure video conferences. In the field of education, however, there is another very important criteria! – The topic ...
In order for the technical measures to actually have their effect, another aspect is necessary – the right and, above all, responsible behaviour in the context of homeschooling and distance learning by adults!
In particular, the correct handling of student data should be mentioned here. For example, in order for password protection to work, a password must be set in the first place – for example, for the online classroom! This means that only participants who log in with a password can take part in the conference!
Also important: creating a meeting ID, i.e. a name or the corresponding link for the meeting, which is not easy to guess!
Another useful feature: If the tool offers the possibility, the teacher could let potential participants into the room only after consent. This way, unauthorised persons cannot gain access so quickly!
In order to ensure data protection, teachers should also take care during the online event that they do not disclose any personal data of the students which is not absolutely necessary.
Data requiring special protection should be encrypted before uploading, for example to the cloud. In general, it should always be considered before an upload whether central storage in the cloud is necessary.
When sharing data via a cloud, the teacher has some freedom, which can be crucial. For example, the cloud can be used to simply share data with others, for example via a link, without them having to create a user account. Depending on the access possibilities the students should have to the document, an account should be created or not. Creating an account always means working with the student's personal data. The teacher should be aware of this.
To summarise on this point, it is responsible to only use functions that are necessary. For example, it is not necessary to "show" all students on the screen at every moment. The conference should only be recorded if it is really necessary and in that case only with the knowledge and consent of the participants. Furthermore, all possibilities that support data protection should be recognised and used.
Appropriate guidance and training is needed for teachers and perhaps also for parents and students - because the more digitalisation becomes prevalent, the more important the topic also becomes.
So what does this mean? Teachers need to be made aware of data security and data protection issues – not only in theory with the help of data protection instruction, but also in practical application.
One cannot expect teachers to become data protection experts now. But perhaps it would make sense to provide teachers and students with good instructions on how to use the tools and cloud applications, which do not leave out the topics of data protection and data security. Furthermore, professional training of teachers in the area of digital and data protection compliant knowledge transfer would of course be useful.
These measures would have the positive side effect of indirectly promoting the media competence of the pupils and thus awareness of issues in the area of data security.
A guide for parents would also be a great measure! This could include not only data protection topics but also educational tips to support learners.
Possible future developments in home schooling and school clouds
Used correctly and applied properly, the mentioned applications, settings and measures could bring numerous benefits even after the times of social distancing! Current developments could also be a big step towards "digital learning". This does not necessarily mean that teaching or learning should only take place from home. However, even a student with a broken foot, for example, could take part in a maths lesson through distance learning without having to be driven to school or having to change classrooms.
Furthermore, homework could also be done directly via a cloud and thus "transmitted" to the teacher. They could therefore no longer be forgotten at home.
Textbooks would no longer have to be taken home, but could simply be accessed on the computer.
Grades could be communicated by teachers to students via app. Perhaps, to motivate learners, there would even be a "calculator" that would allow them to determine what grades and points they need to achieve in order to reach a certain average grade.
The "school of tomorrow" could make many processes easier for all involved and additionally also comply with high data protection standards if the right foundations are laid for this.
All of this requires openness on the part of all those involved, but also a great deal of awareness of data protection and data security in the education sector. This is what we wanted to address with this blog article.
The above problem areas need to be addressed so that it can be done better from now on!
This article is intended to discuss the topic of home schooling and provide thought-provoking ideas on the topic of data security in this area. It does not claim to be complete. We would be happy to advise you on technical questions about the topic. For legal questions, please contact a specialist lawyer.
Bundesministerium für Wirtschaft und Energie: Datenschutz und Datensicherheit. Abgerufen am 24.02.2021 unter https://www.it-sicherheit-in-d...
Datenschutzexperte.de (1)/ PROLIANCE GmbH/ Kathrin Strauß : DSGVO und Kinder: Fragen und Antworten zum Thema Kinder & Datenschutz. Abgerufen am 25.02.2021 unter https://www.datenschutzexperte...
Datenschutzexperte.de (2) / PROLIANCE GmbH: Informationelle Selbstbestimmung. Unsicherheiten ei der Umsetzung r DSGVO? Abgerufen am 25. Februar 2021 unter https://www.datenschutzexperte...
Datenschutz-schule.info / Dirk Thiede / MR_Tee (19.02.2020): Lehrer Apps und Cloud Speicher. Abgerufen am 24.02.2021 unter https://datenschutz-schule.inf...
Datenschutzticker.de/KINAST Rechtsanwaltsgesellschaft mbH (26. März 2020): Themenreihe Datenschutz und Corona – Teil 8: Homeschooling und Datenschutz. Aberufen am 24.02.2021 unter https://www.datenschutzticker....
Dejure.org/ Dejure Rechtsinformationssysteme GmbH: Datenschutz-Grundverordnung. Abgerufen am 25. Februar 2021 unter https://dejure.org/gesetze/DSG...
Golem.de / Moritz Tremmel (21.01.2021): Unbekannte verbreiten Nacktfotos auf Lernplattform. Abgerufen am 25.02.2021 unter https://www.golem.de/news/grun...
Heise online / Redaktion: Eva-Maria Weiß (13.01.2021): Streit um Einsatz von Microsoft-Produkten im Digitalunterricht. Abergufen am 25.02.2021 unter https://www.heise.de/news/Stre...
Heise online / Redaktion: Dorothee Wiegand (16.02.2021): Schülerscherze und Angriffe Unbekannter stören den Onlineunterricht. Abgerufen am 25.02.2021 unter https://www.heise.de/news/Schu...
IDG Tech Media GmbH / Andrea Pfundmeier (13.11.2020): Datenschutz in Schulen: Fehlt es am Bewusstsein? Abgerufen am 23.02.2021 unter https://www.pcwelt.de/ratgeber...
Intersoft Consulting: Besonderer Schutz der Daten von Kindern. Abgerufen am 25.02.2021 unter https://dsgvo-gesetz.de/erwaeg...
IT-Business/Klaus Länger: Digitalpakt 2.0: IT für das Hoeschooling? In: IT-Business. Die Fachzeitschrift für den ITK-Markt. 31. Jahrgang. Heft 2. 8.-21.Februar 2021.S. 36-40.
IT-Business/Ann-Marie Struck: Goldgrube Homeschooling? In: IT-Business. Die Fachzeitschrift für den ITK-Markt. 31. Jahrgang. Heft 2. 8.-21.Februar 2021.S. 46/47.
IT-Business/Ann-Marie Struck: Bildung plötzlich digital? In: IT-Business. Die Fachzeitschrift für den ITK-Markt. 31. Jahrgang. Heft 2. 8.-21.Februar 2021.S. 22-44.
Lehrerfreund.de / Der Lehrerfreund (15.04.2014, aktualisiert am 21.11.2020): Sichere Dropbox-Alternativen für Lehrer/innen. Abgerufen am 24.02.2021 unter https://www.lehrerfreund.de/sc...
Wagner, Lukas /Netzpolitik.org (21. 01. 2021): Microsoft Teams oder nichts. Abgerufen am 25. Februar 2021 unter https://netzpolitik.org/2021/m...
Welt.de / Hannelore Crolly (05.08.2019): Schulen bewegen sich beim Einsatz von Office 365 auf dünnem Eis. Abgerufen 1m 25. Februar 2021 unter https://www.welt.de/wirtschaft...
Xing / Dietmar Neuerer (18.02.2021): Microsoft Teams, Zoom, WebEx: Berliner Behörde warnt vor gängigek Videosystemen. Abgerufen am 19.02.2021 unter https://www.xing-news.com/read...