Foto: Shutterstock / Hananeko_Studio. Bildet viser ei jente som rekker opp hånden. Hun sitter hjemme og følger undervisning på skjerm.

In Norway: Municipalities and schools lag on privacy

The association Kins works with data security in Norwegian municipalities. Recently, the association submitted comments to the Privacy Commission. The EU is also tightening its grip to provide citizens, especially children, more digital rights. What will digital school solutions be like in a few years?

Choose language in the Google-box below. Some translations may be flawed or inaccurate.

The schools where your children attend in Norway are owned by the municipalities. «Barnevakten» has repeatedly written about failing privacy in schools.

The association Municipal Information Security (Kins) has 300 Norwegian municipalities as its members. Kins recently submitted comments to the Privacy Commission.

«Barnevakten» has seen a summary of the comments. It gives a clear message that there is a long way to go before the municipalities (and thus also the schools) have everything in place in terms of privacy.

Municipalities can’t do the privacy job alone

The bullet points from Kin’s presentation state that in the field of communication with citizens, one should decide more at the national level in terms of what is okay or not. Should municipalities use social media to inform or keep in touch with the inhabitants? According to Kins, a “National Resource Center for Privacy and Information Security” should be established.

The bullet points in the presentation from Kins include:

  • National challenges cannot be solved by the municipalities alone
  • Legislation must provide a clearer basis for treatment
  • Municipalities are usually not equipped to fulfill their responsibilities on privacy and information security
What about privacy in schools?

Since the municipalities are not equipped for good privacy, one cannot expect that privacy is top-notch in the schools, because it is the municipalities that own most of the schools. The questions asked about how municipalities can communicate with the inhabitants can also be addressed when it comes to schools’ communication with pupils and parents. The Norwegian Data Protection Authority (Datatilsynet) has left Facebook because the channel has insufficient privacy. Should, or must, schools do the same? Or is it okay for the teacher to ask parents or students to meet on Facebook?

In 2020, Barnevakten called for national guidelines for schools’ digital student solutions. Parents should be entitled to know how their children’s data is processed and who can see the data. Among other things, we presented these points:

  • What the teacher can see/share
  • What other employees can see/share
  • What students can see/share
  • What the vendor can see/share
  • What parents can see/share
  • Who can contact the child in the solution
  • What is searchable when the student leaves
  • How secured data storage you have
  • How safe routines you have

The think tank Agenda also believes that the personal data of the students must be better secured.

EU is tightening up

In addition to the GDPR rules, the EU is creating new rules this year. The EU is also critical of European personal data ending up on US servers at tech giants such as Facebook, because US authorities have the right to read this personal data. There is already a several-year-old ruling called Schrems II that states that it is forbidden to send European personal data to the United States.

The same applies in China, where every citizen has a duty to become a “spy” at the request of the authorities.

That could, in theory, mean that Facebook and other giants cannot offer their services in Europe in the long run. Meta, which owns Facebook, wrote in its annual report that this could be the conclusion. Later, Meta wrote that the company has no desire to withdraw from Europe.

Tiktok is more explicit, the company says it will adapt to European laws and possibly lay its own servers in Europe. Tobias Judin, section head at the Norwegian Data Protection Authority, stated this on Dagsnytt 18, 10th February 2022.

The EU is thus tightening its grip on privacy and giving citizens greater digital rights. Norway will copy this over to Norwegian law. And then the municipalities will have to adapt to the new rules. This means that schools must also update themselves. And that could ultimately mean that schools can’t use, say, Google’s digital school solution.

Skolesec

In Norway, the municipalities have joined together on the Skolesec project. The goal is to strengthen privacy and information security related to digital learning environments. Skolesec, for example, has created a process map and a guide that can help with the creation of computer solutions. Some videos have also been made for parents. Those videos will explain privacy in school.

More than privacy

Privacy often concerns basic personal data such as name, telephone number, and the like. But in the digital school solutions, students leave much more. They chat with each other, check how many remarks they have received and leave school assignments in the form of texts or films, and there they may express their own opinions, or one can see what academic level they are at. Or if they stutter. Or if they wear the hypermodern expensive jackets. What about the security of the extended concept of privacy?

Read more about privacy:
What can parents decide in the digital school system?

(First published on 10.2.2022. Translated by Ratan Samadder)

Utviklet som en del av Erasmus+ prosjektet «TeachingTools».