Karlsruhe Institute of Technology Sets Standards for Privacy in School Information Systems

Information systems such as learning platforms, chat programs or video tools are playing an increasingly important role in everyday digital school life. However, there are often concerns about their security in terms of data protection. Researchers at the Karlsruhe Institute of Technology (KIT) and the University of Kassel want to remedy this with a data protection certification in the DIRECTIONS project (stands for: Data Protection Certification for Educational Information Systems) and ensure greater security for information systems in schools. The participants have now published a catalogue of criteria that serves as the basis for the first official certification in the education sector.

“Data protection in schools is a big issue when it comes to new technologies.
Digital networking makes it easy for users’ personal information, especially that of students, to be misused,” says Professor Ali Sunyaev from the KIT’s Institute for Applied Computer Science and Formal Description Methods (AIFB). A new data protection certification, developed for the first time for the education sector, is intended to ensure greater security in data protection. “Such certifications represent essential proof of legal compliance. The DIRECTIONS certification is the first data protection certification in education that can prove that all the requirements of the systems comply with the General Data Protection Regulation (GDPR),” says Sunyaev.

Catalogue of criteria for compliance with data protection

To ensure compliance with the GDPR, scientists at KIT and the University of Kassel have developed a catalogue of criteria. This presents data protection criteria that providers must comply with in order to obtain data protection-compliant certification. “The catalogue is 166 pages long and lists, for example, the rights and obligations of the system provider as well as requirements for system design or data processing outside the EU,” explains Dr. Sebastian Lins from the AIFB at KIT. “The catalogue is considered a milestone in the project, as it forms the basis for the voluntary declarations of commitment and certification. What is also special here is that it takes into account not only the GDPR but also the state school laws.”

Transparency and security in the education sector

The researchers want to test the DIRECTIONS catalog in practice with selected providers of school information systems in the near future. The aim is to be able to use the DIRECTIONS certification as a reliable certification for school programs in the future. “Teachers and those responsible at schools are uncertain about the integration of new IT programs into everyday school life. Data protection requirements are often strict and complex. There is a lack of knowledge and time to check everything accurately,” says Eva Späthe from the AIFB of KIT. “With our reliable certification, schools could put aside their concerns about IT programs because it creates transparency and security,” adds Sunyaev.

The BMBF is funding the project with around 6.2 million euros from 2021 to 2027. KIT will receive almost four million euros of this. The University of Kassel, datenschutz cert GmbH and Trusted Cloud eV are also involved in DIRECTIONS.