In the meantime, the new school year has started at all German schools. On this occasion, c’t editor Holger Bleich and Heise legal advisor Joerg Heidrich devote themselves to data protection in schools in the new episode of the interpretation issue podcast. They are competently assisted by Dr. Daniel Sandvoss. The lawyer teaches as a university lecturer and took over the management of the Institute for Digitization and Data Protection ID2 in 2018. Sandvoß did his doctorate on the subject of data protection and schools and was involved in the development of the school cloud in Lower Saxony.
Daniel Sandvoß in the c’t data protection podcast A matter of interpretation
According to Sandvoss, data protection in schools is not good. He compares the situation with a half-torn building block tower, even a “heap of rubble” that lacks the master builders. Schools are currently unable to implement much of what the GDPR requires. In particular, the documentation requirements would not be met; there is a lack of processing registers for which risk analyzes would be necessary.
Sandvoß emphasizes that schools handle particularly sensitive data in accordance with Art. 9 GDPR. In sex education lessons, for example, it is also about sexual orientation, in religious education lessons about religious affiliation, and in politics lessons about political orientation. Mostly it is about the processing of data of minors, which makes the situation even more explosive.
On the other hand, according to Sandvoß, there are overwhelmed school managements who, according to data protection law, act as responsible bodies for data processing, often without knowing it. Schools often receive little concrete support from the municipalities. There are no fines because schools are public bodies. However, supervisory authorities can issue decrees or orders, such as prohibiting the use of certain software.
Here are all the episodes so far:
To home page