Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Rhineland-Palatinate: LfDI addresses videoconferencing system used in schools
The Rhineland-Palatinate data protection authority ('LfDI Rheinland-Pfalz') issued, on 6 January 2021, a statement on the Big Blue Button videoconferencing system ('the BBB System') used in schools for home education. In particular, the LfDI Rheinland-Pfalz outlined the advantages of using the BBB system, noting that it is an open-source solution that enables you to operate it under your own complete control and on your own systems, and that the transmission of usage data to third parties or their use for advertising purposes can be avoided.
However, the LfDI Rheinland-Pfalz highlighted that when schools use non-European video conferencing software that various data protection problems arise, including that the transmission of telemetry and usage data cannot be avoided and so it cannot be ruled out that data on who, from where, for how long, with which device and in what way participated in a video conference and which IP address was used may be used inappropriately. The LfDI Rheinland-Pfalz further outlined that, in view of the current exceptional situation and existing technical problems, it is justifiable for schools to use video conferencing software from outside Europe in the current school year in order to fulfill the educational mandate of home education.
Moreover, the LfDI Rheinland-Pfalz highlighted that the temporary use of American video conferencing systems is acceptable if the following points are followed:
- Solutions from US providers that are already in use must be operated on the school's own systems, or if a service provider is used as part of order processing in accordance with Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), the data must be processed on systems of German or other European providers. In addition, the solutions must be configured in a data-saving manner and used with pseudonymised access data assigned by the school, and the use of the usage data for advertising purposes is contractually excluded.
- The users must be informed in accordance with Article 13 of the GDPR.
- The option provided for in Section 1(6) of the School Act to provide for the mandatory use of digital teaching and learning materials is waived. If parents or students expressly object to the use of American software products, equivalent courses must be made available.
You can read the statement, only available in German, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
