Privacy covenant developed and undersigned by schools and suppliers in Netherlands

Type: Project | Country:

A privacy covenant to protect personal data and provide safeguards for proper usage of personal data in education has been made in the Netherlands. It contains a set of agreements on how personal data should be handled when using digital learning tools/materials and digital testing. The privacy covenant has been undersigned and developed in collaboration between school representatives and the major suppliers of digital learning tools/materials, student information systems, distributors of learning materials and ICT support suppliers.

The creation of the covenant is part of the so-called Education & ICT Breakthrough projects. The latter project, set up by the Ministries of Education and Economic Affairs and the sector councils, is meant to remove obstacles and barriers to personalised learning.

A model contract has been also been made as a part of this covenant. The agreements in this model contract will form the basis for agreements between schools and suppliers. The model contract describes what can and cannot be done with personal. It limits the use of personal data to the goals for which a school has given authorization. This limitation is in force during the running time of the contract and in the occasion that a contract expires or is terminated.

A supplier also has to provide an overview of the categories of personal data it will use and process, and forms a part of the agreement. The model contract also explicitly states that personal data obtained by suppliers cannot be supplied to third parties unless explicitly allowed by an educational institution, or when it is required by law to do so.

The covenant and contract are not a static document never to be changed again and will be updated as future developments or insights will create a need for this, but it does set out a baseline for everyone to agree and work on. Concerning the usage of pseudonyms the covenant states that educational institutions and suppliers will endeavour to use this mechanism when exchange of personal data occurs between these parties. It also states that the exact way, by whom and at which pseudonymisation will take place while be agreed upon in a process where all the stakeholders are at the table with the aim of updating the covenant when that happens.