Entorns Segurs (III): the main findings of the study
In recent years, technology has become an essential component in education as an educational tool and as a key element for the organization and management of data in educational centers.
Although the implementation of the technological component in educational and administrative processes is involved in a positive discourse about the usefulness and the improvement that it implies for the entire educational community, from Eticas we observe how these technologies are associated with certain problems that have not yet been explored with sufficient depth. In many cases, these problems have to do with the fact that many of these technological systems generate and manage large amounts of personal data, alter social relations or introduce commercial services in educational environments.
It could be argued that these are not new topics for schools, as these have always been spaces where large amounts of data on minors have been collected-age, academic notes, learning difficulties, etc.-; nevertheless, the novelty in these days is that the digitization of this information generated by new technologies, bursts with a different nuance in terms of intensity and in terms of the quantities in which they are collected. Even who can become part can pose an added problem: at any time and regardless of the years that have passed, these data may be used and sold to third parties, becoming susceptible to be used for any purpose other than the improvement of educational processes.
From the Entorns Segurs project, supported by the City Council of Barcelona, we had the opportunity to study these issues in secondary schools in the city in which we can see the proliferation of numerous experiences and initiatives, both public and private, that have accelerated the implementation of technologies in the daily lives of students, teachers and administrative staff, which justifies their analysis to a higher level.
In methodological terms, we began the study by reviewing the existing literature on the technologies used in educational contexts and the experiences in other countries in relation to the problems identified in the generation, protection and privacy of data. In this first phase we find important keys for the knowledge of this reality, among which two stood out:
- The data protection laws are the main mechanism to guarantee the safety in the use of new technologies. However, the existence of them is not always accompanied by their knowledge and implementation;
- The lack of human resources (training), materials (protocols), which guarantee good use and management of the data may compromise the responsible use of technological tools and the protection of the information they collect.
A subsequent analysis of the data protection laws in force in Spain and Catalonia shows that in Barcelona (our field of study), regulations have been the main response to ensure that technology is used responsibly and privacy of the minors is guaranteed. But how can we ensure that the actors of the educational community know these legal procedures and that these are applied to all the technologies they use?
This question involved knowing intermediate processes that we wanted to explore. We needed to know, in the first place, what are the technologies that are being used in the institutes, who are responsible and what are the resources (legal and procedural) for their use and implementation and which were, in this sense, the most susceptible to a misuse. Secondly, it was about discovering how, through the identified technologies, students’ personal data and information are collected, processed, stored and eliminated by schools, a process known as the data life cycle. Third, we add a third dimension of a more subjective nature or relative to normative value judgments that includes considerations about acceptability, understood as the degree to which members of the educational community have been informed, have accepted and control the use of the technologies they handle, the information they generate and the use that is subsequently made of it.
To carry out this analysis and answer these questions, we designed a qualitative methodology that allowed us to know the opinion and perceptions of academic experts, as well as the usual practices and the intervention of the governmental authorities of the Department of Education of the Catalan Government, the Education Consortium of Barcelona and the Catalan Data Protection Authority, and the members of the educational community: teachers, school management, school administration and, of course, students, through interviews and discussion groups in four institutes of the city (two public and two private).
With this research we could see the increase of technologies in the secondary educational environments in the city and establish different types: i) administrative technologies (Clickedu, Esfer @), ii) institutional physical technologies for security and / or control purposes of the institutes (surveillance cameras, academic performance monitoring platforms), iii) learning and knowledge technologies used as pedagogical tools (Google Apps for Education, Moodle) and iv) information and communication technologies (social networks, mobile devices of the students).
We have been able to verify that knowledge about the legal framework in these environments is limited. A good part of the directive and administrative staff and of the teaching staff and the students of the Barcelona centers affirm that they are often unaware of the practices of the public administration and of the online service providers, as well as the technical aspects of data protection or the measures that they can be applied to guarantee the security of the systems they use in their educational practice. In general, a chain of trust is created that goes from the students to the teaching staff, from the teaching staff to the educational center and from the educational center itself to the administration itself.
It has also been observed a lack of knowledge about the risks that burst in the information society, where the omnipresence of data technologies leads to the normalization of the transfer of personal information unconsciously and without demanding guarantees that safeguard the right to privacy. It is thus observed, a conception of privacy reduced to the personal image and to the potential threat of figures such as the hacker. This makes it difficult to identify certain problematic situations related to digital identity and discrimination, the right to be forgotten, consent to the transfer of data, compliance with the purpose for which they were obtained, etc.
Due to this lack of knowledge, we have been able to identify some practices that could be compromising the privacy and protection of student data, fundamentally linked to informed consent – the institutes are failing to inform their students and families about the collection and transfer of personal data-, the limited security protocols and data protection implemented by schools – a relevant issue is the lack of systematization in the deletion of information collected in technology platforms, etc.
With this study we have also been able to reveal the progress of the companies providing technological services in the educational field. This situation warns of the need to empower educational centers so that future contracts established with these companies contemplate an ethical and responsible protection of the data that will be transferred through their products and services. Check key aspects such as data protection measures and transparency on how data is collected and stored, as well as the deletion of data, have to be established as key negotiation points in the outsourcing of services by the educational centers.
Summarizing, this study puts on the table the need to inform and educate the educational community about the implications that may imply a reckless use of the technologies with which they work on a daily basis, to introduce these subjects into educational plans, and finally, to continue advancing in the investigation of the issues addressed in the study.
To know more, read this report of the study: Safe environments? Data intensive technologies in BCN high schools