Report of public debate on children & privacy

How can children still develop freely and safely in a learning environment where everything about them is digitally stored and can be shared?

Public debate Children and Privacy                                   Photos: Bertus Gerssen

On 17 January 2018, Privacy First's New Year reception and our public debate Children & Privacy took place at the Volkshotel, also Privacy First's office location, in Amsterdam. This evening was largely dedicated to a topic of growing concern to Privacy First: the privacy of our children in an increasingly digitalised world, especially in education. How can children still develop freely and safely in a learning environment where everything about them is digitally stored and can be exchanged? What data processing takes place in education, what risks are involved and what measures can be taken to safeguard pupils' privacy? Successively came Bas Filippini (chairman Privacy First), Huib Gardeniers (Net2Legal), Simone van Dijk (Privacy First), Arda Gerkens (Senate and Internet child pornography hotline) and Iris Hoen (Wille Donker Lawyers) speaking. Below is our report:

Bas Filippini - chairman Privacy First

Privacy First has now been up and running for nine years and in 2017 received structural funding from the Democracy and Media Foundation and Adessium Foundation, among others. This gives us room to invest in the organisation, which allowed us to expand last year and hire Robbie van Herwerden for structural research. This gives us a basis to make the discussion as factual as possible in a debate where emotions often run high. Furthermore, our board has expanded to include Paul Korremans, bringing us closer to a three-member board.

Our focus last year was mainly on political lobbying on the topics of Automatic Number Plate Recognition (ANPR), the new Intelligence and Security Services Act (Wiv or Sleep Act), the Computer Crime III bill ('police hacking act'), the System Risk Indication (SyRI, risk profiling) and horizontal privacy, or inter-personal privacy. We campaigned for the referendum against the Sleep Act and provided input on the Dutch privacy situation at the UN Human Rights Council. In addition, 2017 also saw legal cases conducted or supported by Privacy First, including around the Arnhem waste card, the OV-chipkaart, EPD/LSP, the 'Citizens v Plasterk' case, route controls, license plate parking and the right to cash or anonymous payment.

We sympathise with the banks on PSD2; we believe this has not been well thought through and find it a thorny issue that the bank data exchanged includes third-party bank data. In 2018 comes the AVG (General Data Protection Regulation), where we welcome that this has increased interest in privacy. On the other hand, we must be careful not to think that the AVG will get us there. The discussion risks narrowing to 'privacy = data'. However, privacy is more than that. It is the principle basis of our democratic rule of law.

Children and privacy

We are currently moving towards a surveillance society with a Digital Life File from birth. However, it is important for human beings that you can and may make mistakes and that you can and may learn from your mistakes. That right of privilege that you will not be confronted in 5, 10 or 15 years with a mistake you once made is part of the learning process. The questions we are asking are: what is currently happening in terms of children and privacy, what exactly are the rules here and how are they being handled? If we give children more privacy awareness, they will be better able to deal with social media.

Huib Gardeniers - Net2Legal

Huib Gardeniers was moderator during the evening. Gardeniers has been involved in the topic of privacy since the late 1980s. Since those years, the subject has grown and awareness has increased, but we are not out of the essential issues yet. Lawyers have 'hijacked' this topic, but privacy is not about lawyering. Privacy is more than data protection alone. Privacy is also ethics.

One of Gardeniers' avocations was that he had been asked by a ministry to chair a Table for Privacy as part of a breakthrough project 'ICT and education'. This was a broad project to promote ICT in education. He found it a very interesting development, where he felt that the different parties at the table did not really realise what the others were doing. The different education parties, such as the VO-raad, PO-raad, suppliers and schools were sitting around the table listening to each other on this topic for the first time. From this it actually emerged that nobody knew exactly who was allowed to do what with the collected data. So this was one of the recommendations made. It was soon picked up by the press and from this Parliamentary questions followed and the Minister indicated that a Covenant had to be drawn up within three months. This Covenant is actually characterised by one thing and that is division of roles. The essence is that schools are responsible for their own data and that the publishers, suppliers, distributors and school information systems are the implementers for the schools. So those cannot independently decide what happens to it. In short, who is responsible and who gets to do what exactly with the data. This Covenant has been widely taken up, but much more needs to be done in this journey.

Other parties, such as the school and suppliers, are often looked at. But often we don't talk about the parents themselves. And that's where the shoe pinches a bit. We step over ourselves a little too easily. To illustrate, a fragment from Black Mirror, a Netflix series, shown. This shows that, in response to a parent's anxiety, control often follows.

So too with school information systems such as Magister, which allows parents to check online with their children. With that, there is an app that allows you to get push notifications when there are new grades and when there are absences (truancy). There are parents who use that and check everything all the time. In other words, there is plenty happening around us that we can influence ourselves.

Simone van Dijk - Privacy First

Simone is a concerned mother, and sometimes an anxious one, when she sees the possibilities of child tracking and its use. She worries about her child's privacy and especially the lack of it. She has always been concerned about privacy. A real-life example was recently at the Hema: "Would you like a Hema loyalty card?" "No thank you." "Why don't you want one? But then you will get a discount!" "I don't care about that." "But then why don't you want one?" "Well, just because I don't want to give my details to you." To which the cashier said, "Well madam, I am curious to know what you are up to then." Perhaps next time she will ask, "Well ma'am, may I have your address, phone number and e-mail and do the details of your children at the same time. Where are they at school?" To which security would probably soon come to her, asking her to stop being intimidating.

And that happens as a parent too. When Simone's child went to school, she encountered the digitalisation of education and found herself in all kinds of situations about her child's privacy. And when you want to protect your child's privacy, you don't get thanked. The school did not think privacy was very important and the questions were mostly just annoying, and also a reason to choose another school. Still, she wanted to know exactly what was stored about her child. This was not answered by the headmistress, but by the coordinating director of the comprehensive school, asking her to stop bothering the headmistress with such nonsense.

So too with the data stored at the library, about which Simone recently had a column wrote for Privacy First. She had indicated that she did not want her child to be enrolled and track what books were being read. As an interim solution, her child was allowed to borrow books on the teacher's card for a while, but was soon given the ultimatum that her child could join or not. Despite no permission being granted for this, her child was still enrolled at the library. The data stored in this process was not only name and address, but also the school group. Why does the library need to know this? If a child stays on, is this known immediately to the library, and who else, really? When, as a parent, you speak to these parties, such as the library and the software vendor, there is laughter about, "what do you really want" and "you think it's important for your child to read books too"? And that is certainly important too, but even more important is not systematically recording which books are borrowed and that others, such as the teacher, can see that and can also be shared with third parties. People find it weird when you ask questions about that. As a parent, you are put down as a whiner, but when you see all these parties want to know about a child, you are not a whiner.

As a parent, Simone wants to have access to her and her child's data herself. Without having to have discussions about it, and where there is a choice about which data is processed. As a parent, you are forced to go along with digitalisation. Simone is now active at Privacy First and her mission is to make parents aware. And in doing so, also look to schools, libraries et cetera, that they become aware of exactly what they process and whether it is all necessary. "Look from the child's interest instead of what is legally allowed!"

Also read the columns Simone has written for Privacy First:
It actually started in preschool
Is digitisation in education really necessary?
Big Brother in the library

Arda Gerkens - Upper House and Internet child pornography hotline

People often shout "youth has the future". This statement is often used by somewhat older people, but Arda Gerkens no longer uses it. Mainly because this statement is far from true when it comes to the digital world. We are quick to say that children know much better and are faster than the older generation when it comes to the internet. We leave important decisions to children because the pace we move at is too fast. It takes time and attention to grasp the consequences of the digital world, and we have too little of that time and attention. We let our children loose in a world we cannot really oversee.

It is also very cute to see a little child playing with an iPad, isn't it? Like in the KPN advert, where the little one suddenly talks to grandpa on the other side of the world. Cosy chatting with grandpa, the sun coming up, connecting with each other, beautiful right? Arda thinks this is also very nice, but is glad that the child has clicked on grandpa and not another person who may have very different intentions. Because that does happen, that children are seduced via an iPad into doing other things. Arda sees this in her work and it happens close by.

Who used to have a diary? And what was important in it? A lock, because what you wrote in it had to remain private. And actually no one else ever read that diary. That's not necessarily because of the lock, because it's actually just a lame thing and not a good security measure. You decide who can read in it and what you tell from it. You have control over this information. And we have lost that control now, and that's not doomsday, that's a fact. We have lost that control from an early age, because we use webcams as baby monitors or a webcam at nursery, and every movement of children is increasingly recorded with them.

As a parent, you undoubtedly know that moment when you come around the corner while your child is playing, and your child feels unspoiled in that moment. That is a beautiful moment and then you see such an individual, such a human being, in all his innocence. It often only takes a moment until the child realises that they are being watched and then they are gone. That wonderful moment of being able to be unprotected is pure innocence what you see then. The behaviour we have changes when we are aware of the environment we are in. Soon the whole world will be watching when a child is immersed in play. You may not realise that immediately as a child, but later when you get older you will. And the question is, what does that knowledge do to the child's development? What if those images from the schoolyard, which showed you hopping like you were on a horse or smoking shaggies and hanging against the wall, were now to appear on YouTube? Would you laugh at it or be ashamed of it? The older generation would not know, because those images are not there. These images sit in our memory in a very nice place.

Young people do not have the future at all, that future is out of our hands. As parents and as educators, we now decide what information is shared about their lives. Information that is indelible, that can surface all the time, that can trigger misinterpretations. One mistake in interpretation and your future could be in tatters. And that too is not doomsday, that is a realistic scenario. We don't all have a free choice to make that decision, especially if we can't oversee the consequences of using a webcam, for example. And if parents are not well informed about this and cannot make informed choices about it.

And even then, Arda speaks weekly to parents who have taught their children about the risks of sexting and even then those children have done so. So even with informed parents, who guide their children very well in this, you still see that things can go wrong.

What this digitisation is actually doing to us, we don't really know. It is a development that is going very fast and it is a development that surpasses human thinking and in the process we are also relinquishing a piece of control. Youth does not have the future, that future lies with us. We are shaping the future and laying the foundation, so we need to start thinking about the possible consequences of our choices. Consider all scenarios, build in peace, weigh ethical dilemmas and don't leave everything to the market. We can ensure that children have control over their own lives, their thoughts, their play, their missteps and their successes. With that, they can live in freedom and make their own choices.

Iris Hoen - Wille Donker Lawyers

The new General Data Protection Regulation (AVG) is bursting with ethics, Iris Hoen also argued at the recent symposium of the Dutch Educational Law Association. The AVG contains many codified ethics from human rights treaties and OECD legal principles. With that, Iris has also come to like the AVG more and more. Despite all the flaws that can undoubtedly be mentioned, this AVG is not so crazy yet. She agrees with the other speakers that privacy is more than data protection law, but without data protection law, at least in this digitised society, we have no privacy.

Education has a lot to do with privacy and therefore also with the AVG. Iris has been working as a privacy lawyer and advocate for 15 years now. Education has to deal with complex situations, but she sees that the will is there in schools to arrange things properly. In the process, she also assists hundreds of school boards in implementing the AVG, which also raises ethical questions.

What is difficult for schools is that they are not an island unto themselves, but are tied to a lot of partners. They are obliged to be in all kinds of partnerships and schools are obliged to request and provide information to the Education Inspectorate. In short: schools are a spider in a web, where they have to request and share all kinds of data according to the law.

It starts when a child registers at school. The application form contains all sorts of questions and schools are now looking at this with a critical eye. What should be on the form and what can be taken off? Previously, schools asked everything they thought might be useful. Now schools are rethinking this and thinking: maybe we don't need to ask that at all.

Where the law says that the school may also request information, without prior parental consent, from pre-school education such as playgroups, they may. They should, because schools have been made responsible for appropriate education since 2014. If you make that dependent on parental consent, it already stops, then it becomes difficult for a school to offer appropriate education. This does not mean that schools can just 'shop around' for information: requesting information from other bodies still requires parental consent.

Schools have an information obligation to parents to tell them how they process information received. The AVG distinguishes between information they receive from parents themselves and information from other parties. Schools also process a lot of special personal data, especially health data. Health data is a broad term under the AVG and includes, for example, IQ and medical conditions, as well as whether a child wears glasses. And the school writes all that down, with regard to glasses just to be able to let the PE teacher know, for example, that a child without glasses should watch out for ball games.

Student performance must be stored by the school, as the school must have a student tracking system. If the school does not, there will be no funding. Initially, the AVG says: processing special personal data is not allowed. Unless there is parental consent or a statutory exception applies. The AVG Implementation Act provides two exceptions for schools and partnerships to process health data for the purpose of special guidance of children. But what exactly does special guidance of pupils mean? It is not easy for schools to make this consideration: what is allowed and what is not? Therefore, the AVG does not give a direct answer to this and is more of an open standards framework, where schools have to make their own considerations and, above all, have to answer to those involved, the Personal Data Authority, stakeholders and the participation council. The participation council has a right of consent on regulations involving the processing of personal data. So the participation council must be involved in those deliberations.

If a school notices that extra guidance is needed, the school is obliged to seek expert advice. In the past, a pupil file would then often be briefly emailed to a partnership. Increasingly, schools have software where data is uploaded anonymously and a partnership can again download the pupil file anonymously. Schools used to be unable to request advice without passing on the BSN number, even though officially they were not allowed to do so, otherwise the system would not work. Schools are quite willing and it is not all unwillingness, but the systems do not always cooperate. Incidentally, this does have attention. For instance, Kennisnet (a knowledge institute in the field of ICT and privacy for the education sector) is sitting down with all those suppliers to adapt those software packages so that they do comply with the AVG.

Advice to schools indicates that schools should consider on what basis they request and process data and whether they need parental consent to do so. And to work on the provision of information and to indicate why data are processed, what data are used for this purpose and whether all this data is necessary and whether it could not be an ounce less. In addition, which systems are used and whether they are secure. And with whom will the data be shared, couldn't it be under a pseudonym? Also by anchoring these considerations in regulations and informing parents about them. Iris Hoen is convinced that if parents are well informed, they are also less likely to tend to say no, because it is also often in the child's interest to be advised on their support needs.

If a child changes schools, the school is obliged to send the education report along. The following also have access to pupil data: the compulsory attendance officer, the Municipal Health Service and the municipality. Based on the law, they are allowed to request data from the school. Since August 2017, the GGD no longer has to request this through the school, but receives this information directly through DUO. The school's obligations to share data are in the sectoral education laws that are also the funding conditions. And then you can immediately see the trap in which schools find themselves.

In many cases, psychologists and remedial educationalists are not employed by the school, nor do they work for the school. They are partners, and they themselves are data controllers under the AVG. So it is also not the school that has the right to access that information, it is up to the parent to decide exactly what information is shared with schools. Iris therefore advises schools to use only the conclusions of the reports, as it is often not necessary to have the medical record. If a child is diagnosed with ADHD, the educational recommendations are enough, you don't need to have the entire report for that. With a peanut allergy, it may be different and then it does make sense that that information is available to all teachers.

This is a brief insight into Iris Hoen's work, in which schools often ask her "what am I allowed to do" and which she answers with the counter-question, "what would be wise to do and ethical to do. Take that as a starting point and then go and see if that fits within the legal framework." That is an approach that is catching on.

Some of the questions from the audience to the guest speakers:

Q: Question for Iris Hoen: is a child still asked for something and when does he or she have to give consent themselves?
A: A child is a minor and is therefore under the authority of the parents and they determine and are the contact point for the school, not the child itself, which is the legal system. When the child turns 16, the child - and no longer the parent - is asked for permission for certain data processing. These are data processing operations that should only take place with prior consent. It is important to recognise that schools do not have to ask parents for prior consent for all data processing and therefore will not do so when their child turns 16. Arda Gerkens notes that schools often involve children themselves in the child's development from group 8 onwards and also involve them in parent meetings and the like.

Q: What about student tracking systems, is that open source, where is that data stored, etc.?
A: Iris Hoen answers that there are different types of student monitoring systems, the largest of which are Magister and ParnasSys. Magister's servers are in Groningen. That data stays there and does not go abroad. Schools should ask more questions than just where the servers are, but also whether the data processing is done securely. About setting up access: Magister still has too few possibilities to set up the software optimally. For instance, deletion still has to be done manually. Internal access control could also be improved, according to Iris Hoen.

 

Click HERE for the invitation (pdf) that Privacy First sent to its network for this event. Would you like to receive invitations to our events from now on? Then send us a message, then we will put you on our mailing list!