#OpenBlog19 – Dag nabit, I wish there was a tool that… (which is GDPR compliant)

Image credit: CC-BY el cajon yacht club  https://flic.kr/p/fyLQzJ
Image credit: CC-BY el cajon yacht club https://flic.kr/p/fyLQzJ

David Hopkins has come up with an interesting initiative for a ‘pay it forward‘ blogging/writing challenge:
The premise is simple … once nominated you will be presented with a title or theme with which you can write about. You can write this on whatever medium you like or prefer to use (blog, LinkedIn, Medium, etc.), use the #OpenBlog19 hashtag,
From this Rachel Challen challenged me:

A very fitting topic given shortly after I started writing this blog the topics that interested me and I wrote about were around hacking services to put an edu spin on them. Areas I wrote about included looking at how features of Twitter like SMS notifications could be used for a classroom broadcast, various service hacks for student voting systems and how tools like Evernote could be used as a personal portfolio solution.
Nowadays my role has changed to be less learning and teaching focused, but once a maker always a maker. I’m undecided if the same opportunities in Web 2.0 still exist today. While tools like Yahoo Pipes have long disappeared there is still plenty of stuff you can do for ‘free’. IFTTT is one that immediately springs to mind, but for those who have followed my more recent writing will know that my go to tool for making stuff is Google Apps Script.
A recent change that I know is vexing many in the sector is GDPR. Before if you wanted to make and share something like a new Google Add-on there were fewer legal responsibilities when handling personal data. As I’ve previously written about there are now clear responsibilities for both the developer and educators if they are recommending particular add-ons. Don’t get me wrong I think overall GDPR is a good thing, but increasingly I hear ‘Dag nabit, I wish there was a tool that… which is GDPR compliant’.
What does this all mean for the future then? Will there be less exploration around the tools to support learning and teaching? Are we going to be locked in to fixed provision? Before predicting the death of Education x.0 some things to remember*:

  • GDPR applies to personal data
  • 3rd party services and personal data transfers are possible as long as the data controller has written instructions (Data Processing Agreements (DPAs)) in place
  • GDPR only applies to systematic data processing activities – occasional processing is permitted without a DPA (a Data Processing Impact Assessment (DPIA) will more than likely still be required)
  • if not processing** other people’s personal data you are not a controller or processor potentially negating the need for a DPA and DPIA
  • your Data Protection Officer (DPO) might have policies in place your using 3rd party services e.g. see some of the ways Kingston University London are using padlet, PeerWise and TEAMMATES

* my non-exhaustive, back of the napkin list – not formal legal guidance
** GDPR has a very broad definition of what is ‘processing’
Whilst the enforcement of GDPR is almost a year old now it’s an area where I still see a lot of work is required and if you’ve got other solutions for this particular problem I’d love to hear from you 🙂