JISCMail - DATA-PROTECTION Archives

Dear John,

I am working on a statement on student use of personal data for the
Scottish Higher Education Information Practitioners Group.

In your scenario the university is not the data controller because when a
student undertakes a course of study with the university they do so for
their own personal purposes (most obviously to obtain a qualification).
The student is not an employee or agent of the university and does not act
on behalf of the university.  The student decides what work he will do, the
way in which he will do it and what he will include in his final write up.
He must make these decisions himself in order to prove that he is capable
of degree-level work.  Thus the university cannot be the data controller
for the personal data processed by the student in the course of his studies.

The university will become the data controller for the personal data
contained in the write up once it is submitted for assessment, because from
that point the University will be processing it for its own purposes (for
example to determine what grade the university should award the student).

I am interested that you have discounted the s.36 domestic purposes
exemption.  I would be interested in your reasons.

The situation is different for research students who process personal data
whilst working on a project led by a university research group.  In this
case the university is the data controller because it decides the remit of
the project, not the student.

Anne


On Thu, 2 Jun 2005 11:28:55 +0100, Hitches, John F
<[log in to unmask]> wrote:

>I would appreciate indications of how other educational establishments
>regard the use of personal data collected by students as part of course
>projects etc..
>
>
>
>Scenario:  A student undertaking a particular assignment decides to
>collect personal data related to his study topic. Is that student the
>data controller or is the University?  We take the view that
>intellectual property rights in student work rest with the student and
>therefore our instinct is that the personal data is in the control of
>the student and the student is therefore the data controller.
>
>
>
>If that is the case then should the student be notifying under the Act
>(and is the OIC ready to receive notifications from thousands of
>students)?
>
>
>
>On what basis, if any, could the university be regarded as the data
>controller?  Perhaps if they are telling the student what data to
>collect and what to do with it but it is less clear if the student is
>determining the processing of the data.
>
>
>
>Or do other institutions regard themselves as owning such personal data
>and therefore put themselves in the position of data controller - I
>suppose then the question arises as to whether the student is a data
>processor and there should be a written contract in place!
>
>
>
>The situation may usually be clearer for post-graduate students and
>especially if they are involved in research which is either sponsored by
>a third party or led by the University.
>
>
>
>We have discounted a section 36 exemption as not being appropriate in
>this case.
>
>
>
>Any thoughts much appreciated.
>
>
>
>John Hitches
>
>Kingston University
>
>
>
>
>This email has been scanned for all viruses by the MessageLabs Email
>Security System.
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask]
>            All user commands can be found at : -
>        http://www.jiscmail.ac.uk/help/commandref.htm
>Any queries about sending or receiving message please send to the list
owner
>              [log in to unmask]
>  (all commands go to [log in to unmask] not the list please)
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^