In schools, for students / pupils then Public Task would be appropriate but the DPIA would be needed. Article 8 (ECHR) has to be part of this, but other considerations are needed (KCSIE, etc.)

 

For staff, there would have to be shown to be considerable need and even then you would be asking why those needs are not dealt with by other means (Safer Recruitment, password security / training, etc.). This is one reason why most systems that including monitoring in schools have the functions to turn off aspects depending on device or who is logged in.

 

 

Tony Sheppard CIPP/E

--

Head of Services

GDPR in Schools

 

From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Simon Howarth
Sent: 16 August 2019 10:15
To: [log in to unmask]
Subject: Re: [data-protection] Key Logging

 

Of course it would be the same for students!

 

Why would it be any different. Would not the rights and freedoms impacted by putting this technology to work on staff devices be the same rights and freedoms of the students?

 

I think there is an issue of proportionality and the covert surveillance nature of the activity strikes me as unethical, regardless of any legalities. Even if students are informed, what would be the legal basis for implementing this technology. I can’t see it passing a LIA, consent would not be appropriate.

 

There is also the issue of who reviews what information and when and what is done with that information under which circumstances.

 

 

Simon Howarth.

 

 

From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Kat Kuzmin
Sent: 16 August 2019 09:28
To: [log in to unmask]
Subject: [data-protection] Key Logging

 

Hi all,

 

The use of keylogging software  on student machines to provide evidence with issues such as cyberbullying, using proxy sites,  inappropriate use of the Internet is being used only when suspicion arises. However, discussions are taken place to roll this software out across all college-owned devices (including employees). The keylogging issue has been raised after a rollout of a “Run,Hide,Tell.” alert on all college-owned devices.

 

The Working Party stated that logging employees’ keystrokes or mouse movements or capturing screenshots in remote working scenarios is highly unlikely to be justified based on legitimate interest of the employer and such monitoring technologies are typically disproportionate. Would this not be the same for students?

 

Any views would be appreciated!

 

 

Kat Kuzmin

Data Analyst /Data Protection Officer

Havant & South Downs College (HSDC)

 

**This message may contain privileged and confidential information. It is intended solely for the person to whom it is addressed. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you are not the intended recipient, please notify the sender and delete the message immediately. The text in this e-mail and any attachments should not be published, altered ,copied, disclosed ,transmitted or tampered with in any way, unless expressly authorised by the sender. Any views expressed in this message are those of the individual sender and do not necessarily reflect the views of Havant & South Downs College. The college has made reasonable effort in ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email.**

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)