Digital sovereignty for educational institutions

From bad to worse

The Corona crisis has ruthlessly shown that the technical equipment and digitization of the German school system is far behind the modern possibilities. Many schools have tried to compensate school operations without classroom teaching as quickly as possible, using mostly cloud-based and often international solutions, without conclusively assessing central issues of data protection, security and sustainability. In many cases, it was necessary to react quickly and unbureaucratically in order to at least partially enable school operation in homeschooling mode, despite the fact that the GDPR considers the data of underage students to be particularly worth protecting.

Action required

In the meantime some months have passed. The time was used in many places to develop digitization concepts, to question previous procedures, to purchase additional terminal equipment and to improve the IT infrastructure.

Not every solution is sufficient

Government agencies, school boards and schools continue to rely heavily on US offerings in the IT and software environment. This is generally a problem, as the European Court of Justice (ECJ) recently declared the transatlantic Privacy-Shield Agreement invalid. As a result, data transfer between the EU and the USA is no longer generally regulated, there is no legal certainty and compliance with the GDPR cannot be guaranteed in many places. There is no guarantee that no data will flow off and be checked and analyzed by foreign authorities or passed on for marketing purposes.

Raising digital awareness

Especially in the educational system this is not comprehensible. On the contrary, an awareness of data protection compliance should strengthen the striving for independence from non-compliant technologies and significantly increase the importance of digital sovereignty in Europe.

“Made in Europe”

There are numerous alternatives that store data on German servers and ensure legally compliant data processing. Through the use of European technologies and cooperation with regional providers, legal regulations for compliance with the GDPR automatically apply. The decisive factor is not whether a technology is offered as an open source solution, but rather how and where the software is operated and if the manufacturers are subject to European legal requirements.

It is also important that newly purchased mobile devices are professionally secured and preconfigured with appropriate management and control solutions to prevent data abuse in the school.

Using compliant solutions

Our Mobile Device Management (MDM) Relution not only fulfills the necessary professional and technical requirements but also all legal aspects to ensure device management for tablets in schools. Relution centrally controls and manages all tablets in a class. The application can be operated intuitively by the teacher, requires little maintenance and makes the lessons a pedagogical experience through useful functions.

Relution can either be operated in the own infrastructure or purchased as Software-as-a-Service (SaaS). The risk of data abuse is considerably reduced by operating it in the local school infrastructure or in regional or municipal data centers.

Responsible handling of data

When integrating additional systems, care should be taken to ensure that only necessary data is exchanged between the systems in order to provide a consistent, EU-compliant overall solution. Ultimately, all participants involved are jointly responsible for ensuring digital sovereignty.