Guide to Learning Analytics under the Personal Data Protection Act(Publicatie)

Edition 2017 When an education institution processes personal data, it is subject to the Personal Data Protection Act. This raises questions as a result of the novel character of learning analytics: what is the significance of this Data Protection for the collection and use of information? A guide on this issue has been drawn up and translated into practice.

05 JUL 2017

Learning analytics uses personal data

Learning analytics is the collection and analysis of data from learning environments in order to improve students' learning process. This information is made available to various stakeholders, such as the students themselves, lecturers or degree programme managers. This enables you to better understand and improve the learning process. However, the collection and analysis of data involves the processing of personal data: data that directly or indirectly tells us something about the students involved. This is subject to the Personal Data Protection Act (Wbp).

What you should take into account when using personal data

This guide tells you what you should look out for when collecting student data in order to improve the learning process. Firstly, we will clarify what is meant by personal data and what you are permitted to do with it. We will then address the requirements that you must comply with in order to collect personal data. We will examine the preconditions for data processing and your obligations, in the area of security and disclosure requirements for instance. Furthermore, the guide informs you of the issues you must take into account when using the services of third parties. The requirements relating to data storage are also addressed. The guide concludes with a step-by-step plan.

Edition 2017

SURFnet has incorporated various additions in this new edition, including the following topics:

  • SURF has prepared an information security standards and testing framework based on NEN 27001. See: SURFaudit.
  • SURF Processors Model Agreement - SURF worked with educational institutions to prepare a Processors Model Agreement as part of the SURF Legal Framework for (Cloud) services.
  • The supervisory authority’s policy on the duty of disclosure in the event of data leaks helps organisations to determine whether there is a data leak they need to report to the supervisory authority and possibly to the parties concerned.
  • To store personal data outside Europe – separate rules
Result of:Learning analytics
Number of times shown:
Number of times downloaded:
Latest modifications 05 Jul 2017