Privacy policy support

Privacy and data protection are of great importance for education and research institutions. Here you can read more about privacy and cloud, digital identity, lawful operational actions in ICT and the protection of students' personal data.

Privacy and cloud

Regulations of the Netherlands, Europe and beyond apply to cloud computing. Providers of cloud services are often based abroad. There is little legislation, regulation or jurisprudence in this area. An education institution seeking to purchase a cloud service will have to sign a contract with the cloud supplier. It is important to pay attention to the privacy agreements.

Some useful publications:

Legal standards in terms of confidentiality, privacy, ownership and availability with regard to cloud providers.

Main conclusion of the research: for higher education institutions in the Netherlands, it is important to gain and maintain a good understanding of the conditions of the justice and security services' access to the data and the associated risks.


New European privacy legislation has been in effect since 1 January 2016: the General Data Protection Regulation (GDPR). This has consequences for higher education and research. A special project group has been set up on this issue: the initiative group for Higher Education Privacy. This group documents the consequences and advises institutions on how they should interpret the GDPR in order to meet the legal requirements.

Privacy and digital identity

It is important for students and scientists to keep a close eye on their image on the Internet. How should students and academics approach their digital identity and that of others in a sensible way? Some recommendations:

  • Think about how you want to present yourself.
  • Check regularly what you can find about you on the internet.
  • Only post information about you that everyone can know at all times.
  • Only post recognisable photos of others with their permission.

The report ''Image building on the Internet: keep your digital identity under control'  (in Dutch) offers more information and recommendations on online identity management. Or read the flyer 'Recommendations for image building on the Internet' (in Dutch).

Lawful operations in ICT

Education institutions are responsible for the actions of their ICT staff and the handling of personal data. Employees and students are allowed to use the institution's ICT facilities and can expect their privacy to be reasonably protected. The education institution is allowed to supervise ICT traffic, but users have to know where they stand. It is therefore important that the institution has a code of conduct on ICT use. Read more in the study on  Lawful Operations in ICT (in Dutch).

Students' privacy and personal data

How should institutions of higher education implement the standards set by the Personal Data Protection Act in terms of the handling of students' personal data? The general answer is: by carefully handling those data based on an organisation-wide awareness of privacy in the workplace in accordance with usable and knowable rules. Read more about students' privacy and data in the report on 'Students' Personal Data' (in Dutch)

Lecture on Privacy 2016

In September 2016, SETUP organised a lecture on privacy in collaboration with Studium Generale of Utrecht University and SURF. Watch the lecture on privacy on the Studium Generale website or read the lecture on privacy .


Latest modifications 20 Sep 2018