The European Union has broaden the data protection and people rights regarding the control of personal data. Everybody who has been logged on a website, has been obliged to tick the box containing the following statement: “I accept the Terms of Use”. Although you probably do not read the conditions of use most of the times, you must know that the main function of such a huge text is to protect you and your privacy, and this is thanks to the European Union.

Following are some curiosities that we have been obliged to apply to www.edueca.com:

  • If you log in in Edueca, we will ask for your consent for managing your personal data. Furthermore, we must inform you of who we are, providing contact details (address, fiscal data, etc.) which will allow you to exercise your rights, in case it is needed. From now on, you won’t have to worry about not knowing who is behind a website.
  • When you get enrolled in a course, we inform you who is going to handle your personal data (email address and your name) and we ask you permission explicitily.  We want to make it clear that the teacher (or instructor) has access to these data and also, that you can contact him/her. This way, “ghost” intermediaries are removed. In CIDET we will ensure that the teacher fulfils the data requested, otherwise his/her account would be suspended.
  • These regulations are applicable to the European Union, but watch out if you log in in a website, outside the EU. Always check if the enterprise of this website has a headquarters in the UE, if not, your data won’t be protected under this legislation. However, there are also some countries that have agreements with third countries which consider the personal data protection legislation is equated. You can check these countries on the following website.
  • The registration to Edueca within courses of different countries is compromised by the previously mentioned restriction. Therefore, we will prevent you from getting log in in course from a non-European country or it is not inside the green list of EU.
  • Personal data are yours, so you can request a correction in case they are mistaken or uncompleted or even its removal, that would be equal to the right “to be forgotten”. Therefore, if your personal data appears publicly you can request its elimination, however the ones stored for internal usage could be kept (fiscal and legal data, to meet the laws or legitimate interest). In this case you can request for a limited use.
  • No more spam (at least, inside the EU): An information, advertisement or marketing email, must include a text where it is clearly explained how to unsubscribe. Unfortunately, this legislation still has not been applied outside the EU, therefore we can keep on receiving  spam.

Lastly, I would like to introduce a little related to the new legislation and that it happened in Edueca. Following we will detail this story, so the reader can have a slighlty idea that sometimes, a “maxim effort” is not enough and that the european regulation does not ionly includes the personal data but also its management.

One of our students loged in to Edueca and validated his email account, accepting then the conditions of use. There is nothing unusual about this. The teacher of a course sent him an invitation for his course, so the teacher already knew the name and the email address of the student. In fact, they both know each other in advance, but the student never accepted the invitation sent by the profesor.

I personally sent the student an email asking if he had had some kind of problem when trying to accept the invitation and I also sent the teacher a copy of that email. It happened that I make it obvious for the teacher to see the lack of interest of the student  when registering to such course.  The student complained about this, but I  was able to amend it with my apologies.  Consequently, we updated the internal protocol for our own communication processes.

Therefore, one more point, which also includes the EU regulation, needs to be added to the aforementioned list. Human errors will always exist, but nevertheless we can adopt systems to minimize them; we can adopt measures of active responsibility:

  • The regulation includes a risk analysis system, adding measures to minimise them and definition of treatments. Errors will always exist, unfortunately there is no 0 risk, this is the reason why Spanish Data  Protection Agency (AEPD) states that any error occurred must be communicated to them within 72 hours.

Finally, we assess very positively the new lesgislation of data protection due to the fact that comply with logic and reasonable principles that should be obvious for any business companies, as long as it acts in good faith, reasonably and according to legitimate  interests or according to the user. When it has been a ilegitimate use or an abuse has been committed, the legislation and policies applied are convenient. However, it is important to highlight that people only should register in a website if there it is reliable and useful for us, it can be used without problems and if it fits with this type of legislation.