Programmers like to have a snack while coding

Recommendations for online tools

In general, the school is always the body responsible for data protection when using digital applications. This applies even if another service provider carries out the data processing. Conversely, this means that the school must ensure the lawfulness of the data processing. It is therefore advisable to clarify the respective use with the school management and those responsible for data protection at the school before each use of a digital application.

When selecting digital applications, the consent of parents or pupils who are capable of giving consent should always be obtained in advance. Use should also be voluntary and students who do not want or cannot consent to use should not suffer any disadvantages. In addition, it must always be ensured that the data is stored on servers that are within the scope of the European GDPR. If possible, an order processing agreement should also be concluded. In this context, it is important to know that after a judgment by the EUGH, providers can no longer invoke the "Privacy Shield". The use of services that transmit data to the USA is therefore viewed as extremely problematic in the school context. This applies in particular to the "Padlet" application, which can hardly be used in school lessons any more (see notes on Padlet).