This summer semester brought many novelties. For a lot of students, it was the first time to take a proctored online exam. Mixed feelings arise when starting the exam. Will everything work the way it should? Do all get tested under the same conditions? And first and foremost: What happens with personal data?
But online tests are not limited to universities. Also, eLearning, assessment centers, and personal development tests are increasingly moving online. Testing situations are fundamental personal acts where skills, knowledge, strengths, and weaknesses are shared. Consequently, data privacy is very important when online tests are taken.
Reviews of online proctoring services underline this finding: most of the examinees are concerned about the handling of their data. To create a safe testing environment, complying with the highest safety standards is crucial for the success and acceptance of online exams. A prerequisite for this is to make sure that the proctoring tool is GDPR compliant. But what does this mean?
In general, the GDPR “lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data” (Art. 1(1) GDPR). Personal data is defined as “any information relating to an identified or identifiable natural person (‘data subject’)” (Art. 4(1) GDPR). To verify the identity of an examinee at the beginning of the exam, it is mandatory to compare the webcam image with an identity document, such as student ID, ID card, or passport. In this special category of personal data (Art. 9(1) GDPR), the verified person must give “explicit consent to the processing of those personal data” (Art. 9(2a) GDPR). The consent, in which the verified person agrees to the processing of personal data, must be voluntary, for a specific case, and unambiguous (Art. 4(11) GDPR).
Specifically, GDPR endows the examinee with eight rights:
At cubemos, we highly value personal data. Therefore, we design our online test platform to enable data privacy by design. Of course, personal data must be recorded during an online test. Furthermore, examinees are required to give their consent to the recording before starting the test. But with taking the exam, we also create an account of the examinee which facilitates the review and the management of their personal data. Examinees get a notification once their personal data is deleted, which usually happens several days after the test is completed. With this mechanism, we can ensure that all rights that the GDPR requires are incorporated and promoted in our system design.
With our platform, organizations can run any test online in a trustworthy and valid way. The examination process is completely automated, and the system is designed to fully comply with data privacy regulation. If you want to try out our system for your tests, text us via firstname.lastname@example.org or read more on www.cubemos.com.
Don’t take too much advice. Most people who have a lot of advice to give — with a few exceptions — generalize whatever they did. Don’t over-analyze everything. I myself have been guilty of over-thinking problems. Just build things and find out if they work.