(by Federica De Stefani, lawyer and head of Aidr Regione Lombardia) The pandemic caused by the spread of covid 19 has revolutionized many sectors, including that of the school.
For over 2 months now, Italian students have been experimenting with the so-called "distance learning" which, according to the schools and the different realities, is carried out with different methods and tools.
In this situation, already complex in itself, the issue of privacy has also been included, the violation of which is declined in various ways.
There are those who call for non-compliance with the GDPR because the idea of a year-end class photo would have been proposed with a professional photographer to immortalize the children during a connection in the virtual classroom.
The health emergency we are experiencing has led to an exponential increase in the use of the network and technology, with quite a few problems, it is true, related to data processing. It is equally true, however, that this greater use of digital leads, in many cases, to imagine violations that do not really exist.
The GDPR is invoked as if any activity connected to the internet automatically led to the processing of personal data.
The case of the year-end photo is significant.
Here, the violation of privacy concerns the fact that the photographer could also capture, in the background, a portion of the room where the child is located.
In this case the point of the question is completely lost sight of.
The processing of personal data does not concern the photographer, but possibly the platform that is used to create the virtual classroom and participate in the lessons, since the registration or use of the platform in any case implements a data processing that takes place (or should to take place) according to the methods that the platform uses and which were accepted at the time when the connection program was downloaded.
The problem of privacy does not concern the background that can be seen behind the child, which in any case is visible by any person joining one of the other participants in the virtual class and looking at the screen.
The problem is upstream.
If you do not want to show details of your home, just place the child with the device he uses for connection on a neutral background, such as it could be a wall in the room, or you can enlarge the frame and make sure that it is only the child's face is framed.
In any case, it remains that the background of the frame cannot be connected in any way to the GDPR which regulates, as is known, the processing of personal data, i.e. those data which, pursuant to art. 4 of the same are defined as "any information concerning an identified or identifiable (" interested ") natural person; the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered identifiable, physiological, genetic, psychic, economic, cultural or social ".
The shot of the child participating in a virtual class makes it identifiable not because there is a picture or a portion of the sofa behind it, but because other data, such as the IP address or e-mail and maybe a name and surname has been inserted (in some platforms every child, in his frame, can have his / her name and surname).
It is not therefore a violation of privacy when it comes to the year-end photo, data breaches are quite another thing.