Data privacy: at the core of what we do
The digitisation of German society, industry and education has been an ongoing discussion, with the pandemic highlighting areas for development, such as digital public services. During the crisis, funding of 100 million euros was provided for the rapid development of infrastructure and the expansion of digital education. However, there is also a wariness of digital economies: they’re difficult to control or oversee, and while the digital economy offers much for free, there is the fear that you actually pay with your private data.
This wariness is completely understandable. In the past, it was easy for many businesses to turn a blind eye to privacy issues, and even in the wake of GDPR, in some parts of Europe, it was business as usual.
But not in Germany. And not at UNIwise.
Having worked with a number of German higher-education institutions over the past few years, we understand how seriously data privacy is taken in Germany, and how regional differences in interpretation of the law – or in the legislation itself – can come into play. We understand and respect the power that DPOs wield.
An exam is a private thing, and there are many regulations governing how it is handled. In that way, it’s very similar to personal data. At UNIwise, we’ve spent the past ten years working every day to make sure that students around the world, studying at universities across Europe, can sit secure digital assessments and exams. Privacy is at the core of what we do.
So, we strive not just to comply with EU data regulations, including GDPR and Schrems II, but also to ensure that our IT security reflects our ethical values as a company. We process large amounts of data on behalf of our partner institutions, so it’s imperative that information security is at the heart of everything we do.
About UNIwise and data privacy
UNIwise is a European company, and we use an EU framework for data privacy. We encrypt everything and we only work with suppliers who conform to the EU standards. In other words, our data is secured within the EU. No one can tamper with the exams on WISEflow, just as no one can tamper with the data we process.
In December 2021, we were awarded the D-Seal certification for IT security and data ethics. The D-seal is a Danish labelling program that promotes the responsible use of data and acts as a prospective code of conduct agreed at a European level. We are one of few companies to earn this certification, which was developed by a team of high-level European experts who take data privacy very seriously. Through achieving D-seal certification, UNIwise can now more comprehensibly secure digital trust, as its strict criteria recognise robust and responsible approaches to data protection, ensuring accountability to our partners and users alike.
You can read more about our data ethics policy here [PDF].
How does UNIwise work with HEIs’ data?
We only serve one client: the university. And our job is to help you service your users. Our infrastructure is agnostic: the data is owned by the university; we don’t own the data and we don’t do anything business-related with that data. In other words, we won’t sell your data. Not just because that would be unethical, but because we have no rights to it.
All your data is contained within your license; it doesn’t even get pooled with other clients’ data. We have developed WISEflow so that institutions have the power to change their data retention whenever they want: if they have an exam period that all students participate in, once everything is graded, they can choose to wipe the data if they wish. Equally, they can anonymise the data.
UNIwise and AI
As we know, digital assessment involves processing personal data, such as names and email addresses. With the advent of remote invigilation came the new category of biometric data. In recognition of the sensitivity of this data, we take extra safeguarding precautions. Everything is encrypted, and institutions can decide on their own retention in terms of how long they keep the data.
For remote invigilation, we use AI to compare random images or exam participants with a reference image. Voice detection recordings of exam participants will be flagged by AI if there is speech or a anything anomalous. It’s important to note that the invigilation system will not decide anything on its own – the AI does not make decisions. Facial recognition is only an aid. Rather, students are flagged, and the university can decide from there. This ensures fairness, as some AI solutions have a problem with diversity and discrimination. Instead, our soft approach to proctoring puts diversity and non-discrimination at the centre of things. It also recognises that a harder approach – for instance, video of students that tracks their eye movements and is overlooked by a third party sitting somewhere (maybe outside of Europe) – would be counterproductive for students.
Using AI in the way we do also means that European data on European soil will only be handled by European individuals. That said, it’s important to note that we have opted out of services that use biometric data for AI training purposes. All we use the data for is to authenticate the user and nothing else. We conform with the GDPR principle of proportions in this regard: only what we need and nothing more.
Conclusion
When exams were paper-based, exam scripts would get lost all the time. Digital assessments won’t get lost – in fact, we’ve never lost an exam paper – and moreover, the digital exam is encrypted. A lost paper exam could be read by anyone.
All that said, we take concerns around digital assessment and data privacy very seriously. Our business model means HEIs are our only clients. We know what’s at stake and we’ve developed our platform to safeguard your data and recognise that it’s just that, yours.
We’ve already seen the digitisation movement gain momentum at the many German institutions we’ve onboarded recently. UNIwise welcomes the renewed focus on digitisation and draws on our experience of the process of digitisation of education, specifically exams and assessment, that took place in Scandinavia in the past decade to support institutions in Germany – the home of the modern university – as they embrace these same challenges and opportunities.
Reflecting on the importance of data privacy to UNIwise, Executive Director and co-founder Rasmus Blok is pleased with the certification, saying: ‘The right to privacy is a fundamental human right, but also one which might be challenged by technology itself, and as such must be protected and respected. Through the D-seal - our newest IT security certification, and together with our existing ISAE3402 external IT security audit - we at UNIwise make it clear to our customers, employees and stakeholders that we are dedicated to protecting their data to the highest ethical standards.’
