The European Students’ Union (ESU) supports KSU’s proposals and recommendations regarding the contents of Legal Notice 76 of 2014, which gives the Minister of Education and Employment in Malta the right to ask for and receive sensitive and personal information about students registered at every educational institution from early childhood education to tertiary education.
This Legal Notice gives extensive powers to the Maltese Minister, who will personally have access to personal information (including, but not limited to, personal identification numbers and academic achievement) on every student in Malta and Gozo. There is no opt-out clause through which institutions can choose not to divulge the personal information of the students enrolled with them.
ESU requests more clarity on the purpose of the research exercises to be carried out and what kind of measures are or will be taken, to ensure the anonymous and correct use of this sensitive information. In this regard, ESU highly recommends to put in place changes, to ensure that every student in Malta as well as their relatives, are empowered to decide how information that they have already provided, or will provide, is used.
In the light of this development, ESU encourages the ministry to tackle the loopholes in the current legislation and ensure it safeguards students’ data protection rights in the following ways:
1. The use of pseudonymised data
Although ESU has been reassured by the national student union, KSU, that the intentions behind this legislation appear to be genuine, ESU still strongly feels that in its present form, it is open to abuse and potentially breaches data protection rights. For this reason, ESU strongly advocates the use of a pseudonymised system where students’ data can be linked to other information for the purposes of the research exercises being carried out without being immediately identifiable.
In this regard, ESU advocates for KSU’s proposal that data should remain anonymised, unless explicitly required under a set of justified conditions, such as contacting the individual in person. Data relating should only be requested when it is really required.
2. Clearer identification of the scope of the legislation
ESU feels that the legislation should contain a more elaborate description of the scope and exercises to be carried out for each scheme.
In this regard, ESU strongly suggests that the text should be clarified and expanded into a more robust form of legislation. ESU also agrees with KSU’s suggestions to ensure that the depth of the information required, reflects the broadness and the intentions behind the intended research. This would clarify what purpose the legislation serves, while also improving public perception and trust in the system.
3. The transfer of responsibility to an entity
One of ESU’s main concerns, reflected in KSU’s claims, is the fact that the legal notice mentions in particular the data being passed on to the Minister. In the context of this legislation, it can be seen as granting a single individual disproportionate powers, which leaves the system potentially open to abuse, even if that is not the current intention.
In the light of this, ESU firmly recommends that the responsibility is transferred to a particular entity tasked with research, where the appropriate checks and balances can be put, or are already, in place.
4. The inclusion of opt-out options
Finally, ESU believes that in light of the schemes proposed, students (or their guardians) should be offered the possibility to opt-out of the data mining exercise should they wish for their data not to be passed on. As the legislation currently stands, there exists no particular option for this, and it will actually be considered as a criminal offence to refuse to provide thus data.