The CNIL, concerned about the growing and particularly intrusive use of remote monitoring of school or university exams, has just published recommendations to better protect candidates, pupils and students.
The world of education is facing a new reality: online exams supervised by remote monitoring devices are becoming more and more sophisticated. And while public and private higher education institutions have adopted these practices first in response to the global health crisis of COVID-19, the National Commission for Computing and Liberties (CNIL) published on Monday 4 September, a series of crucial recommendations to protect the personal data of students, while fighting against fraud.
Devices that are certainly effective against cheating, but which are still too intrusive
The CNIL insists that these devices must scrupulously comply with the General Data Protection Regulations (GDPR), even if they remain necessary to guarantee the integrity of online exams. The regulator’s initiative actually stems from a significant increase in complaints about the excessively intrusive side of the remote monitoring provisions used today.
The Data Constable had launched a public consultation which resulted in the publication of recommendations aimed at three major objectives:
- Support institutions in ensuring compliance with data protection regulations.
- Maintain student confidence in the education system.
- Promote inclusive digital practices.
Today, and the CNIL recognizes this without difficulty, devices that include the monitoring of the student’s personal computer or tablet during online exams are inherently intrusive. The administrative authority admits the need to fight against fraud and cheating, of course, but it insists above all on the need to find the right balance between this imperative and the protection of individual rights and freedoms.
Strict recommendations, but which aim for a certain balance
So among the main recommendations of the CNIL, it should be noted that establishments and bodies organizing exams must guarantee candidates that their data will not be used for any purpose other than the monitoring of online exams. If ChatGPT, who passed his entrance exam to law school, probably has nothing to do with all this, in the eyes of the authorities, the exam methods without remote monitoring should be preferred when they are possible. She does not want remote monitoring to be imposed, but to be an alternative, and that in the event of an obligation, a face-to-face alternative is precisely submitted to the candidate.
The CNIL also insists on information related to remote monitoring conditions, which must be carried out as soon as possible, so that students can make informed decisions. Similarly, the regulator recalls the need to ensure that the remote monitoring devices are compatible with the candidates’ equipment, that they do not present any security risks and that they can be easily installed and uninstalled. Always from a technological point of view, any automatic analysis of the behavior of candidates must also be excluded, in the eyes of the commission.
These recommendations aim in any case to regulate the practices of remote monitoring of online exams, while preserving the rights and privacy of those who take them. We can only welcome this intervention by the commission and its attitude of preserving the right balance between academic integrity and data protection. It remains to be seen how these recommendations will be interpreted in practice.
2