Digital Rights in Education: Information Security and Data Governance

Transcript

1. Digital Rights in Education: Information Security and Data Governance Hao-Tian

   Ted Lu Advisory Committee Member, K-12 Education Administration, Ministry of Education, Taiwan Research Student, Institute of Biomedical Sciences, Academia Sinica Research Assistant, Department of Computer Science, National Taiwan University APRiGF 2024 - Securing Trust: Ethical Governance in Championing Children’s Digital Rights

2. Agenda § Case 1: Information security of systems and services

   § Case 2: Data governance policy in education § How to approach digital rights in education?

3. Case 1: Information Security Law & Regulations § Government Procurement

   Act art. 101 para. 1 When an agency discovers that a supplier has engaged in illegal activities or committed a serious breach of contract, it shall publish the supplier's name in the Government Procurement Gazette. § Regulations on Classification of Cyber Security Responsibility Levels art. 11 Each agency shall conduct the matters specified in Schedule 1 to Schedule 8, depending on its cyber security responsibility levels. Execution § K-12 Education Administration, MoE § Directions & official document § Administration for Cyber Security, MoDA § Reporting authority § When necessary, the competent authority under the Cyber Security Management Act may announce the necessary details related to the incident and the corresponding response measures at an appropriate time, in order to provide relevant assistance.

4. § Taiwan Constitutional Court Interpretation No. 585 § Privacy as

   part of human rights. (The Constitution of Taiwan art. 22) § Taiwan Constitutional Court's Judgment Xian-Pan 13 of 2022 § Data autonomy from privacy (Taiwan Constitutional Court Interpretation No. 603) § Due process guarantee Case 2: Data Governance (Autonomy)

5. § Directions for Schools on Collection and Use of Personal

   Data through Information and Communication Systems or Services art. 3 para. 6 Personal data retention periods should be established, and the collected personal data should be deleted or destroyed upon the expiration of the retention period or the termination of business to prevent personal data breaches. § Guidelines on the Protection of Personal Data in the Use of Biometric Identification Technologies for Schools § Personal data autonomy not included. § Currently only administrative guidance but not direction, regulation or law. Case 2: Data Governance (Autonomy)

6. How to approach digital rights in education? Law & regulations

   Digital literacy Competent authority

7. The issue of digital rights can’t be simply solved by

   strategies of technology but understanding the importance of autonomy, providing citizens the right and ability to evaluate risks and decide. Open Culture Foundation, 22 Nov. 2023 Open Culture Foundation (2023). Public Hearing on the Draft of “Digital Healthcare Development Act”, Legislative Yuan. 22 Nov. 2023.

8. Feel free to contact me via: • Email: [email protected] •

   LinkedIn: https://www.linkedin.com/in/hao-tian-lu/ • Instagram: https://www.instagram.com/ted.lu.tw/ Thanks!