Today is international Data Privacy Day (or “Data Protection Day” in Europe). Data Privacy Day is recognized to raise awareness and promote data privacy best practices. We take this day as an opportunity to reflect on our data privacy achievements and tell you about our plans.
At Blackboard, data privacy is a priority. Our clients entrust us with the personal information of their students and other end users, and we take the obligations that are attached to this information very seriously. As such, we have a dedicated data privacy program with privacy by design at the heart.
Because we believe that data privacy is a fundamental right for all individuals, we implemented the European Union (EU) General Data Protection Regulation (GDPR) in 2018 not only in the EU but we extended these protections to our clients globally. The GDPR is arguably the strongest data privacy law worldwide. It introduced additional rights for individuals and obligations on companies such as using a privacy by design approach and conducting data protection impact assessments.
Our global GDPR baseline has also helped us implement the requirements of the new California Consumer Privacy Act (CCPA), which took effect in January 2020. The CCPA provides California residents with rights and more transparency regarding their personal information. Our global GDPR baseline also facilitates the implementation of other new laws such as the Brazilian General Data Protection Law, which will take effect in August this year and will introduce rights and obligations very similar to the GDPR.
These laws, and most other data privacy laws such as the U.S. FERPA, Australian Privacy Act, South African Protection of Personal Information Act, impose strict requirements and limit how we as a service provider can use the personal information of students and other users of our products. As a signatory of the Student Privacy Pledge, we also committed to using student personal information appropriately. To provide additional assurance, the contracts with our clients and our internal policies use the GDPR as a baseline and require that we only use personal information as instructed by our clients. This is also outlined in our Privacy Statement.
Last year we further strengthened our data privacy program by submitting our application for the EU Binding Corporate Rules data transfer mechanism. Furthermore, as part of the implementation of the CCPA, we now apply our GDPR data processing addendum not just to EU contracts but to all new standard client contracts globally. In addition, we are working closely with the Blackboard Data team to help shape this new Analytics platform and the related offerings. This exciting collaboration has resulted in a strong privacy by design approach and inclusion of privacy education features such as helpful privacy information for our clients and a flag in the data dictionary for data elements that could directly or indirectly identify individuals. During last year’s Blackboard Analytics Symposium, we presented on these efforts as well as on our approach to ethics and AI.
We are committed to continuously improving the data privacy protections for our clients and their end users. One exciting activity planned for this year is our ongoing work with our Architecture team to help design our new EdTech Platform with privacy by design in mind. One result of this close collaboration is the introduction of privacy classifications for each data element for new services built on the EdTech Platform. We also plan to provide more proactive privacy information about our products to support our clients with their privacy obligations.
To stay informed and keep up with our privacy enhancements, please visit our Community page. Happy Privacy Day!