The GDPR was enacted to reign in the mighty corporations of the internet. Then, it was unleashed on all organizations, large and small alike. We report the results of a multi-site field study on Italian schools, and the challenges they face to implement the GDPR while running activities full of sensitive issues without an army of legal and compliance officers. The sample study consisted of one kindergarten, ten primary schools, two junior secondary schools, and two secondary schools. We did not find evidence of the privacy paradox (spotless on paper but careless on the field). In contrast, school staff mostly crumble when by-the-book procedures cannot be implemented with the resources that they actually have. We discuss what happen on the field, from critical privacy incidents with potential impact on pupils security and safety, to 'formal' privacy incidents for which life is too short to bother-and how a risk-based approach could address them.
The GDPR was enacted to reign in the mighty corporations of the internet. Then, it was unleashed on all organizations, large and small alike. We report the results of a multi-site field study on Italian schools, and the challenges they face to implement the GDPR while running activities full of sensitive issues without an army of legal and compliance officers. The sample study consisted of one kindergarten, ten primary schools, two junior secondary schools, and two secondary schools. We did not find evidence of the privacy paradox (spotless on paper but careless on the field). In contrast, school staff mostly crumble when by-the-book procedures cannot be implemented with the resources that they actually have. We discuss what happen on the field, from critical privacy incidents with potential impact on pupils security and safety, to ‘formal’ privacy incidents for which life is too short to bother-and how a risk-based approach could address them.
GDPR in the Small: A Field Study of Privacy and Security Challenges in Schools / Ciclosi, Francesco; Varni, Giovanna; Massacci, Fabio. - (2025), pp. 1197-1214. ( 46th IEEE Symposium on Security and Privacy, SP 2025 San Francisco, US 12-15 May 2025) [10.1109/sp61157.2025.00243].
GDPR in the Small: A Field Study of Privacy and Security Challenges in Schools
Ciclosi, Francesco;Varni, Giovanna;Massacci, Fabio
2025-01-01
Abstract
The GDPR was enacted to reign in the mighty corporations of the internet. Then, it was unleashed on all organizations, large and small alike. We report the results of a multi-site field study on Italian schools, and the challenges they face to implement the GDPR while running activities full of sensitive issues without an army of legal and compliance officers. The sample study consisted of one kindergarten, ten primary schools, two junior secondary schools, and two secondary schools. We did not find evidence of the privacy paradox (spotless on paper but careless on the field). In contrast, school staff mostly crumble when by-the-book procedures cannot be implemented with the resources that they actually have. We discuss what happen on the field, from critical privacy incidents with potential impact on pupils security and safety, to 'formal' privacy incidents for which life is too short to bother-and how a risk-based approach could address them.| File | Dimensione | Formato | |
|---|---|---|---|
|
GDPR_in_the_Small_A_Field_Study_of_Privacy_and_Security_Challenges_in_Schools.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
272.49 kB
Formato
Adobe PDF
|
272.49 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
