IT University of Copenhagen – Dismissed (Denmark, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Danish authority dismissed a case against IT University of Copenhagen regarding their use of online proctoring for exams. The university had taken necessary steps to ensure privacy and security, showing that careful planning and transparency can help meet GDPR requirements.
What happened
IT University of Copenhagen used an online proctoring service for exams, which was deemed compliant with GDPR.
Who was affected
Students taking online exams at IT University of Copenhagen, whose activities were monitored during the exams.
What the authority found
The Danish authority found that IT University of Copenhagen had properly assessed the necessity and minimized the impact of their monitoring practices, complying with GDPR.
Why this matters
This case demonstrates that thorough risk assessments and transparency in data processing can help institutions comply with GDPR, even when using monitoring tools.
GDPR Articles Cited
National Law Articles
The DPA conducted an audit of the IT University of Copenhagen (ITU) and their use of an online proctoring service for one of their online exams. Following COVID-19, ITU was required by Danish authorities to provide education and exams online. They were also instructed to ensure integrity of the exams, to prevent cheating. ITU considered the need for monitoring for each exam and found that one required the use of monitoring (”Algorithms and Data Structures”), because the exam answers would be identical for every student (it would be easy to copy and share answers). This processing would be based on Article 6(1)(e) GDPR, cf. § 6(1) the Danish Data Protection Act. ITU stated purpose for using an online proctoring tool, which in this case was "ProctorExam", was 1) to supervise the student during the exam, and 2) to prevent cheating. The use of ProctorExam included that: 1) The student would show an ID to the webcam (a student card from ITU or other valid ID). This would be manually controlled by an ITU representative. 2) A video and sound recording, and a recording of the student's screen 3) Recording of the web browser browsing history The use did not include any processing of biometric data or facial recognition technology. The DPA emphasized the following in their finding and decision: * ITU had conducted (and documented) a concrete necessity test of the need to use monitoring tools, for all their exams * ITU had chosen an online proctoring tool that was considered to be the least invasive one (for their circumstances) * ITU had informed the students in a concise, transparent, intelligible and easily accessible form, using clear and plain language, specifically for the type of processing when using ProctorExam, as well as providing the students with their general privacy notice * ITU had conducted a risk assessment, considered technical and organizational security measures and introduced measures to minimize the processing in question (e.g. encryption in transit an
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for IT University of Copenhagen in DK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. IT University of Copenhagen - Denmark (2021). Retrieved from cookiefines.eu
Last updated: