PlagiarismCheck - External plagiarism check at the university is data protection lawful
Universities are allowed to transmit data of their students to external companies in general, to detect deception attempts. This is stated in the currently published data protection report for North Rhine-Westphalia by the Düsseldorf Landtag. "This can only be effectively achieved through plagiarism checks."
A concerned person had complained to the Data Protection Officer for Data Protection and Freedom of Information, after their thesis was checked for plagiarism using plagiarism software. According to the report of the Data Protection Officer, a data protection compliant plagiarism check requires that the data be pseudonymized first. "External companies do not need the clear data of the students for text comparison."
For universities, it only needs to be ensured that the results of the examination can be reliably assigned to a specific student. This can be achieved by assigning a pseudonym. "Pseudonymization can only be assumed if the pseudonym is not identical to the matriculation number and does not allow any other conclusions about the concrete person," the report specifies.
Furthermore, a general, random plagiarism check using external companies should be regulated in the examination regulations of the universities. After the check, the works must be deleted from the servers of the service providers. An opt-in solution as a legal basis for data transfer is not feasible, because it cannot be assumed that affected parties have a real choice to refuse consent without suffering any disadvantages, explained the Data Protection Officer.
- Despite the controversy, universities in North Rhine-Westphalia are authorized to share student data with external companies for deception attempt detection, as outlined in the recent data protection report submitted to the state parliament in Düsseldorf.
- In response to a complaint about plagiarism accusations in a university thesis, the Data Protection Officer emphasized the necessity of pseudonymizing student data before conducting plagiarism checks, ensuring external companies don't require clear student data for text comparisons.
- To maintain data protection compliance, the report suggests that universities should assign unique pseudonyms to students before outsourcing plagiarism checks to external companies, ensuring the reliability in connecting results with the appropriate student without revealing personal identity.
- Owing to the potential disadvantages that come with requiring affected parties to opt-in for data transfer, the Data Protection Officer argues against using this method as the legal basis for sharing student data with external companies for general, random plagiarism checks.
