Data processing at Sciences Po falls within a French and European legal framework for data protection (RGPD, General Data Protection Regulation). Its objective is to strengthen the rights of individuals and to empower the controller and processor making personal data processing.
PARTICIPATE TO THE TRAININGS AND CONFERENCES ABOUT DATA PROTECTION
The Sciences Po Data Protection Officer (DPO), Marion Lehmans, leads training and awareness raising actions about data protection and privacy good practices. She also organises conferences to discuss and debates on current data protection issues and issues of data governance, digital privacy and the Internet today and tomorrow.
The goal is that everyone, as a citizen, develops her or his own critical opinion on these moving and complex subjects, and helps to build the Internet of tomorrow.
Exchange on the internal whaller social network
The Data Protection Officer (DPO) of Sciences Po proposes to discuss the subjects of data governance, digital privacy and the Internet of today and tomorrow and to share interesting content (readings / articles / videos) on the Mamadata5 discussion area of Sciences Po's internal social network (upon authentication).
Anyone, students, researchers or academic and administrative staff of Sciences Po can join it.
Take advice from the Sciences Po Data protection officer
Teachers can be advised individually by the Sciences Po DPO about their personal data management issues and respect of private life. Identify the time slot proposed by your DPO and make an appointment : show the agenda > look for the next available time slot > choose the time slot you want > send the time slot booking.
understand key concepts
The data processing at Sciences Po has to comply with the French and European legal framework for data protection (especially the General Data Protection Regulation, named “GDPR”). It aims to strengthen people's rights and empower data actors.
You are involved because of three reasons:
- Your data is processed by Sciences Po and its partners who run or contribute to your studies and student life;
- You want to collect, access, share the data of other people, especially those of your students;
- You ask students, in the context of academic works, to implement new personal data processing.
Personal data is any information that directly identifies (name, surname, email address, etc.) or indirectly (phone number, IP address, etc.) a person.
Personal Data Processing
A personal data processing is an operation (or several operations) made on personal data. This ranges from simple data collection to transformation or dissemination.
Managing tuition data, implement a survey, update a contact database, sharing personal data on a website or to a third party are examples of personal data processing, as for the law.
A data controller implements data processing by committing to its right compliance with the law.
Right to be Informed
Any processing of personal data must be lawful and fair. Information on the processing of these data must be easily accessible and formulated in such a way that it makes easier understanding.
Read this information in the legal notices and conditions of use and confidentiality of websites and social networks.
When needed, the consent must be given by voluntary, clear and free act by the data subject who agrees in a specific, informed and unequivocal way to the processing of its personal data.
Exercise of Rights
Users who entrust their personal data to private or public organizations have rights to keep control. Data controllers have to precise the existence of these rights and how to exercise them concretely.
Sciences Po collects your personal data as part of its higher education and research missions. You have rights of access, rectification, erasure and opposition, a right to the portability of your personal data and the right to decide the fate of your personal data post-mortem.
Find out more:
Protect Your Personal Data
Protect Your Digital Privacy
- Computers, mobile phones, tablets, etc. : same fight !
- Encrypt your equipment (Learn more about encryption on the CNIL website)
- Accept updates (antivirus, firewall, OS, applications)
- Do not connect suspicious removable devices to your devices
- Put on stand by your equipment in case of absence
- Always disconnect from public computers
- Set your privacy options and regularly delete your tracks (cookies and history in all your browsers, all your digital mail and all your computer equipment)
- Make sure the HTTPS (and the lock for my transactions), and avoid open WIFI
- Cyberviolences and cyberbullying, are offenses under the Penal Code.
- In order to get to know your right to monitor your personal data, read all the advices of the French Data Protection Authority (the CNIL).
- For gender-based or sexual violences, find support with the external support service run by France Victimes, implemented by Sciences Po
Protect Your Digital Student Life
- Your password is in good hands: yours
- Separate your Sciences Po password from passwords used in your private life and choose one for each digital account
- Never write your password and never share it with anyone
- Never save your passwords in your browser
- Use your Sciences Po account email@example.com to exchange with the administration
- Do not collect or disseminate the personal data of other students, teachers or staff without their consent
- Respect and obtain copyright and image rights before reuse of content found on the web
- Anonymize your surveys or comply with the GDPR obligations
Comply and ask to students to comply with legal preliminary obligations
Ask to your students to use GDPR legal information and consent form models when working on academic questionnaires
When working on academic questionnaires, you need to learn how to inform and obtain consent of participants, and to comply with the European data protection legal standards.
Teachers, please, use and promote the following GDPR information sheet and consent model (under authentification).
Register Personal Data Processing
If you need to process personal data for academic purposes, and that the data processing is not planned within the Sciences Po IT environment, you need to comply with the law. Complete the form (Sciences Po data processing registry). Your Data Protection Officer may contact you to accompany you.
Note that it is also expected that your students comply with the data protection regulation : make them register their personal data processing implemented within their academic works in the Sciences Po data processing registry.
Check if your treatment is particularly sensitive
The implementation of new data processing requires questioning the possibility to "generate a high risk" for the data subjects.
Evaluate the risks raised by your data processing using the document "Is a risk analysis necessary?" (GDoc on authentication) and promote the tool to your students.
Your data processing is sensitive: you must carry out a data protection impact analysis (DPIA)
Within the frame of academic works, when the processing of personal data, taking into account its nature, scope, context and purposes, is likely to generate a high risk for the rights and freedoms of natural persons, it is expected that the teachers write, before processing, an analysis of the impact of the data processing operations on data subjects (DPIA), and share it to the Data protection officer. The students who implement sensitive data processings within the frame of their academic works have also to write a DPIA and submit to their teacher, who organize those academic works
Notify Sciences Po of a Data Breach
If you think you are a victim of hacking, renew the compromised identifiers and report the incident to the people or organizations concerned (your institution, bank, tax center, Internet access provider, etc.).
Go Further: Train
Have a look over the program of the training and awareness sessions led by your DPO and register yourself (under authentification).
Discover the following additionnal resources
- Disciplinary, administrative and criminal sanctions for non-compliance with the GDPR and the French Law Loi Informatique et Libertés (Gdoc in French)
- the Charter for the use of the IT system of Sciences Po (PDF, 129 Ko)
- the website Outils en ligne de Sciences Po
- the Sciences Po Digital security guidelines (PDF, 826 Ko)
- the website SupDPO, professional association of the Data Protection Officer working in the Higher Education, Research and Innovation sector
- the CNIL, the French Data Protection Authority (Commission nationale de l'informatique et des libertés)
- the EDPB, the European Data Protection Board