As approved by the Groningen Declaration Network’s Executive Committee on 11 January 2015 and proposed for adoption by participants at the Annual Network Meeting in Málaga, on 4 to 6 May 2015

INTRODUCTION: THE NEED FOR A STATEMENT OF ETHICAL PRINCIPLES

From banking to travel, almost everything today is done via digital information and the Internet. One notable exception still is the world of (academic) diplomas. Diplomas are by and large still issued on paper, featuring a variety of security measures, with authenticity and validity dealt with through other authentication mechanisms.

Notwithstanding these precautions and administrative measures, paper- issued diplomas have their drawbacks. They can easily get lost, be stolen, or be forged. For all of these reasons, a growing number of countries have developed digital student data depositories to manage educational data. Today, these depositories can serve Human Capital Cross Border Mobility on an global scale.

The Groningen Declaration Network is convinced that the international mobility of students drives economic growth. Mobility also empowers people, enabling them to study, live, and work wherever they want. Students want all of their competencies recognized, regardless of where they acquired them and for this, there is a growing need for the acceptance of digital student data instead of the paper based authentications and academic credentials that exist today.

For the proposed Digital Student Data Ecosystem to work and thrive, the Groningen Declaration Executive Committee felt that there should be a set of guiding principles to which all participants in the Groningen Declaration should adhere, as follows below, after the paragraphs on the mission, vision and values of the Network.

MISSION, VISION AND VALUES

MISSION: AIMING TO DELIVER ON DIGITAL STUDENT DATA PORTABILITY

The Groningen Declaration brings together key stakeholders through a declaration of intent. Signatories cooperate on a voluntary basis, seeking not primarily standardization but rather convergence. The main goal of the Groningen Declaration, which first opened for signatures on 16 April 2012, is to develop best practices and globally-accepted standards for secure, citizen-centered consultation and portability of digital student data.

VISION: TOWARDS A TRUSTED DIGITAL STUDENT DATA ECOSYSTEM

In 2020, the Groningen Declaration Network constitutes a global, broad and interconnected ecosystem including large digital student data depositories, educational institutions, government bodies, and other stakeholders. Participants in this ecosystem work together on the safe administration, processing, consultation, transfer exchange acceptance and recognition of digital student data in addition to appropriately verified paper-based records, using the best standards and technology available, in order to guarantee trust in this digital student data ecosystem.

VALUES: SECURITY & PRIVACY

A trusted digital student data ecosystem can only be built if student information is kept safely and if its confidentiality and privacy is protected. Therefore, “security” and “privacy” are the core values of the Groningen Declaration. Different principles and standards must be needed to enforce these main values, and that is what the Groningen Declaration is for , to create consensus, to innovate, and advance learning on student data management and protection.

STATEMENT OF ETHICAL PRINCIPLES

PRINCIPLE 1. STUDENT-CENTERED

Digital student data portability aims at empowering the (international) mobility needs of past, present and future student’s needs.

PRINCIPLE 2. PRIVACY AND DATA PROTECTION

The collection, use, transfer, disclosure and storage of student data must comply with privacy and data protection laws and regulations. Whether or not a specific law or regulation exists in a certain country, all stakeholders in the Groningen Declaration Network pledge to be subject to the following privacy and data protection principles (Adopted from the OECD Privacy Principles):

2.1. COLLECTION LIMITATION PRINCIPLE

There should be limits to the collection of personal student data and any such data should be obtained by lawful and fair means and, where appropriate, with the informed consent of the data subject, i.e. the natural person to whom a given set of data refers. The data subject is to be informed prior to data collection, of the types of uses the personal data that he or she is agreeing to.

2.2. DATA QUALITY PRINCIPLE

Personal student data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

2.3. PURPOSE SPECIFICATION PRINCIPLE

The purposes for which personal student data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or

such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. The student should be informed not later than the time of data collection of the types of uses his or her personal data could be used, subject to applicable laws in the signatory countries.

2.4. USE LIMITATION PRINCIPLE

Personal student data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with principle 2.3 except:

A. with the consent of the data subject; or

B. by the authority of a Ministry of Education or powers that are recognized by the courts as legitimate.

2.5. SECURITY SAFEGUARDS PRINCIPLE

Personal student data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

2.6. OPENNESS PRINCIPLE

There should be a general policy of openness about developments, practices and policies with respect to personal student data. Means should be readily available for establishing the existence and nature of personal student data, and the main purposes of their use, as well as the identity and usual residence of the data controller, i.e. the organization responsible for the compliance with these principles and he applicable laws.

2.7. INDIVIDUAL PARTICIPATION PRINCIPLE

An individual should have the right:

A. to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him or her;

B. to have communicated to him or her, data relating to him or her;
i) within a reasonable time;
ii) at a charge, if any, that is not excessive;
iii) in a reasonable manner; and
iv) in a form that is readily intelligible to him or her;

C. to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and

D. to challenge data relating to him or her and, if the challenge is successful to have the data erased, rectified, completed or amended.

2.8. ACCOUNTABILITY PRINCIPLE

A data controller should be accountable for complying with measures which give effect to the principles stated above.

PRINCIPLE 3. TRANSPARENCY AND RESPONSIBILITY

Data administration and the exchange of student data should be conducted in a transparent manner that recognizes the shared responsibility of all parties.

PRINCIPLE 4. INTEROPERABILITY

Digital student data depositories, service providers and all other relevant stakeholders in the Groningen Declaration Network should seek maximum interoperability between their systems

and services to create efficiencies and optimize the capabilities of electronic records exchange and student digital data portability. For this, the Groningen Declaration Network should also continue to promote internationally recognized electronic exchange standards, as well as any future internationally approved standards.

PRINCIPLE 5. OPENNESS

All services provided by digital student data depositories and by other relevant stakeholders in the Groningen Declaration Network should be available regardless of the electronic record solutions in use, as long as the appropriate agreements are signed and that technical, legal and financial requirements are satisfied.

PRINCIPLE 6. FREEDOM TO CHOOSE DELIVERY OPTIONS

Students, educational institutions and digital student data depositories should be free to evaluate their own needs and choose the delivery option of student records or digital student data portability method that best meets their interests.

PRINCIPLE 7. INTEGRITY

Stakeholders of the Groningen Declaration Network will act with the highest level of integrity in all their professional undertakings, dealing with others honestly and fairly, abiding by their commitments, and always acting in a manner that merits the trust and confidence others have placed in them.

PRINCIPLE 8. DIVERSITY

In the planning, development, and implementation of actions, projects, programs and services, stakeholders of the Groningen Declaration Network will engage respectfully with the diversity of peoples, digital student data depositories, perspectives, systems, standards and other actors and factors involved in digital student data portability.

PRINCIPLE 9. RESPECT TO THE LAW

All applicable laws and regulations will be followed by Groningen Declaration signatories. Appropriate guidance and advice will be requested when regulations appear contradictory, ambiguous, or confusing or when a situation is beyond our role or competency.

PRINCIPLE 10. AUDITABILITY

Digital student data depositories must be auditable by relevant authorities of each country in order to assure the compliance of legal obligations applicable to the administration and exchange of student records.

PRINCIPLE 11. GOOD FELLOWSHIP

Stakeholders in the Groningen Declaration Network will to the greatest extent avoid engaging in any activity or communication that creates a conflict or appears to create a conflict with the interests of the Groningen Declaration Network and with any organization in which they have a personal, business, or financial interest. The Groningen Declaration Network stakeholders will not misuse any of the information or contacts made through their work in the Groningen Declaration Network efforts for personal or economic interests.

PRINCIPLE 12. ACCESS

Groningen Declaration signatories cooperate to provide digital student data portability to all interested parties, preferably offering access to primary stakeholders – institutions and students – at no cost or at a fee that will basically only seek to cover operational COSTs.