Discussion on Edmodo "Safe Harbor"

In the around the region concern was expressed about Edmodo being hosted in America, Mark Chaney, Bedford College raised the issue with Jisc Legal and forwarded this response.

The Jisc Legal guidance "What are the FOI and DP implications of using services like Dropbox or Evernote?" is available here - http://goo.gl/30ncXo.

Other guidance on what issues should be considered before signing-up to a US hosted e-learning service is available here - http://goo.gl/950kU1.

Guidance on what data protection matters need to be addressed before outsourcing processing of personal data is available here - http://goo.gl/WImV3x.

A checklist to assist with ensuring that data sharing complies with the law is available here - http://goo.gl/GLWfng.     

"Safe Harbor" is the mechanism whereby organisations notify the US Department of Commerce that they adhere to the Safe Harbor framework developed by the Department of Commerce in coordination with the European Commission.  

A quick search of the Safe Harbor list online - http://safeharbor.export.gov/list.aspx - does not find any of the three organisations that you refer to so the onus falls back on you to satisfy the adequacy test for the personal data of the individuals that you process.

There certainly is an amount of renewed scrutiny of the Safe Harbor arrangements.  See the story here - http://www.jisclegal.ac.uk/ManageContent/ViewDetail/ID/3395/Safe-Harbour-Under-Fire-in-New-Report.aspx.  

In general it is fairly safe to say that liability in terms of unfair processing would be unlikely as long as the institution carried out a risk assessment that considered and balanced the data protection guidance above.  

Last modified: Tuesday, 29 April 2014, 11:22 AM