The continued discussion revolves around the potential benefits and drawbacks of Intelligent Tutoring Systems (ITS) in the educational sphere (Second Part).

In the rapidly evolving world of education, Intelligent Tutoring Systems (ITS) are becoming increasingly popular. These systems aim to provide personalized learning materials and grading based on a profile of the affected person. However, it's important to note that the AI may only provide decision-making criteria, and the final decision must always be made by a human.

The use of ITS presents several data protection issues that need to be addressed. Access to private devices by schools is impermissible due to invasion of the affected person's private sphere. Regulations in the data processing agreement should be included to prevent data processing for the provider's own purposes, such as advertising or AI training. A data processing contract, containing the mandatory content according to Art. 28 GDPR, is necessary.

When using ITS, data protection and security cannot be guaranteed to the legally required extent when using private devices for ITS. Exclusive use of school devices will be necessary for ITS deployment in the long term, with exceptions in individual cases according to § 2(2)(7) of the Ordinance on Data Processing by Students, Students, and Parents (VO-DV I).

When using online learning platforms with ITS, Art. 22 GDPR applies, and the evaluations of individual students' skills may only serve as the basis for grading or other decisions regarding the student's school career. A Data Protection Impact Assessment (DPIA) is required whenever the processing is likely to result in a high risk to the rights and freedoms of natural persons, especially when using new technologies as per Article 35(1) GDPR.

The Federal Ministry of Education and Research has initiated a project, "Data Protection Certification for Educational Information Systems" (DIRECTIONS), to develop a sustainable data protection certification for IT systems in the education sector. Similarly, the Academy of Sciences and Fine Arts Rhineland-Palatinate (Akademie Rheinland-Pfalz) initiated a project in 2021 to develop a sustainable data protection certification focusing at least on learning applications and content platforms for educational information systems.

It's crucial to remember that the learning platform is often operated, hosted, and maintained by an external system provider. This raises concerns about data protection and IT security, and the same data protection and IT security measures and review points should be considered as when introducing new applications and software products.

The use of ITS can pose data protection and IT security risks, and these risks should be thoroughly reviewed by the data protection officer and the responsible authority in individual cases. It's also worth noting that the service provider cannot be the data controller according to Art. 4 No. 7 GDPR. Depending on the intended use and specific design of the ITS, it may be considered a high-risk AI system according to Art. 6 para. 2 AI-VO.

In some cases, teachers may need to view students' screens to fulfill their educational and teaching duties as per § 120(5) SchulG NRW, and creation of screenshots using an MDM could also be permissible. When using a Mobile Device Management System (MDM) for school devices, central management, updating, application installation, and user behavior monitoring within the bounds of legality are possible.

The points mentioned are not exhaustive and do not replace the review by the data protection officer and the responsible authority in individual cases. It's essential to approach the implementation of ITS with a comprehensive understanding of the data protection and IT security implications to ensure a safe and secure learning environment for all students.

The continued discussion revolves around the potential benefits and drawbacks of Intelligent Tutoring Systems (ITS) in the educational sphere (Second Part).