The General Data Protection Regulation Goes to School: Proportional Versus Top-Down Regulation in Primary and Secondary Institutions

The General Data Protection Regulation (GDPR, a European law that controls how organizations collect and use personal data) was created to control large tech companies but also applies to smaller organizations like schools. A research study in Italian schools found tension between following strict top-down rules and making practical decisions based on actual risks to protect data.