PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Are Test Answers Personal Data?

Posted on January 25, 2024June 24, 2025 by Dissent

Odia Kagan of FoxRothschild writes:

Are test questions and answers personal data that needs to be provided pursuant to an access request?

A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws.

Some key takeaways:

  • Answers given by a student in a test could be considered personal data. Test questions, however, cannot be considered personal data.
  • The argument the test questions are strictly linked to the answers given by the plaintiff was also not accepted by the court, which held that the questions do not reveal anything about the level of knowledge of the plaintiff and thus do not constitute personal data.
  • Access requests under Article 15 GDPR serve the purpose of making data subjects aware of the processing of their personal data and to verify the legality of processing. It is therefore irrelevant that the plaintiff needed access to the test questions for the purpose of interpreting the test result because he does not have a right to access under the GDPR for such purpose.
  • Test questions may constitute trade secrets.

That ruling makes sense. Entities have a legitimate interest in protecting the security of test questions.  But could there come at time when — or has it come already — when test questions might contain personal information on a student?

No related posts.

Category: Youth & Schools

Post navigation

← Relied on by Parents, Hailed by Schools, GPS Bus Trackers Raise Security Risks
Victory! Ring Announces It Will No Longer Facilitate Police Requests for Footage from Users →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy