The General Data Protection Regulation (GDPR), applicable in the European Economic Area (EEA), came into force in 2018 and impacted the day-to-day activities of anyone, who handles personal data, including IEA and the network of National Research Coordinators implementing IEA comparative studies and collecting data from students, parents/guardians, teachers, and school principals. This presentation takes the view that the GDPR provides some benefits for International Educational Research and documents how IEA interpreted and implemented some of the requirements of the GDPR and the benefits of these arrangements for participants in IEA Studies, IEA data and Open Science as a whole. The first aspect we look at is the obligation to provide information to the data subject, where personal information is collected from them. The data subject must be informed inter alia about the purpose of the processing, who will process their personal, who will have access to it, would it be transferred outside of the European Economic Area, for long the personal data will be processed and where it will be stored. In the field of educational research, this obligation imposed on the data controller, benefits the research participants by respecting the child’s evolving capacities. To this end, IEA has prepared a Data Protection Declaration template, which provides participating students, their parents/guardians and teachers with the necessary information. A step further is to prepare an additional child-friendly version of these documents, targeting 4 and 8 grade students. A second aspect to consider is some of GDPR’s core principles of processing of personal data and their positive impact for International Educational Research. Respecting principles such as lawfulness, fairness and transparency, purpose limitation, data minimization, integrity and confidentiality, as well as accountability strengthens the integrity and the ethics of the research and keep researchers accountable. Compliance with the GDPR also directly benefits IEA data itself, as it ensures that the collected data can be later analysed and used for research purposes. Using TIMSS 2023 as an example, this presentation seeks to show how the rules of data protection can be reconciled with the goals of Open Science to the benefit of study participants and international educational research. While IEA encourages Open Science by having IEA data publicly available, as part of the international report and the International Database (IDB), IEA also ensures that any personal data of participants is protected by adopting appropriate safeguards such as anonymization and pseudonymization techniques.

The full title of the GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)