Digitalization in education brings great opportunities, but it also creates new tensions between privacy, control and cost. This is highlighted once again in the e-book “Who is responsible for student devices?”{target="_blank"} by Paul Ossewold. Schools have a duty of care and parents understand that. But when that duty quietly extends into control over privately purchased devices, something essential gets lost: ownership.
And that’s where I check out.
As a parent asked to purchase a laptop for my child’s education, I believe that device is our property. Ownership means we have the final say over it. While schools are responsible for protecting student data, this responsibility shouldn’t come at the cost of a family’s autonomy over their own hardware. If a school requires control over the device, it should provide one through a rental or loan program where that control is formally arranged. Any other approach feels like administrative convenience disguised as a duty of care.
The legal reasoning is correct, but the moral one is not#
According to GDPR and the IBP-FO Standards Framework, schools are the data controllers and responsible for personal data security, even when it resides on a private device. Legally correct, yes, but morally? It shifts the burden entirely to parents and students while denying them any real control. You get the costs and obligations of ownership, but not the autonomy that comes with it. The GDPR may define responsibility, but it doesn’t grant control over privately owned hardware.
That is not a duty of care; that is risk outsourcing with a moral buyout.
BYOD is not a sin#
If a school takes digital security seriously, it must dare to make choices. Do you want maximum control? Then provide the devices yourself. Do you want parents to invest? Then that includes free BYOD, not some half-baked MDM profile that remotely determines what a child can and cannot install on their own laptop.
The “middle ground” many schools choose, letting parents pay but letting the school decide, may be administratively convenient, but it is socially unreasonable. It is comparable to an employer who says: “You can use your own car for work, but we determine what fuel goes into it and we install a tracker.” Everyone would find that absurd. So why do we accept it with students?
A Question of Expertise and Privacy#
From my professional security standpoint, I understand the school’s reasoning. I really do. However and I say this not out of arrogance but from 25 years of technical experience, the IT knowledge at many educational institutions is often subpar. This lack of expertise is precisely why they resort to such invasive measures.
From a privacy perspective, this is a major sticking point. What my child does on their private laptop is a private matter. If they decide to look at something they shouldn’t, that’s a conversation for us to have at home, not a matter for school administrators to monitor. If schools want to keep their applications and data secure, they should use modern solutions like Conditional Access policies and web-based applications. This approach secures their assets without infringing on the ownership and privacy of a personal device.
The open source lesson#
Maybe it’s because I come from the open source world, but freedom and responsibility belong together.
My Preference: The Linux Path#
This brings me to the operating system. While proprietary software requirements might unfortunately make it a challenge, I would still strongly encourage my child to use Linux. It’s partly a nerd’s preference for open source, a value I’d like to pass on. He’s already showing an interest and it presents a great learning opportunity. Besides, what better way to teach digital literacy than by letting kids explore an open, transparent operating system instead of a closed, managed one?
This choice also serves as a statement. It reinforces the principle that this is our device and we decide what runs on it. It’s the practical application of my stance on ownership and autonomy, even if it requires navigating some compatibility hurdles.
Digitalization in education must not become a slippery slope where schools implicitly demand access to private devices through a “duty of care”. Transparency, voluntariness and ownership are the foundations of digital resilience, not bureaucratic control mechanisms.
In conclusion#
Digitalizing education is necessary. But let’s be honest about the distribution of costs, control and risk. Real digital maturity starts when schools respect the boundaries of ownership as much as they respect their duty of care.