Suche
Mein Konto
Data protection in higher education: Voting safely despite digitalization!
Find out how the University of Erlangen-Nuremberg deals with the GDPR and organizes online elections in compliance with data protection regulations.
Data protection in higher education: Voting safely despite digitalization!
Elections are coming up at many universities in Germany on June 3, 2025. These events are not only important to the university community, but also raise fundamental questions about data protection. The spread of digital voting procedures requires sensitive handling of personal data, which is specifically regulated by the EU General Data Protection Regulation (EU-GDPR).
The EU GDPR, which came into force on May 25, 2018, gives citizens more control over the processing of their data. In this sense, important points of the regulation include the right to information about data processing, consent to data storage, and the right to delete data under certain conditions. Universities, as institutions that process a large amount of personal data about students and employees, must adhere to strict rules in order to avoid data protection violations.
Data protection in university elections
Proper processing of voter data is critical in college elections. The POLYAS platform has implemented security strategies that ensure data protection during online elections. This means that only necessary data is collected and the process remains anonymous. For example, POLYAS uses an anonymized voter register that only works with unique codes, so that the identity of those eligible to vote is never known.
Eligible voters log in directly into the voting system via SecureLink without having to register separately. This approach reduces the risk of data leaks. According to POLYAS security guidelines, the token principle ensures a strict separation between voter data and the ballot papers. Alternative registration methods, such as the PIN/TAN procedure, also offer a high level of security.
Challenges and legal framework conditions
Universities are not privileged by the requirements of the EU GDPR, which means that, like other institutions, they face sanctions for violations. This includes not only administrative penalties, but also image damage that can result from data protection violations. Responsibility for data processing lies directly with the universities and requires them to undertake extensive documentation, information and organizational obligations.
Processing personal data not only regarding students, but also academic staff and research projects, is a challenge. Universities must ensure that they comply with the legal framework when digitizing and evaluating student data. The legal situation in Germany is determined by the Federal Data Protection Act (BDSG) and special state data protection laws.
In summary, the handling of personal data in university elections is a complex interplay of technical implementation and legal requirements. Universities are required to adapt their strategies to the ever-changing environment, while the security of voter data remains of paramount importance. The combination of effective data protection measures and modern voting technologies could not only increase voter turnout but also strengthen trust in the integrity of college elections. For further information on the challenges of data protection at universities, we recommend reading POLYAS and Research and teaching.