We have to admit—Sometimes data protection feels like a never-ending bureaucracy. More forms to fill out, another penetration test, another lengthy contract to draft. At ITB we take care of ensuring that we meet all the requirements of the European General Data Protection Regulation (GDPR). Why do we go through all this for study aptitude tests?
The answer is: Hopefully, because it matters.
Don’t you think that university applicants should know who finds out which degree program at which university they are applying for and what test scores they have achieved in a corresponding test? Shouldn’t they even have the right to decide for themselves who gets access to this sensitive data?
That’s exactly what the GDPR ensures—for any admission procedure falling under its scope.
What sounds like common sense is not always the global standard. Some non-European test providers, for example, transfer participant data to subcontractors in other countries or to certain universities that pay for it. In some cases, participant profiles are created using not only test data, but also behavioral data inferred from online activity—data applicants never knowingly submitted.
The argument? It’s “in the applicants’ best interest”—to help them receive study offers, even if their scores aren’t top-tier. So a bit like a dating app? Maybe, but honestly: would you like to find your personal data on a dating app even though you have never registered there?
The bigger problem is that many applicants have no choice. Either they accept what is done with their data or the don’t get a test result, which is required by the universities.
This “sink or swim” logic doesn’t align with the idea of fair, respectful selection procedures. We believe university applicants should have a choice—and this includes choosing a study aptitude test that meets the requirements of the GDPR and puts students in control of their data.
