Real Ideas Help Center

Badge Nation

Managing Your Badges

Earner Personal Data, Consent and GDPR for Issuing Digital Badges

Find out more about data processing involved with issuing digital badges.

Issuing digital badges via online platforms requires processing of earner personal data. The information below is a quick guide to the basics of issuing under GDPR including some platform-specific information to the best of our knowledge.

We always recommend examining any required data processing before you commence issuing badges on any issuing platform. If you would like to discuss any elements of data in more detail, don’t hesitate to get in touch.

Jargon Buster

PII	Personal Identifiable Information (first name, last name, email address)
Issuer	An organisation that is issuing a badge
Earner	An individual that has earnt a badge
Assertion	A unique record of a badge being issued to an earner.
ICO	Information Commissioner’s Office
GDPR	General Data Protection Regulation (Data Protection Act 2018)
Data Controller	A party that exercises overall control over the purposes and means of processing personal data.
Data Processor	A party that acts on behalf of, and only on the instructions of, a relevant Data Controller.

The Basics of Issuing Badges

To issue a digital badge, an issuer inputs earner PII to an issuing platform. This data then becomes an assertion, and the earner receives a notification via email.

Issuing badges should take place using an email address belonging to the earner. If it is not possible to issue badges directly to your earners, please see this guide for more information.

Badge Nation and Earner Data

By purchasing a Badge Nation membership package, the issuer consents to Badge Nation having admin access to their destination issuing platform account, for the purposes of publishing new badges and delivering customer support.

As an account admin, Badge Nation is a Data Processor for any earner PII an issuer inputs to an issuing platform but we will not download or process any earner data relating to Badge Nation issuers unless:

An issuer expressly requests it to be carried out on their behalf.
It is required for the delivery and/or monitoring of an issuer’s membership package.

If Badge Nation is required or requested to process earner PII, this data will never be saved, stored, or recorded in any way.

Badge Nation treats data with the utmost care and takes all appropriate steps to protect it, our Privacy Notice can be found here.

Please note however, we will never collect your earners' PII unless they contact us directly, as described under the "When do we collect your personal data?" section of the Notice.

Lawful Basis to Issue Badges

Issuers are always responsible for ensuring they comply with GDPR. To issue digital badges an issuer must:

Be a Data Controller or Data Processor of earner PII.
Have a lawful basis to process earner PII.

Issuers are responsible for obtaining and demonstrating their own lawful basis for processing the PII of any earners they wish to issue badges to. More information on lawful basis for data processing can be found here on the ICO website.

Consent and legitimate interest are the most commonly used lawful bases for issuing digital badges.

Consent

If the issuing activity is not covered by another lawful basis, the issuer must gain an earner’s consent before issuing them with badges.

For information on consent, please see ‘What is valid consent?’ on the ICO website.
For information on how to obtain, record, and manage consent, please see ‘What methods can we use to obtain consent?’ on the ICO website.

Under GDPR, all individuals aged 13 and over can consent to their own data sharing and can therefore consent to being issued with digital badges.

For issuing to earners younger than this, consent must be gathered from a parent / guardian and depends on the issuing platform you intend to issue badges with. Please see this guide for further reading on issuing badges to children under the age of 13. More information on the sharing of children's data can be found here on the ICO website.

Despite working with individuals aged 13+, some issuers might not be at liberty to allow earners to exercise their right to consent. In these cases, the issuer may still choose to gather consent from a parent / guardian.

Summaries of specific information for Credly, Navigatr, and Open Badge Factory can be found below.

Credly

PII required to process badge issuing manually

First name, last name, email address.

Who can view earner PII for badges that I issue?

Any individuals you request to be granted access to your collection (Collection Manager and Read Only).
If your collection will be housed on an affiliate account, any individuals with Admin access to the affiliate account (N/A for most collections, please ask us if you are unsure).
The Badge Nation team.

Badge Acceptance Method:
Earners must create an individual account on the platform to accept and share a badge.

Earners:
Must be 13+ years old to provide their own consent.
Written consent from a parent or guardian must be obtained for issuing to children aged 11 - 12.
Credly does not support issuing badges to children under the age of 11.

In-platform methods to gather consent:
No

Useful information:
Credly uses US servers to host the platform.

Issuing badges via Credly represents an international data transfer and is covered by the Standard Contractual Clauses contained in Annex 2 of Credly’s GDPR Data Processing Addendum.

Documentation:
GDPR Compliance – Issuer & Earner Data
Data Security Brief
Privacy Policy

Navigatr

PII required to process badge issuing manually

First name, last name, email address.

Who can view earner PII for badges that I issue?

Any individuals you choose to grant access to the provider profile (Admin).
Any individuals granted Admin access to the Community that your provider profile appears within.
The Badge Nation team.

Badge Acceptance Method:
Earners must create an individual account on the platform to accept and share a badge.

Earners:
Must be 13+ years old to create an account on the platform.
Navigatr does not support issuing badges to children under the age of 13.

In-platform methods to gather consent:
Issue badge via Activity
1. Issuer creates activity.
2. Earner creates a Navigatr account and clicks ‘Attend’ on activity to be added to an attendee list.
3. Issuer uses attendee list to issue the badge. For in-person activities, earner can also present their personal QR code to the issuer, who scans it to issue the badge.

Useful information:
Navigatr uses UK servers to host the platform.

Documentation:
Privacy Policy

Open Badge Factory (OBF)

PII required to process badge issuing manually

Email address
- First and last names are optional but recommended.

Who can view earner PII for badges that I issue?

Any individuals you choose to grant access to the account (Admin, Creator, and Issuer).
The Badge Nation team.

Badge Acceptance Method:
Via email, no account required to accept and share a badge.
Optional whether earner chooses to create a passport (digital badge wallet) account to collect and store their badges.

Earners:
Must be 13+ years old to provide their own consent.
Consent from a parent or guardian must be obtained when issuing to children under the age of 13.
If not possible to issue badges directly to the earner, badges can be issued to a parent / guardian on an earner's behalf. Please see this guide for more information.

In-platform methods to gather consent:
Issue badge via Badge Application.
1. Issuer creates badge application.
2. Earner volunteers name and email address when completing application to request being issued with a badge / be issued with a badge automatically (depending on application type as chosen by issuer).

Useful information:
OBF uses EU servers to host the platform.

Documentation:
Privacy Notice
Data processing agreement