This move aims to enhance the learning experience of students who cannot attend in person teaching due to absence or in the event there are further lockdowns.
The ICO has issued clear guidance that data protection is not a barrier to increased and different types of remote working, but universities will need to consider the data protection issues and appropriate security measures.
When recording lectures, universities are processing personal data of the individuals delivering, and in some cases attending, the lectures. Where personal data is processed, universities will need to ensure that they are doing so fairly, lawfully and transparently.
First, consider whether processing personal information in this way is fair, taking into account what staff (and in some cases students) would reasonably expect in relation to the use of their personal information, the reasons their information is being used for this purpose and any detriment to the individuals involved.
Secondly, identify and document your lawful bases for processing personal data. For most universities it is likely that they will be able to rely on legitimate interests or public task as their lawful basis, but remember if you are relying on legitimate interest a legitimate interest assessment should be carried out.
Thirdly, make it clear to staff (and where applicable, students) what you are doing with their personal information, how recordings will be reused, how long they will be kept for and with who they will be shared. You can tell individuals either by updating your current privacy notice or by creating a separate notice which applies to only lecture recordings.
Other issues should also be considered, for example, whether the platform used to record lectures has end-to-end encryption, whether it has sufficient security measures to prevent unauthorised access, and if there are any reported concerns about the security of the platform.