Comment by malshe
2 days ago
> Now I have a local folder where I drop my 1 student list, with names and emails, 2 my loose notes, and 3 a qualification & feedback sheet model; then claude creates a sheet per student, formats and copies the feedback to the right sheet cell, waits for my corrections, then sends everything to their school emails
Yikes! Is this legal in your country?
I've built a small system to do this anonymously. There is a students.csv with real data, a notes.txt that contains my unstructured comments and grades associated to ids (not names or student data), and a model.ods that contains the grading sheet model.
Claude takes the notes.txt and produces a json with corrected comments in the structure I asked for (highlights/needs work/grade), associated to student ids (not real data). This works both for single id or multiple id, for group assignments.
Then a script takes the json, creates a model sheet per student or group of students, fills the right cells, checks the ids against students.csv to fill the real names, and produces the pdf in a pdf/ folder.
Another script sends the pdfs.
I gitignore the sensible files, including an .env with SMTP pass, and denied permissions to Claude for those files using a rule at .claude/settings.json.
There is also a config file to change language, email text and other things.
I believe this is safe and compliant with GDPR, unless Claude ignores the deny rules! Any comments appreciated. Thanks.
possibly not or grey area under GDPR if I use identifiable information, as it is sent to Anthropic for processing, no matter if used for training or not, but I am unsure about this, I should probably anonymize and research it more, thanks for pointing it out
You could just send Anthropic scrambled names / emails and then unscramble locally?
yes something like that, additionally most steps do not require data going through claude anymore, as it already wrote the script that take the student list and the qualifications model and produce a model per student, AND the script that takes that and sends each to its right email. The problematic part is when claude reads my notes and formats them into each of those student qualification sheets. There I would need some form of scrambling as you suggest, not to hijack the thread but ideas appreciated for a minimal setup. I believe claude respects .gitignore.
2 replies →
There is another institution I teach at that gives us Gemini, but not via API, which limits its use for this kind of work to an extent, I could do it via drive, I assume. There being a contract puts the institution and Google as responsible of the data. The first institution I was talking about has MS Teams, without AI afaik, but if they contract it I guess I can do the same with sharepoint, etc.
Sorry to tell you but it’s not grey area, it’s full on black. You do not have permission to share such data with a third party provider that doesn’t have strict privacy guarantees and that you have a data processing agreement with. TOS are not sufficient.
Yes, thank you, I developed and shared, above, a workflow for anonymization.