Skip to main content
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Canvas Badges & Canvas Credentials Data FAQs

Canvas Badges & Canvas Credentials Data FAQs


What are Open Badges?

Canvas Badges & Credentials allows users to issue and manage a standardized type of digital badges, called “Open Badges” (a “Badge”). A digital badge is a visual symbol of accomplishment. They can be awarded for any definable achievement and earned in many learning environments, games, or the workplace. An Open Badge is a specialized type of digital badge that contains verifiable metadata about achievements according to a common data format, the Open Badges specification. Open Badges are information-rich visual tokens of verifiable achievements earned by recipients and easily shared on the web and via social media. Because they follow an open standard (Open Badges), earners (“Badge Recipient”) can combine badges from many different sources into common collections, and when they share them, these badges may be verified by any compatible system to ensure that they are trustworthy representations of their earner's experiences. Currently Canvas Badges & Credentials adheres to the Open Badges 2 standard.


What data is contained in a Badge?

Badges can include: 

  • information about the organization or individual who issued a badge (the “Issuer”); 
  • the criteria that the Badge has been assessed against, optional evidence, when the badge was issued, a verifiable reference to the Badge Recipient; and 
  • a number of other required optional properties as determined by the Issuer (collectively, the “Assertion”). Some Badges contain links to detailed evidence, expiration dates, searchable tags, and alignments to educational standards or frameworks.

The evidence that the Badge Recipient submits to achieve the Badge can be included in the metadata inside the Badge image. If added, this data links back to the actual proof of mastery that the Badge Recipient submitted and the Issuer approved. 

Some personally identifiable information that may be contained in the Badge metadata includes, but is not limited to:

  • Badge Recipient name
  • Badge Recipient identifier (e.g., email address or URL)
  • Optional Badge evidence/assertion (e.g., student work such as reports, projects, test scores, or videos may contain private or personal information) 

In many cases this information is not displayed publicly by badge platforms and often, the Badge Recipient work used as evidence is secured behind authorization logins. 

However, a Badge image file will contain some or all of this metadata, and the image file can always be opened and the metadata viewed. Under the Open Badges specification, Badges have been intentionally designed to be forward-shareable and the metadata inside the Badge is intended to be publicly viewed by design. Please, note that the publicly viewed design model will change with the Open Badges 3 standard once that standard is implemented in the future.


What do organizations need to think about for Open Badges?

It is the Issuer’s responsibility to discuss and understand its compliance obligations with its legal counsel in connection with its use of Open Badges platforms and tools. 

Issuers may want to ask qualified advisers about some of the following practices:

  • Make sure the Privacy and directory Information policies provide notice of your disclosure practices associated with issuing Open Badges.
  • Don’t include actual grades or individual test scores in an Open Badge.
  • Don’t include sensitive information such as social security numbers, health, medical, or disability information in an Open Badge.
  • Only include the minimal amount of personally identifiable information for your Badge Recipients. 


How does this apply to Instructure?

When an Issuer uses Canvas Badges & Credentials, that Issuer obtains consent from the Badge Recipient to permit Instructure to create an account, store, process the Badge Recipient’s data. The Issuer requests that an Badge Recipient account be provisioned under an email address associated with the Issuer or through SSO via Canvas LMS. Once the Badge Recipient signs into Canvas Badges & Credentials, a user account can be created (referred to as the “Backpack”). 

The Badge Recipient can add any other email address to their Backpack that they choose. For example, the Badge Recipient can add their personal email such as a Gmail or Yahoo email address. Once that Badge Recipient leaves the Issuer organization, they can continue to access their Backpack and their earned Badges by logging into their Backpack. As long as the Issuer has not revoked the Badge, the data (and metadata) contained in that Badge will continue to be stored by Instructure. Instructure does not delete the Badge data until the Issuer revokes the Badge or the Badge Recipient terminates their Backpack account. 

The Badge Recipient can freely share their Badges. Badge Recipients may download the Badge and share it with others. Sometimes Badges are delivered as an attached image file that contains the metadata baked as code into the image file. A Badge Recipient can send the Badge to other systems such as their preferred backpack, wallet, or portfolio tool. 


Children’s Privacy. 

In the United States, if a Badge Recipient is under 13 years of age then that Badge Recipient’s data is subject to the Children’s Online Privacy Protection Act (COPPA) Additionally, other countries that have similar age consent laws that apply to the Badge Recipient use of Badges and their Backpack account, (collectively, “Consent Laws”).

Because Open Badges are intended to be  freely shareable, and owned by the Badge Recipient once earned (or until revoked), Instructure may be required to comply with these Consent Laws in order to set up and maintain the Backpack account (even if the Badge and Backpack was authorized by an Issuer). So long as the Badge remains valid (that is until revoked by the Issuer) the Badge Recipient can share that Badge openly across the Internet. The Badge Recipient’s Backpack account will also remain available until it is terminated by the Badge Recipient.

In order for Instructure to properly store and process the data of Badge Recipients subject to Consent Laws, we must have appropriate consent to process the Backpack account. Instructure may not rely solely on consent provided by the Issuer that originally authorized the Badge Recipient’s Backpack or the Badge. Currently we do not have such consent functionality built into Canvas Badges & Credentials. For this reason, we may not be able to offer this service to your institution if your Badge Recipients are subject to age specific Consent Laws in their respective jurisdiction. 


For More Information.

If you are a current customer and have questions about Canvas Badges & Credentials, please feel free to contact your account Customer Success Manager. 

If you have questions about Instructure’s privacy practices, please contact our privacy team by emailing

Was this article helpful? Yes No
Embed this guide in your Canvas course:

Note: You can only embed guides in Canvas courses. Embedding on other sites is not supported.