From education to employment

Department for Education handling of national pupil databases needs urgent change

In its new report #StateOfData2020 defenddigitalme says data protection law alone is inadequate to protect children’s rights and freedoms across the state #education sector in England. 

defenddigitalme is calling upon the government and policy makers to provide the legal and policy framework for better guidance, regulation and training for school staff on how to manage children’s rights in the digital landscape in England’s state education sector and protect children from interference with their rights and freedoms.

For the first time, a report maps each statutory data collection from every attainment test from the Early Years to A-levels and seven child censuses collected by the national Department for Education. 

With a foreword from Baroness Beeban Kidron, Chair, 5Rights, this report:

  • raises significant concerns about the Department for Education handling of national pupil databases, which needs urgent change (see also the damning 07/10 ICO compulsory DfE audit summary) and ahead of government plans for wider data distribution in the national data strategy;
  • demonstrates case studies of  over ten commercial apps, platforms and services that collect children’s data and the ways in which it is then used and shared: many are unsafe, unethical or unlawful;
  • draws out the datafication and disempowerment of children in the digital environment;
  • highlights that children are the subject of thousands of unregistered product and research trials without consistent standards in child rights or independent ethics reviews or oversight

The State of Data 2020 report part one, makes recommendations on ten topics

  1. Legislation and statutory duties 
  2. Assessment, Attainment, Accountability and Profiling 
  3. Admin data collections and national datasets 
  4. Principles and practice using technology today 
  5. EdTech evidence, efficacy, ethics, exports and engagement 
  6. Children’s rights in a digital environment 
  7. Local data processing
  8. Higher Education
  9. Research
  10. Enforcement

The State of Data 2020 report in Parts 2-4 maps children’s digital footprint across the education landscape age 0-19 including the transition year into Higher Education.  

Part 3 of the report, many companies’ case studies are scrutinised in a day-in-the-life-of-a-datafied school child. Some are unsafe, unethical and unlawful. These are still embargoed but advance access is available on request. 

defenddigitalme calls for attention and action in ten areas across the education sector:

  1. Access and inclusion: Accessibility design standards and Internet access and funding
  2. Data cycle control, accountability and security: mechanisms are needed by industry and schools for lifetime data management for where children leave schools and leave education and that restore lifetime controllership to educational settings
  3. Data rights’ management: A consistent rights-based framework and mechanisms to realise children’s rights is needed between the child / family and players in each data process; schools, LAs, the DfE, companies, and other third-parties for consistent, confident data handling; right to information, accuracy, controls and objections.
  4. Human roles and responsibilities: The roles of school staff, parents/ families and children need boundaries redrawn to clarify responsibilities, reach of cloud services into family life, representation; including teacher training (initial and continuous professional development)
  5. Industry expectations: normalised poor practice should be reset, end exploitative practice or encroachment on classroom time; for safe, ethical product development and SME growth
  6. Lifetime effects of data on the developing child: The permanency of the pupil record
  7. Machine fairness: Automated decisions, profiling, AI and algorithmic discrimination
  8. National data strategy: The role of education data in the national data strategy and the implications of changes needed in the accountability and assessment systems
  9. Procurement routes and due diligence: Reduce the investigative burden for schools in new technology introductions. Increase the independent, qualified expert support systems that schools can call on, benefiting from scaled cost saving, free from conflict of interest
  10. Risk management of education delivery: Education infrastructure must be placed on the national risk register, reducing reliance on Silicon Valley tech giants and increasing transparency over future costs, practice, and ensuring long-term stability for the public sector. 

Remote learning and EdTech

As the world’s learners continue to be affected by school closures in the COVID-19 pandemic, technology is playing a vital role worldwide. Some tools enable the delivery of essential information, connecting school communities outside the classroom. Others provide national platforms for sharing educational materials, or offer alternative means and modes of Assistive Technology and augmented communications, supporting the rights of those with disabilities.

However the rushed adoption of technology around the world, to deliver emergency remote instruction, risks undermining learners’ and children’s rights at an unprecedented speed and scale.

Over the last 3 years, defenddigitalme has scrutinised hundreds of interactions that children are now engaged in simply by going to school, through apps, services and platforms, and at speed and scale in the rush to adopt additional tools to support remote learning. There is very little understanding from parents, teachers or children around what data these apps are collecting and how any data is being used or passed on. This must change.

The State of Data 2020 report sets out why the EdTech sector needs better regulation and ten topics with recommendations for action to safeguard the future of children and young people in the digital environment in state education today.

We are calling for an independent oversight board to be established for every product and research trial application in educational settings and approvals’ process, Its structure along a similar model to the Confidentiality Advisory Group (CAG) in health, under the oversight of a National Guardian for Education and Digital Rights.

National pupil records (over 21m named records of sensitive personal confidential data)

In the most urgent actions, defenddigitalme calls for The DfE to first address its own data failings at national level after the Information Commissioner’s Office (ICO) published the outcome of a compulsory audit of the Department for Education (DFE) undertaken in response to our complaint on the handling of national pupil data. The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws.

  • Since 2012 over 1600 unique requests have been fulfilled to businesses, think tanks and other third parties, for millions of children’s identifiable personal data from the National Pupil Database.
  • In 2019 the DfE permitted the use of 2,136 children’s records from the National Pupil Database for a criminal investigation. It is not known why this was not done by asking the school, not using the national database.
  • In April 2018 DfE permitted the use of the National Pupil Database for a DWP benefit fraud investigation of 185 children.

defenddigitalme took regulatory and legal action through the ICO against the Department for Education for its misuse of children’s pupil data and the failures of the Alternative Provision Census in particular, since 2018, and over its sharing with the Home Office since 2016. 

Neither the DfE nor the Home Office demonstrate any accountability for the outcomes of what happens to children and their families as a result, saying in reply to Parliamentary Question 92745 the information “is not readily available and could only be obtained at disproportionate cost.”

A total of 139 ICO recommendations for improvement were found, with over 60% classified as urgent or high priority. The report raises significant concerns about the DfE handling of national pupil databases, which we argue needs urgent change ahead of the government plans for wider data distribution in the national data strategy, aligned to the ICO findings. 

The State of Data 2020 finds that the DfE has not only lost sight of its data, but its purpose.

On national pupil data processing we propose:

  • a moratorium on the school accountability system and league tables 2020-25 while an assessment is carried out on fitness for purpose. Where pupil data will continue to be affected by COVID-19 it makes  comparable outcomes and competitive measures meaningless and progress measures may be misleading. This is why we call for a pause on EYFS, Baseline, MTC, KS1, sampling Phonics and KS2 SATs;
  • the Reception Baseline Assessment should not go ahead. It must be independently re-assessed for compliance with data protection law and algorithmic discrimination in a) its adaptive testing model design b) Right to Object c) the plans for seven-year score retention and d) decision to not release data to families. The pilot and trial data were not collected with adequate fair processing;
  • independent statistical assessment of the modelling using Key Stage 2 and GCSE prediction reference grades for the 2021 GCSE exam awards process, and the A-levels grading system, including assessment for bias and discrimination in data and design;
  • obligations on algorithmic explainability need met in ways that address student needs in plain English and we propose an individual level report that educational settings (exam centres) can download that will demonstrate any data sources, calculations and how each grade was awarded at individual level. The current Office for Statistics Regulation (OSR) Review may wish to address this.

We call for new law, a National Data Guardian for Education and Digital Rights, and a change in policy and practice across the state education sector. 


The State of Data Event (free and open access) expert comment: Over 25 experts presented on these topics during our 29-30 September 2020, State of Data 2020 remote event. We shared highlights from our new report alongside a series of pre-recorded, short talks from a range of independent experts that drew to many of the report key issues.

Related Articles