Government needs to stop unethical practices in children’s education data gathering, report states
Children’s data is being used for commercial reasons following the rise in the use of EdTech in the pandemic, and the government needs to act to stop unethical practices, the Digital Futures Commission said.
Its report, Governance of data for children’s learning in UK state schools, comes after a surge in the use of technology as schools locked down during the Covid pandemic.
The study provides a critical analysis for the governance of children’s education data in the UK, with a focus on EdTech use. It found significant “regulatory and implementation gaps” and highlighted legal and practical challenges for schools, families, regulators and the EdTech industry.
Under UK GDPR laws, children are a recognised vulnerable group. Education data can reveal particularly sensitive and protected characteristics about them, such as their ethnicity, religion, disability or health status.
“Education data can also be used to create algorithms that profile children and predict or assess their academic ability and performance,” the report said. “Childhood is an important time for the vulnerable natural development of identity and personality, and children need to be free to experiment with this.
“There is a risk that profiling of children using their data can lead to deterministic outcomes such as defining early on what subjects the child is good at or not, how creative they are, and what they are interested in. Safeguards must be put in place in relation to the processing of children’s personal data in schools to protect their fundamental rights.”
The Commission said that the absence of a regulatory benchmark for what it described a “rights-respecting” data processing “leaves both schools and EdTech companies with unclear responsibilities”.
“Schools have few mechanisms and insufficient technical expertise or human resources to hold providers of EdTech companies accountable for the processing of children’s data and its outcomes,” the report said. “EdTech providers have considerable latitude in interpreting the law and accessing children in real-time learning to test and develop their products.”
The Commission made ten recommendations, which included:
- That better guidance is needed from the Information Commissioner’s Office (ICO) on how existing data protection laws should apply to education data processed by EdTech companies
- That there is need for a review of the procedures for accessing National School Data from the Department for Education (DfE)
- That the DfE should produce guidance for EdTech companies, to explain how those companies must fulfil a defined educational purpose that is supported by robust evidence. The DfE should define in detail the meaning of an educational purpose and maintain an independent evidence base to support this, and rules relating to the participation of pupils in research trials for commercial EdTech products
- That the government should have a duty develop an independent oversight mechanism to ensure that EdTech tools used in state schools are both independently evaluated to produce credible improvements in teaching and learning and comply with data protection regulations. This could be done through the development of rules for the procurement of Learning EdTech by schools
- That, as a matter of good governance, the DfE should work with the ICO to ensure that EdTech companies comply with the law on data protection
- That the DfE Schools Commercial Team, which oversees procurement, should develop specific procurement rules for schools entering into contracts with EdTech companies, including those offering products for ‘free’. Value for money should not take precedence over children’s rights.
- That the government should set limitations on the legal terms EdTech companies use to contract with children in schools. The ICO should set out standard contractual clauses for use by EdTech companies in relation to data processing, and the DfE should set out standard commercial clauses related to price
- There is a need for the ICO to develop standard contractual clauses for contracts between schools and EdTech companies, detailing the kinds of data that can be processed from children lawfully
- If the UK wants to lead in the global education marketplace, compliance with the best international standards on data protection and child rights makes good business sense.
