News / Campaign policy Prevent pupil privacy

2020 a look back at a year in action and looking ahead

Edited 21:00 31/12.

As 2020 draws to a close, we are acutely aware that a priority for schools right now, is clarity on opening, for whom, and the support for remote learning and testing regime that the Department is demanding. After the statement from the Secretary of State on December 30th, and the variety of updated and newly published documents, here’s the table we drafted on the 30th based on our interpretation of available statements and guidance with accompanying notes and sources.  (Since edited 21:00 31/12/2020)  The DfE has since published various versions of a table. We hope such information will be maintained on a rolling basis (and version control) with policy change announcements as they become available.



Looking back on 2020 data issues in and around education

In January the Sunday Times exposed that gambling companies were getting data out of the Learners’ Records Service, and the ICO began a compulsory audit at the Department for Education in February, after our own 2016-19 and Liberty’s Home Office data sharing case complaints. It would go on to reveal data protection “was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws.” A total of 139 recommendations for improvement were found, with over 60% classified as urgent or high priority.

Ofsted began using bodycams.

Then came the spread of COVID-19.

In the global rush to support emergency remote instruction in the pandemic, schools began a rapid adoption of edTech. Some of the unintended consequences included exacerbating the existing digital divide and barriers to the right to access education. As the response commonly ignored children’s rights, after rapid responses on free school meals, fingerprint readers, and equipment provision, we rallied the collaboration of organisations from five continents to call for action on privacy and data protection rights from regulatory authorities. Some of them went on to publish local guidance. While a few places announced investigations into Google in schools, England’s Department for Education announced funding for support of the ‘tech giants’ Google and Microsoft alone.

By June in England, the Baseline reception test had been delayed again. The national Times Tables (MTC) test became optional. The summer school census and other data collections were put on temporary hold.

In August students took to the streets, Foxglove took up a judicial review, and Boris Johnson blamed a ‘mutant algorithm’ for the exams fiasco, after which the Ofqual Head, and later the Ofqual Chair stepped down. We’re still calling for candidate reports to explain how grades are calculated including any automated decisions and the effects of comparable outcomes modelling.

September saw the ICO Age Appropriate Design Code come into effect, and we got clarification that it will apply to edTech.

We are especially thankful this year, for the contributions of over 20 speakers who switched from our planned event in a London school to our virtual 2-day report launch. We published our research mapping the data landscape in the state education sector in England, and a summary policy findings’ report, the State of Data 2020 (now also available in hard copy). Case studies include positive stories as well as the AI company claims from a company that has no AI in its product, companies that are exploitative but don’t seem to care and don’t want to change their approach, and shockingly invasive practices that ride roughshod over children’s and parental rights and offer no redress. And our State of Data knowledge base, will continue to be updated for some of our ongoing work. For example, we await documents to be released any day now, after an 18 month process and a positive Freedom of Information appeal ruling in our favour, about product development using UK children’s sensitive and biometric data without consent.

Meanwhile, schools await hardware to support ongoing learning outside the classroom after a u-turn on the cuts announced in October and allocations based on as yet unpublished DfE assumptions and calculations.

In November the Council of Europe Committee on Convention 108 adopted recommendations for signatory States, including the UK, and published Guidelines on data protection for children in education settings. “These Guidelines set forth the fundamental principles of children’s rights in an education setting and help legislators and policy makers, data controllers as well as the industry to uphold these rights.”

Now in December we are looking forward to a formal response in January from the DfE on the ICO audit, and its very significant and substantial shortcomings. As we pointed out in our submission to the National Data Strategy Consultation, there is no excuse it’s not been addressed even though we accept that the Department has been under extraordinary pressures in the most recent ten months, since signifiant issues were found in 2016 by the GIAA, when the Government Internal Audit Agency rated the DfE assurance as ‘limited’ when it came to data issues. The Education Select Committee has declined to carry out an enquiry. We want answers on the LRS gambling companies’ investigation. We want to know if the school censuses will go ahead in January, or be paused as they were at the height of the crisis in summer 2020. And if they proceed, does the DfE really think they can go ahead with business as usual, distributing data despite the ICO findings on unlawful practice? We say, no.

The Department for Education, still gives away millions of people’s named, sensitive and identifying data to companies and other third-parties from national pupil data, without people’s knowledge or consent. Over 2,000 releases of millions of identifying records since 2012 with over a third given away for commercial reuse, according to our latest calculations through June 2020. So are we making concrete progress towards safer, fairer, more transparent use of children’s data in education in England? As we said last year, we still need tremendous changes for good national data practice in the education sector in England and including using edTech well, in a rights-respecting way. We need law that supports children better in educational settings.

We also need the Department not to chase missing data that doesn’t exist about learning under lockdown and the ongoing effects. There is a risk of being captive to commercial data organisations that make claims to have insights into learning deficits, and offer their products as ways to measure it, or to use in catch up. Independent statistical scepticism and research into their data validity would be healthy here, but is a rare commodity given that commercial companies rarely offer their data for independent evaluation and many in policy may not know what the data is, and what it isn’t, beyond company claims.

Despite the ICO audit of the DfE there was no enforcement yet to speak of. We expect more from the regulator in 2021, not least in the areas in which we supported families’ in their complaints in 2019 and as the Age Appropriate Code must be seen to be enforced to be of value.

This year in 2020, the government not only scrapped the the Prevent Review required in law by August, but a new Bill revokes the previous obligation to have the Review at all. The education sector made the most referrals (2,426) to the Prevent programme in 2017/2018, accounting for 33%. We continue to push for a review of the data distribution aspects of Prevent by schools, companies, and police; and the clearly unlawful, excessive data practices involving the most invasive, sensitive data about children at home, and at school through “safeguarding-in-schools” tech. And after the recent Online Harms update on December 15th we will be keeping a close eye in 2021 on the potential implications for children’s rights, for example from the risks of more personal data gathering through age assurance mechanisms, risks for online participation and censorship, as well as the behavioural surveillance of ‘online harms’ more broadly.

In 2021 the UN Committee on the implementation of the Convention on the Rights of the Child (UNCRC) will begin their periodic UK review, and we expect to see digital issues raised from their LOIPR, and responses to other consultations including the APPG on edTech.

We expect a response shortly from the Home Office to a request for a child rights impact assessment of the new national police database. LEDS will combine and replace the existing Police National Database (PND) and the Police National Computer (PNC) both of which have been used in data linkage with children’s school records from the National Pupil Database.

And as we withdraw from the EU on December 31st, and more children may become of unclear status, we must also not forget that school census data continues to be handed over monthly to meet Home Office immigration purposes. 1,545 individuals in the five years between July 2015 and 2020. Neither the Home Office or the Department for Education today take responsibility or provide any public transparency for the outcomes on the affected children and families. Further, while the DfE seems unable to find the data to ensure every hungry child is fed, they do seem to have the data available for the Home Office to deny some children free school meals. There appears to be no regard for the harm such data sharing does to families, or any awareness of the self inflicted harm this does to the wider UK interest in achieving recognition of data adequacy

We need to thank a large number of people and organisations. This year more than ever we couldn’t have done all we did without the great support of volunteers, collaborations and many conversations. Thanks to our Advisory Council. Next year for us will also include support of a MOOC on edTech and children’s rights, and we have lots to continue to work on from this year and delivering long term change.

We welcome support. You can see some of the subjects and materials from our participation in 2020 events here, and we will be delighted to ‘meet you’ at what’s coming up virtually in 2021. If you want to get irregular updates on key issues, you can sign up for our new newsletter.

Thank you to the Joseph Rowntree Reform Trust for their core support this year, to the National Lottery Community Fund for support of the State of Data 2020 event, and to donors to our crowd funder, and for financial support for litigation.

We know this subject is not everyone’s priority or even an area of interest for many schools, especially now, but we need to keep making change happen over time. This year has highlighted the urgency of fixing some of the problems, including the unfairness of so much across schools when it comes to digital access, rights and data about themselves, for young people and staff. And some terrible decisions have been made about children’s lives. We have heard so many sad stories, and bad stories, and there is ongoing harm, but also positive work going on for children and young people that we’ve been pleased to be involved with, despite it all. We will continue in 2021 to work on stopping misuses of data, to continue to advocate for change, and to hold power to account. We will keep questioning what’s going on. As Audrey Watters writes, ‘It’s been a cruel and terrible year — one that has changed many lives irrevocably. But will it change institutions? Will it change educational practices?’

We know it is not going to be an easy start this Spring. So from all of us at defenddigitalme, a huge thanks to our whole school communities and staff going so very far above and beyond their jobs right now, to keep children learning and everyone safe. Happy New Year may have never sounded so trite, but perhaps we need to say it all the more. We wish everyone a healthy, happier 2021.