Children’s Wellbeing and Schools Bill: more questions than answers

While we await the detail of the Department for Education’s new Children’s Wellbeing and Schools Bill, we have read that it, “will make important changes to protect children and improve education”. We will revisit this blog with updates as we learn more. The parliamentary order paper blurb doesn’t mention some of the more concerning lines that have been in the media, and this has created more questions than answers so far.

**updated* The Bill, now live, contains various information sharing provisions and a section on consistent identifiers.

1. A compulsory Children Not-in-School register

The published aims to date include a compulsory Children Not-in-School register in every local authority in England. What it will look like is not yet clear. Is it only a compulsory Children Not-in-State– Schools register or will it cover fee paying schools as well? Centralised and feeding into existing infrastructure like the National Pupil Database, or a new one, or distributed with statistics going to the DfE much as today and has been compulsory since this year? The collection from local authorities started in autumn 2022 and became mandatory in autumn 2024.

Its framing has already antagonised home educators off the bat. Some families remove children from settings in which they cannot thrive as a protective measure rather than making the elective choice to home educate, so to suggest that parents may routinely be less safe than school will not go down well. The BBC has reported comments from Wendy Charles-Warner of Education Otherwise saying that it is “deeply offensive” to parents to suggest that every child is at risk unless the local authority knows where they are.

“In most cases, it’s a positive move for their child, because they’re acting to protect their child.“

Will it require the collection of personal data about every child in private or independent educational settings, as many home educated children are? There is no information on this at the moment.** (After the time of writing, the Bill details show there will be a vast data collection exercise about providers, that seems to badly misunderstand how much home education is delivered including in multi-family skill sharing working groups, in small specialist services who are not large enough to be considered a ‘school’, and clubs and places that teach astronomy, music, or arts and crafts. The Bill will mean a *vast* data collection of providers that can change at any minute of any given week. The government should learn lessons from why they stopped the collection of AP provider data in around 2012, due its inaccuracy and unmanageability for little benefit).

That parents will no longer have an automatic right to home educate if their child is subject to a child protection investigation or under a child protection plan may sound eminently sensible. However, Education Otherwise has also raised the challenge of how this will be put into practise to prevent its weaponisation, aimed, for unfounded or ideological reasons, at disrupting and preventing home education. If parents lose their automatic right to home educate if their child is subject to a child protection investigation, then it is the child whose life will be most disrupted to be forced into a school setting and potentially come back out when the investigation is over, so operating in a timely way to avoid that would be of utmost importance. There is the risk of ‘the usual suspects’, the environmental campaigners, the travellers, the marginalised, all becoming over policed through just the threat of investigation, even without substantive intervention.

As at census date in autumn 2024, local authorities had reported 111,700 children in elective home education (EHE).These are not “children missing education” (CME) as badly reported in some media stories, and this EHE data is already collected and recorded by the DfE at national level. For context, this figure is a 1.4% rate of EHE of all children on census day by population. There is no necessity to process the personal data of the overwhelming majority of children for any ‘safeguarding’ purpose at all.

From our work in 2018-2022 on children-not-in-school data, including FOI to every local authority in England and Wales, we know ‘the numbers’ are unclear in part because there is inconsistent recording whether the same child ‘missing education’ is recorded multiple times in any one year in the Local Authority numbers, whether the amount of time spent as CME was divided up as a full time equivalent across a year, or whether one child recorded as CME for one day in a year, counts the same as a child missing the whole twelve months.

2. Lessons Learned

We are concerned that so far at least in media reporting, no lessons learned from past failures appear to be being learned and may well be repeated.

The Not-in-Schools register was already scrapped with the demise of the Conservatives’ Schools Bill. ContactPoint was abandoned in 2010 with acceptance of the realisation that,

“it’s not a computer system that will save vulnerable children. It’s the performance of the professionals at the sharp end, who need to be properly trained and resourced.”

That database, created under the Children Act 2004, cost £224m to set up and £41m a year to run. It operated in 150 local authorities, and was accessible to at least 330,000 users. The risks of such databases are so well known that some individuals were ‘shielded’ in a two-tier approach to data protection and respect for privacy of family life.

“It fuelled a belief that complying with procedures and entering data on the system, rather than the effectiveness of what then ensued, brought protection. How many frontline social workers could £224m have bought?” (Tim Loughton, The Guardian, 2013)

There are echoes of the use of the abuse of Victoria Climbié in the building of ContactPoint, in the use of Sara Sharif underpinning media stories today, about the new Bill plans and database of pupils in home education. It is important to note the words of the Victoria Climbié Foundation, that:

“Sara Sharif was not a hidden child – she was known to the authorities. As in the tragic case of Victoria Climbié, she simply fell through the gaps and was failed by services involved in her  life. Concerns had been raised and seemingly not acted upon within a multi agency framework.” (VCF statement, 16 December 2024)

It is hard to therefore understand without more context, how the ‘new’ demand for a multi agency framework (that already exists) would have made any difference in her case. It is people, properly funded and in professional services, who can work to keep children safe, not the database state. But more detailed thinking on the ‘how’ of such things that work and what did not matters, just as well as whether they should be done at all.

3. Misrepresentation of the current status will lead to unsafe public policy

The supporting facts and data are all too often misrepresented, whether by design, by incompetence or in the search for the evidence to fit the desirable narrative can vary depending on the authors. The most recent disappointing data was produced in a report by the EPI in an at best misleading presentation of current law, policy and practice. Their report published on December 4, 2024 recommends things that are already done, implying that they are not already a legal obligation:

“Schools should be required to record reasons for removing pupils from their rolls.”

In fact, the School Attendance (Pupil Registration) (England) Regulations 2024 ( No. 208 Regulation 13) (4) already requires that when the name of a registered pupil is deleted from the admission register of a school, the proprietor of the school must make a return to the local authority (a “deletion return”) giving the following information about the registered pupil from the admission register—

(a) full name;
(b) address;
(c) the full name and address of any parent the pupil normally lives with;
(d) at least one telephone number that each such parent can be contacted with in an emergency;
(e) the information entered in the admission register in accordance with regulation 8(3), if any;
(f) the information entered in the admission register in accordance with regulation 8(4), if any;
(g) which of the circumstances listed in regulation 9(1) or (3) are the basis for the deletion of the registered pupil’s name.

It is this final point (g) that means the school already has a duty to record one of fifteen reasons for a child’s removal from the register, from a to o. Does the government acknowledge this? Why does the EPI report not make this explicitly clear, and instead implies schools are not already required to record reasons for removing pupils from their rolls? A Head Teacher can even be prosecuted for removing a child from roll without complying with the pupil registrations regulations (see Section 434(6) Education Act, 1996).

If a pupil disappears without a known destination of the next educational setting, they will in addition to it being recorded at the Local Authority, be added into the part of the Common Transfer File system that posts children’s records into the national Lost Pupils Database (LPD). They are pulled out of that LPD once a state school ‘receives’ them again into their own system. While our FOI was not credited in the EPI report, it is illogical to suggest as it does, and as the Children’s Commissioner does, that because these databases recording do not work very well for schools, there should be more databases recording more data from schools, but without tackling why.

4. The Single Unique Identifier

The EPI also suggests that the Office for National Statistics becomes in essence the home of an operational single national ID:

“The government should build on their existing plans to create a register of ‘children not in school’. By integrating data from education, health and other relevant administrative data sources, the ONS could maintain a more complete register on all children in contact with services in England.”

The ONS could do a lot of things with population-wide data, but there are reasons that it does not, and never should. Tony Blair of course, was the PM most famous for his ‘obsession’ with ID.

There are known risks to a single ID for children, especially for some of the most vulnerable. Using a Unique Pupil Number (“UPN”), and the former UPN, for adopted children and children-at-risk in a single ID can create further new risks see 6.5 and 6.6 wrt the UPN for those children that are known today, and a new ID will likely reproduce this. Secure state identifiers, require special protections including being a blind identifier and that should lapse when children leave school (see page 6-8). But an ID used across services undermines safety-by-design. There is also already the  Unique Learner Number (ULN). Why, you should ask, are these numbers not simply reused already? They are constrained for safety reasons, so why does the government want to create yet another new risk for the-already-vulnerable?

There are a wide range of questions around the new “single unique identifier number” for children across services. Is it only for public sector or private providers too? It is unclear how, “a consistent identifier will allow those responsible for the safeguarding and welfare of children to better join relevant data and identify children who will benefit from additional support.” How will it be used, in what systems, by whom, under what audit processes, with what obligations and limitations, and with what guardrails against scope creep are just some of them.

5. Data Protection law will discard risk assessment and data subject rights

The blog published today says that, “existing data protection laws already make clear that safeguarding must be prioritised when deciding whether to share information“. Why then change data protection law at all if it already does what is needed?  Where vulnerable, high-risk sensitive information is processed, “speeding up” the process as it suggests, may not be what children actually need in their best interests.

“This new law will mean more confidence for those responsible for requesting and providing sensitive information – speeding up the process and providing a clear legal basis for sharing information on the grounds of safeguarding and promotion of welfare.”

In case of urgent needs, the data protection basis of vital interests is layered on top of the public authority’s lawful grounds for processing personal data so that the new legitimate interests condition would be unnecessary. In fact, ” …a clear legal basis for sharing information on the grounds of safeguarding and promotion of welfare” is NOT what an additional condition of data processing provides for public authorities, but it is exactly what we have warned will be misunderstood as such, neatly demonstrating our point of one of the problems with this new condition under Schedule 4 of the Data Use and Access Bill.

Not only is data protection law misunderstood but unless the practicalities and costs of data management are prioritised, especially for something that has no local benefit beyond what is already done today for direct care; the quality, accuracy, maintenance and access requirements to the new data will mean it will fail to be up to the task, and worse than that, may cause more harm than good, for reasons similar to those we identified in the Welsh government consultation on “children missing education” Databases and Regulations for Local Authorities and Local Health Boards (2024).

And all of these data about children not in school, some who should be and are not, and others who are not expected to be, need careful unpacking separately. Conflating the labels and groups shapes bad policy with harm through real interventions in real lives.

6. Children’s national pupil data records today

Children about whom nothing is known by the state, the so called ‘invisible children’ cannot be magically added to any database. If they were known today, they would already be on the existing databases. It is believed there are very few of these, but of course, it is unknown. It also by default a number that cannot ever be known. The NCB and Children’s Commissioner have made previous guesstimates of around 3,000 individual children.

The reshaping of reality on children in and out of school through loose language matters. There has been a persistently retold half-truth about numbers since 2021 (the Telegraph published our letter to the editor on it in March 2022) and the Conservative story too often omits Covid as causation of illness (not only a ‘lockdown’ harm) completely.  Still, it seems, this is not easily fixed by fact alone.

Local and national education settings and infrastructure are unfit to manage additional sensitive data, mentioned in the Children’s Wellbeing and Schools Bill media reporting and blog, including new compulsory registers of children, and “[another] a unique identifier number for children across services”.

To do so, will mean fixing that data-carrying infrastructure first.

Today, there are now millions of adults, any formerly state school pupils aged under 50, among the 23 million people in the National Pupil Database, including many of the new Labour MPs 2024 intake, whose own identifying and sensitive personal data are given away today to commercial recipients (and until our 2015 intervention had never been audited and there was no process for it).

 The DUA Bill will make what is currently unlawful, lawful, and offers no new safeguards at local, Local Authority, or national levels.

Furthermore, the DfE should know it still fails to meet the responsibility it has to inform people what it does with personal data, including the 9 million pupils and their parents today, in its fair processing obligations. Their ICO Audit in 2020 found substantive fundamental failings to uphold the law. The issues of re-uses without informed processing and lack of opt out mechanism offered under legitimate interest remain unresolved, but could be quite straightforwardly using existing MIS systems today.

— The ICO Audit of the Department for Education, 2020

“The DfE are not providing sufficient privacy information to data subjects as required by Articles 12, 13 and 14 of the GDPR,” …“The DfE are reliant on third parties… this often results in insufficient information being provided and in some cases none at all which means that the DfE are not fulfilling the first principle of the GDPR, outlined in Article 5(1) (a), that data shall be processed lawfully, fairly and in a transparent manner.”

— The ICO Audit of the Department for Education, 2020

“There is an over reliance on using public task as the lawful basis for sharing which is not always appropriate and supported by identified legislation…there is limited understanding of the requirements of legitimate interest and to assess the application and legalities of it prior to sharing taking place how it should be applied to ensure the use of this lawful basis is appropriate and considers the requirements set out in Article 6(1)(f) of the GDPR.”

7. Children’s support, wellbeing and access to education often limited by costs

The costs of new databases duplicating data that already exist, would be far better spent on patching up the 70% cuts to Local Authorities youth services, CAMHS, or Early Intervention Grant, or basically anything else for children and young people or families. Another recognised hidden cost is to the children whose carers may choose not to present them to other services, like health, for fear of being ‘found’ and ‘linked’ into other records via their education data. What safeguards will be in place to protect children in families where that may be a risk created only due to the new process, but who are at no genuine risk at home?

Changes need to address the quality of education for children who are on a school roll, but aren’t in fact receiving a suitable education, either because of illegal exclusion, dual school registration, unmet SEND provision including cuts to TAs’ time, or unsuitable part-time timetables. Attendance should not only focus on numbers of children not going in, but about what happens when children do.

While there is also no available research on what effect the increasingly routine and rising charges of transport and materials is having on attendance, it would make interesting reading, since despite charges being prohibited under s450 and 451 of the Education Act, routine charging has become standard practice for educational settings. Whether for required items and materials related to their course, including the bare minimum of books, equipment, materials and trips to any supporting activities for the curriculum such as the GCSE compulsory plays, plus an annual school or college ‘fund’ often in a one-off payment of well over £100 per pupil, to the £450+ iPad per child subscription service; charges are for far more than the permitted ‘optional‘ only items. And despite the age of compulsory education (or equivalent) having been raised to 18, post-16 education or training does not include free or subsidised travel. CAMHS is not functional and many children cannot get back into schools without support. SEND provision is not meeting needs. Why these measures are not tackled first ahead of data and techno-solutionism is a source of our continued frustration with ongoing UK government data policy in education.

As the Victoria Climbié Foundation sums up:

“We must improve the quality of services to children for whom interventions should legally be determined on the basis of significant harm and in their best interests, not on political will that leads to inappropriate and unacceptable practice for children, their parents and certain communities. The desired implementation of reforms has since been replaced by policy decisions that are adversely impacting on children, families and community engagement, and the introduction of the Children’s Wellbeing Bill. Maybe now is the time for an independent public investigation into the effectiveness of the child protection system 25 years on, as we continue to see gross failures by authorities and child deaths.”