Schools

DfE faces legal challenge over how it handles pupil data

Campaign group says department has 'repeatedly' failed to explain how it is meeting data protection law after damning 2020 audit

Campaign group says department has 'repeatedly' failed to explain how it is meeting data protection law after damning 2020 audit

Exclusive

The government could face legal action over the way it handles pupil data as pressure grows to publish a full audit of its practices.

The campaign group DefendDigitalMe has issued a letter before claim to the Department for Education over its handling of “extremely sensitive information” about children, warning that it will seek a judicial review if it does not receive a “satisfactory response”.

The organisation said the department has “repeatedly” failed to provide details of steps it has taken to ensure it meets data protection law, and has not properly informed parents about what is done with their children’s data.

A damning audit by the Information Commissioner’s Office (ICO) in 2020 found the DfE broke data protection laws in how it handled pupil data.

The audit was prompted by complaints about the national pupil database (NPD), which holds information on millions of past and present school pupils.

A summary of the report warned that data protection “was not being prioritised”, which had “severely impacted the DfE’s ability to comply with the UK’s data protection laws”.

The watchdog issued 139 recommendations for improvement, with more than 60 per cent classified as “urgent or high priority”. The DfE said it had reviewed “all processes for the use of personal data”.

‘No sense of urgency’

But the government has not published an update on its work to address the ICO’s concerns since January 2021. The full report, which the DfE promised to publish, is also still under wraps more than two years later.

DefendDigitalMe’s director, Jen Persson, said there seemed to be “no sense of urgency”.

pupil nationality pupil data
Jen Persson

“[There is] no commitment to even recognising they have a serious problem, when there is no mechanism in place to automatically indicate a child at risk should have a sealed record protected from distribution.

“When you ask ordinary pupils and teachers, they are shocked to know more than statistics leave the school and are given away to an unlimited number of businesses.”

Her organisation wants a response detailing how the DfE is now complying with data protection law.

The department told Schools Week that while it was under “no obligation” to publish the full report, it had “committed in the future to publish the full report once we have concluded the work to the ICO’s satisfaction”.

As part of its investigation, the ICO looked into how the NPD, learning records service and “internally held databases” at the DfE were managed.

DfE faces questions over sharing of pupil data

The sharing of data from the NPD with external organisations has been a subject of controversy for some years, and children’s rights’ groups have called for it to be halted.

This came to a head in 2016 when the government began collecting data on pupils’ nationality and country of birth, eventually admitting it had planned to share the data with the Home Office for immigration control. The collection was cancelled in 2018.

The DfE releases anonymised sections of the NPD to organisations – including private companies – that request them. However, the ICO found the reasons for doing so were not always justified.

But access to pupil data is important for academics and research organisations, such as the National Foundation for Educational Research.

Its director of research, Lesley Duff, said analysis of important data sources played a “critical role in creating new evidence for teachers and other practitioners about what works in the education system”.

It could also provide “important insights that help the government develop new policies to improve educational outcomes”.

However, she warned it was “imperative that any data is handled and managed extremely sensitively, in compliance with GDPR principles, and is only shared with accredited academics and researchers who have been trained to use the data in a safe and secure manner”.

Latest education roles from

Chief Education Officer (Deputy CEO)

Chief Education Officer (Deputy CEO)

Romero Catholic Academy Trust

Director of Academy Finance and Operations

Director of Academy Finance and Operations

Ormiston Academies Trust

Principal & Chief Executive

Principal & Chief Executive

Truro & Penwith College

Group Director of Marketing, Communications & External Engagement

Group Director of Marketing, Communications & External Engagement

London & South East Education Group

Sponsored posts

Sponsored post

AI Safety: From DfE Guidance to Classroom Confidence

Darren Coxon, edtech consultant and AI education specialist, working with The National College, explores the DfE’s expectations for AI...

SWAdvertorial
Sponsored post

How accurate spend information is helping schools identify savings

One the biggest issues schools face when it comes to saving money on everyday purchases is a lack of...

SWAdvertorial
Sponsored post

Building Character, Increasing Engagement and Growing Leaders: A Whole School Approach

Research increasingly shows that character education is just as important as academic achievement in shaping pupils’ long-term success. Studies...

SWAdvertorial
Sponsored post

Educators launch national AI framework to guide schools and colleges

More than 250 schools and colleges across the UK have already enrolled in AiEd Certified, a new certification framework...

SWAdvertorial

More from this theme

Politics, Schools

Reform government would ‘root out teachers brainwashing kids’ says MP Lee Anderson

Reform UK members tell party conference of need to crack down on 'brainwashing' teachers and stop schools 'becoming indoctrination...

Lydia Chantler-Hicks
Schools

Farage: ‘Let’s start teaching trades and services at school’

Reform leader also says he ‘will not stand for kids’ minds being poisoned in schools with a twisted interpretation...

Lydia Chantler-Hicks
Schools

Staff want compensation after summer cyber-attack

Schools warned incident could increase risk of phishing, fraud and identity theft for impacted employees

John Dickens
Schools

Lockdown: The schools forced to take emergency measures

Union calls for 'comprehensive' guidance as leaders warn of communications difficulties during incidents

Jack Dyson

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *