Opinion: Legal

Facial recognition technology: What schools need to know before implementation

One school's ICO reprimand for use of facial recognistion is every school's warning to heed regulations before implementing biometrics

One school's ICO reprimand for use of facial recognistion is every school's warning to heed regulations before implementing biometrics

7 Aug 2024, 5:00

The recent Information Commissioner’s Office (ICO) reprimand to an Essex school relating to its implementation of facial recognition technology has brought the practice into sharp focus.

Edtech is big business and the use of biometric data in schools is increasing with systems now available for tracking pupil attendance, library use and cashless catering. Such systems once relied on fingerprints, but facial recognition is increasingly becoming the identification technology of choice.

Like any use of personal data, there’s a web of legal and ethical issues to comply with and it’s vital that schools are aware of the issues to manage before they get started. 

Involve your data protection officer in procurement decisions 

This is a good measure of your data protection compliance culture: if you are procuring a system that will process personal data – that of children, staff or parents – then it’s important your data protection officer (DPO) is involved from the outset.

Your DPO leads on data protection compliance and, perhaps with the support of your legal adviser, is best placed to advise on the risks and compliance issues associated with the proposed system.

They can bring a focus on the privacy issues, the extent of the data processing, the risks associated with it and how to mitigate those risks. Getting your DPO involved early can also help to frame your approach to the market, ensuring potential providers are setting out how they will comply with their data protection obligations and how they can help you comply with yours.

We often see privacy and processing issues being more of an afterthought, with the DPO being asked close to implementation – if at all – whether they have any concerns. By this time, contracts are signed, timelines agreed and money paid, and the DPO can be under pressure not to delay the project.

Importantly, getting the DPO involved early can ensure engagement from the provider to support with the completion of a Data Protection Impact Assessment (DPIA).

Such synergy depends on the DPO having the correct standing within the school so that the role is taken seriously among senior leaders. This will ensure a culture of data compliance throughout.  

Complete your Data Protection Impact Assessment

Think of a Data Protection Impact Assessment (DPIA) like a health and safety risk assessment for how you process personal data. It is designed to help you recognise and manage risk, and ensure the processing you intend to carry out is done so legally.

A DPIA involves identifying the potential risks to individuals’ personal data, evaluating the necessity and proportionality of the processing activities, and implementing appropriate measures to address those risks. 

The UK’s General Data Protection Regulation (GDPR) requires organisations to conduct a DPIA for processing activities that are likely to result in a high risk to individuals’ data protection rights and freedoms. Using facial recognition technology to uniquely identify people meets this definition. Therefore, it is a legal requirement to carry out a DPIA before implementing such technology.

Your DPO should be involved in the completion of the DPIA, but it is not a solo task – you’ll need input from your provider, IT lead and others; it’s a team game.

A good starting point is the ICO’s DPIA template, which sets out seven steps to undertake. It is also worth engaging with data protection lawyers to ensure your DPIA is robust and has measures in place to effectively manages the risks.

Get the right consent

As you might expect, a higher level of consent is required for the use of biometric data, especially where we are talking about children’s biometric data.

You must notify each child’s parent, carer or legal guardian of your intention to process the child’s biometric data and tell them they can object at any time to the processing of that data. To lawfully process a child’s biometric data, you need the consent of at least one parent, and no withdrawal of consent or other objection to the data being processed by any other parent.

Finally, if the pupil objects to the use of their biometric data, it cannot be used.

So schools must ensure they are getting the right consents in the right way. The Department for Education has produced a useful guide on the use of biometric data in schools.

Embracing innovation responsibly  

Technology can be a huge force for good but as with most things, it comes with risks too.

Schools can – and should – embrace technology that improves the quality of education, drives high standards of safeguarding, and helps them be more efficient.

When doing so, just make sure you have an eye on the privacy and data processing issues, and manage them sensibly and proactively.

Latest education roles from

Careers and Enterprise Officer

Careers and Enterprise Officer

York College

Curriculum Support Mentor – Fixed Term Contract

Curriculum Support Mentor – Fixed Term Contract

Wakefield College

Security Supervisor

Security Supervisor

Wakefield College

Inclusion Practitioner

Inclusion Practitioner

Selby College

Cover Supervisor

Cover Supervisor

Halesowen College

Casual Learning Support Assistant

Casual Learning Support Assistant

Halesowen College

Sponsored posts

Sponsored post

Text-based programming tools for young learners

The Raspberry Pi Foundation’s Code Editor helps make learning text-based programming simple for children aged 9 and up. Learn...

SWAdvertorial
Sponsored post

IncludEd 2025 is coming…5 whole school inclusion insights you need

We’ve all been there.  You’ve cleared a whole day and then trekked for hours to be at an education...

SWAdvertorial
Sponsored post

The impact of vocational education at KS4 and beyond 

Everyone reading this article of Schools Week shares a common purpose: we all want to create the brightest possible...

SWAdvertorial
Sponsored post

Food for Thought: How schools can encourage the next generation to make better food choices

With schools facing a number of challenges, including budget constraints and staff shortages, Marnie George, Senior Nutritionist at Chartwells,...

SWAdvertorial

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *