The universities regulator says it has “no plans” to share sensitive named pupil data with private companies as parliament prepares to give it access to the details of millions of children and adults.
Secondary legislation will allow data from the national pupil database (NPD) to be passed to the Office for Students (OfS).
It should be unthinkable that such sensitive, personal confidential data could be passed on to third parties without a child or family’s knowledge
The data-sharing deal, similar to one held by the OfS’s predecessor Hefce, will help the regulator in its duties to widen access to universities and hold institutions to account.
Under another law, called the Higher Education Research Act (HERA), the OfS can share data on university students with private partners. Data privacy campaigners fear the new secondary legislation will allow it also to share sensitive school pupil data.
The national pupil database includes data from the school census collected about every pupil since 2002. The Department for Education often shares extracts with third parties, but they are usually anonymised and there are strict safeguards to govern how it is used.
Jen Persson, from the campaign group Defend Digital Me, said: “It should be unthinkable that such sensitive, personal confidential data could be passed on to third parties without a child or family’s knowledge, and yet that is the power this regulation creates.”
But an OfS spokesperson said it expected the same “strict controls” on onward sharing to be in place as was the case with its predecessor.
And while the law would allow the OfS to share data with “certain named bodies”, it “does not compel us to share data”.
“We have no plans to share NPD data under this section of HERA and before doing so would need approval from the DfE and be subject to a detailed privacy impact assessment.”
A Department for Education spokesperson said: “Like all uses of individual data, requests for OfS are approved through our data-sharing approval panel and they are not allowed to pass on information without permission.”
Your thoughts