Just two weeks ago, schools in North Ayrshire put their rollout of facial recognition in secondary school canteens on hold after intervention from the information commissioner. In response, First Minister Nicola Sturgeon told the Scottish Parliament she felt such biometric technologies do not appear to be necessary or proportionate.
The use of biometric systems in schools was also the subject of a House of Lords debate last week, during which Lord Scriven set the tone. Asking where we draw the line in the use of such technologies, he communicated a necessary sense of urgency. We should be asking “not about what we do once it is deployed”, he said, “but what the limitations of it are before we start talking about how it is regulated”.
It’s a global issue, and other countries are stealing a march on us. In 2019, the Swedish data protection inspector’s very first fine under GDPR pertained to facial recognition in schools. Not long afterwards, the French data protection authority ordered high schools to end their use. A similarly robust response from the UK information commissioner is urgently required.
Let’s be clear: we’re not talking about adaptive technologies that enable accessibility for children with mobility restrictions, nor appropriately used systems in high-risk security situations. Our concern is for everyday uses in education that trivialise the significance of these data for the price of a pizza slice.
If your school plans to use it as one of the 60 facial-recognition systems in the pipeline in England and Wales, this is our plea: don’t.
And don’t fall back on fingerprints instead. Go biometric free. Biometric data should never be considered appropriate for things children have to do: borrowing school library books or buying snacks at break.
For a start, consent is not an adequate safeguard. North Ayrshire Council, for example, argued that 97 per cent of children or their parents had supported the new system. But there can be no lawful, freely given consent when there is such an imbalance of power between a person and an institution. The wording of many of the forms sent to families makes accepting the biometric versions of cashless payment systems seem compulsory. Such a tick-box exercise is not valid. Families cannot consent to what they cannot fully understand.
In England and Wales, the Protection of Freedoms Act requires explicit consent from a parent (without objection from the child) for a school to lawfully take and process a child’s biometric data. But even that doesn’t work terribly well. In 2018, we commissioned a poll of over 1,000 parents of children aged between five and 18 in state education in England. Where the school was using biometric technology, 38 per cent had not been offered any choice.
From a child rights’ perspective, the use of biometric data is an unnecessary and disproportionate interference with their right to privacy, as enshrined in the UN Convention on the Rights of the Child and our Human Rights Act.
And from a purely moral standpoint, it normalises children’s experience of offering their bodies for use in trivial transactions. Worse, it does so in situations that are non-consensual, under peer pressure or an imbalance of power. This seems all the more extraordinary in the context of the recent impact of #EveryonesInvited on schools.
And pragmatically, there’s just no need for them. Alternatives are readily available, so let’s get back some proportionality. According to data protection law, the best tool for the job is always the least intrusive one.
Our research shows that parents have already lost track of their child’s digital footprint in school by their child’s fifth birthday. How are families expected to know how children will need to use their biometrics later in life? To what might their fingerprint, face or voice be their secure access key in future and how could it be compromised?
New technologies push the boundaries of what is possible under the auspices of convenience. But whose? Are we really willing to abrogate our children’s rights and future freedoms for claims of a quicker lunch queue today?
And can we afford the cost of back-tracking when our government finally responds to the threat biometrics pose?
Your thoughts