Plans to expand the vast National Pupil Database to include information on why kids leave mainstream education have been slammed by privacy campaigners.
The government's stated aim is to better understand how and why pupils end up with alternative provision (AP) by adding more detail to the information collected in the annual AP Census. It should also help sniff out cases where mainstream schools send kids out to boost their performance stats.
The new version (PDF) gives eight reasons for a pupil being in AP – for instance mental health needs, pregnancy, being an offender or permanent exclusion – and the info will be collected for the first time next month.
But campaigners have raised the alarm over the highly personal nature of the data, saying it will leave children labelled for life because it will be linked to other identifiable data in the National Pupil Database – and kept indefinitely.
Jen Persson, co-ordinator at privacy group Defend Digital Me, is a long-time campaigner against the extent of this data collection, which now covers some 23 million people, many of whom are now adults.
In addition to question marks over the extent of the database's coverage, she is concerned about the way that data is shared with other departments and third parties.
Persson said that more than 1,000 requests for records have been approved by the Department for Education since March 2012. Recipients of data include private tuition providers and national news outlets.
"If the Department of Education cannot end the distribution of identifying data for indirect and commercial reuse purposes, and commit to children's confidentiality, we believe the government should not collect the data at all," Persson told The Register.
A letter (PDF) to education secretary Justine Greening, signed by Defend Digital Me and 19 other organisations and academics, calls on the government to curb its data slurping and sharing, especially given the sensitive nature of the information required in the new AP census.
"The next planned AP Census collection date [is] January 18, 2018. Action to ensure safeguards, and communicate well to affected families, grows increasingly urgent," the group said.
"We appreciate and support the need to understand the reasons for pupil AP transfers, in particular concerns about children 'managed out' from mainstream school to boost league table results. However, we do not believe that this should cost children their confidentiality."
Among the group's recommendations are that data in the extended AP Census only be available to third parties on a consent basis, and that information on exclusions related to violence or theft should be treated in a similar way to criminal records and expunged after a set time.
'Considerable concerns' about expansion
The group's concerns were echoed in the House of Lords on Monday night in a discussion about the Data Protection Bill.
During debate on a government-backed amendment requiring the Information Commissioner to produce a statutory code setting online privacy standards for children under 16, crossbench peer the Earl of Clancarty said this should be matched by a code for use of pupil data.
"If there is to be – correctly – a sensitivity concerning age-appropriate understanding by children in relation to information services, the same should be no less true in the school setting.
"A code of practice needs to be introduced that centres on the rights of the child – children are currently disempowered in relation to their own personal data in schools."
He said there was "considerable concern" about the expansion of the AP Census, as well as pointing to questions over the intentions behind the government's collection of nationality and place of birth data.
Responding, Labour peer Lord Stevenson of Balmacara said the issue was "shocking" and gave him "a chill", adding that "several things seem to be going wrong" with national pupil data.
However, government minister Lord Ashton of Hyde countered that the sharing of individual-level pupil data is "already highly regulated" and runs according to a "rigorous process".
He added, though, that the DfE was "actively reviewing its data-sharing processes with third parties" ahead of the General Data Protection Regulation coming into action.
"Before May 2018, the department will review its existing arrangements and processes for sharing sensitive personal data to date to ensure they are compliant with the incoming regulations, and review them regularly thereafter," he said. ®
Sponsored: Ransomware has gone nuclear