Give us your biometric data to get your lunch in 5 seconds, UK schools tell children

Facial recognition for meal payment system works for kids, supplier says


Updated Facial recognition technology is being employed in more UK schools to allow pupils to pay for their meals, according to reports today.

In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology.

The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times.

Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child's identity against "encrypted faceprint templates", and will be held on servers on-site at the 65 schools that have so far signed up.

He added: "In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale." He told the paper that with the system, the average transaction time was cut to five seconds per pupil.

The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England.

North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision.

Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the "next step in cashless catering."

"This intuitive technology enables the PoS operators to quickly identify the pupil's cashless account whilst payments are instantly adjusted in the same way as all other identification methods in CRB Cunninghams' Fusion software," the company said.

According to Professor Fraser Sampson, the UK government's Surveillance Camera Commissioner, facial recognition technology may need to be regulated in much the same way as some ethically sensitive medical techniques to ensure there are sufficient safeguards in place to protect people's privacy and freedoms.

Sampson, who works with the Home Office overseeing tech-related surveillance in the UK, told The Register last month that facial recognition was "a fast-evolving area and the evidence is elusive but it may be that the aspects currently left to self-determination present the greatest risk to communities or simply to give rise to the greatest concern among citizens."

Privacy campaigners voiced concerns that moving the technology into schools merely for payment was needlessly normalising facial recognition.

"No child should have to go through border style identity checks just to get a school meal," Silkie Carlo of the campaign group Big Brother Watch told The Reg.

"We are supposed to live in a democracy, not a security state. This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children's personal information could be shared with and there are some red flags here for us. "Facial recognition technology typically suffers from inaccuracy, particularly for females and people of colour, and we're extremely concerned about how this invasive and discriminatory system will impact children."

Jen Persson, director at defenddigitalme, a children's rights and privacy group, pointed out that Sweden had issued its first fine under GDPR in the case of a school using facial recognition and the French data protection authority ordered high schools in Nice and Marseille to end their facial-recognition programs.

"We expect a similar response from the UK ICO and for all biometrics to be removed from UK schools. The law says if we can, we must, use less invasive approaches to protect children's fundamental rights and freedoms," she toild The Reg.

Those concerned about the security of schools systems now storing children's biometric data will not be assured by the fact that educational establishments have become targets for cyber-attacks.

In March, the Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, became the latest UK education body to fall victim to ransomware. The institution said it was "at least" the fourth multi-academy trust targeted just that month alone. Meanwhile, South and City College Birmingham earlier this year told 13,000 students that all lectures would be delivered via the web because a ransomware attack had disabled its core IT systems.

North Ayrshire Council and the ICO were contacted for comment. ®

Updated on 18 October to add:

An ICO spokesperson said: "Organisations using facial recognition technology must comply with data protection law before, during and after its use. In addition, data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so. Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner.

"We are aware of the introduction and will be making enquiries with North Ayrshire Council."

"Anyone who feels that their personal data has been processed in a manner that is unlawful can raise a complaint directly with the ICO."

A spokesperson for North Ayrshire Council told us: "Our catering system contracts are coming to a natural end and we have the opportunity to install IT infrastructure which makes our service more efficient and enhances the pupil experience using innovative technology.

"Given the ongoing risks associated with COVID-19, the Council is keen to have contactless identification as this provides a safer environment for both pupils and staff. Facial recognition has been assessed as the optimal solution that will meet all our requirements.

"Additionally, the time taken to be served at till points is a common complaint and potentially one of the reasons why pupils opt to go out [of] school grounds for lunch. Contactless payment using facial recognition is very fast and efficient and gives time back to pupils to spend with friends or at lunchtime activities. "Facial recognition involves faceprint templates being taken, which are measurements of key points on the face, where consent has been received. In keeping with the ICO UK GDPR guidance, pupils in S4-S6 have been allowed to provide their own consent while pupils in S1 – S3 require parental consent. "We have received an excellent response from pupils, parents and carers, with over 97 per cent of responses being positive and providing consent. Pupils often forget their PINs and unfortunately some have also been the victim of PIN fraud, so they are supportive of the planned developments and appreciate the benefits to them."

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021