With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion.
With the use of the technology only fairly recently being widespread, there is often debate about how organisations should collect this type of data, and how and when it should be used. Recently there has been heated discussion in particular about schools using biometric technology, due to the sensitivity of the personal data it collects about children.
A recent article by Lord Clement Jones, who is a formal Liberal-Democratic peer and former chair of the Lords Artificial Intelligence Committee talks about a number of schools in Scotland and England who have adopted facial recognition systems for cashless payment systems. Lord Jones particularly disagrees with the implementation of this technology in schools for such purposes, expressing his concern for the fact that schools are using facial recognition where it's unnecessary, and how it’s been accepted that biometric data is being used in areas other than for security purposes, stating that “We seem to be conditioning society to accept biometric technologies in areas that have nothing to do with national security or crime prevention.”
Last summer, a school in Gateshead piloted the use of facial recognition software in their canteen, and now nine Ayrshire schools are adopting this technology, which has sparked Lord Jones, as well as other privacy advocates’ concerns. In addition to the Ayrshire schools, there are also 27 schools in England using the technology for the same purposes, with a further 35 having plans to. In Ayrshire however, the use of the technology has been blocked temporarily by the council, after push back from privacy campaigners, and intervention from the ICO. Lord Jones argues in his article that the use of facial scans of children for cashless payment systems is an “extraordinary use of children’s biometric data, when there are so many alternatives to cashless payment available”.
A study by the Ada Lovelace Institute, an independent research institute and deliberative body has had ongoing research into the governance of biometric data, and has found that the public has serious concerns about the use of biometric technology. As far as guidance from the DfE is concerned, in 2018 they issued further guidance on the use of biometric information of children in schools that is laid out in the Protection of Freedoms Act 2012. Lord Jones however points out the fact that they have no data on the use of biometric data in schools, and there are no mechanisms to ensure that schools are complying with the regulations. Lord Jones goes on to say however that there may be a broader question on whether the use of these systems and how they’re currently being implemented breach UK GDPR, highlighting the age of some of the children, and a resulting power imbalance as a key concern. The article provides a quote from the digital rights group Defend Digital Me, who state “no consent can be freely given when the power imbalance with the authority is such that it makes it hard to refuse”.
Clearly there seems to be a lack of due diligence and sufficient thought that has gone in to using biometric systems in schools, and with the nature of these technologies, the data that they collect couldn’t be more personal, and therefore, particularly when it concerns children’s data, there needs to be more regulations and mechanisms in place to ensure that schools aren’t just frivolously implementing these systems where it isn’t a requirement, and children and parents are involved in the conversation on whether their school should be using them.
If you are considering introducing biometric identification, we would recommend that you conduct a Data Privacy Impact Assessment in conjunction with your Data Protection Officer. This will look at the risks associated with using this type of information and whether it is proportionate. In addition this to this, you may also need to consult parents and pupils prior to using any software to understand their thoughts on the use of the systems.