The use of facial recognition technology in schools for lunch payments raises a number of serious questions regarding our children's privacy, writes Jen Persson.

From the US to Europe states and cities are banning facial recognition. But in the UK we are using children as guinea pigs for the most privacy invasive technologies on the market.

The Swedish Data Protection Authority's first fine under the GDPR in 2019 was for the use of facial recognition technology monitoring school attendance. Not long after, the French Data Protection Authority ordered high schools to end their facial-recognition programs.

We want to see a similarly robust response from the UK Information Commissioner, in answer to last week's reported rollout in Scottish schools and spread across England in potentially 70 schools. Despite the fact that North Ayrshire council has temporarily suspended the use of facial recognition in its schools, action nonetheless needs to be taken to ensure such a spread is halted.

The use of biometrics in UK schools began in 2001, using fingerprint technology to identify children borrowing books from school libraries.

Today, schools in the UK have normalised the use of biometric data in various ways even in Early Years settings age 2-5: fingerprint, iris scanning, infrared palm and infrared fingertip scanning and increasingly, facial recognition.

Since there is no requirement to register the use of biometric surveillance of children, we don't know in detail how widespread each technology is. But work by Pippa King since 2005 to understand the adoption of biometrics in schools (hence the name of her website), and by Dr Emmeline Taylor more recently, estimates that over half of schools use some form of biometric data processing in England. It's something we intend to research further.

Some people think that as long as there is consent, it's enough of a safeguard. I'd disagree. It has been widely reported that North Ayrshire council in Scotland said that 97 per cent of children or their parents had given consent for the new system. But high uptake should not be mistaken as a sign of approval. There can be no freely given consent when the power imbalance with the authority is such that it makes it hard to refuse.

Write for us.

We're always on the lookout for talented writers and welcome submissions. Please send your opinion piece or pitch to: editor@commentcentral.co.uk

Furthermore, we've seen some of the information sent to parents in this latest rollout in Scotland where the wording makes acceptance seem compulsory. "If you wish to access meals/snacks (free or paying)… you must register for an account."

Biometric data may be appropriately used in high risk or high value transactions. But today's everyday uses in educational settings trivialise the significance of these data. Furthermore, the suggestion that teenagers are able to consent on their own that we've seen claimed on correspondence between the Scottish council and company, could only be valid if the process had been fully informed and freely given. We'd argue it is neither.

Children cannot consent to what they cannot fully understand and for that reason alone, extra protections should be obligatory, and biometrics should not be used. Even where in England and Wales, explicit consent from parents must be given for a school to lawfully take and process a child's biometric, it doesn't work very well. We commissioned a poll in 2018 of over a thousand parents of children aged 5-18 in state education in England. Where the school was using biometric technology, 38 per cent had not been offered any choice.

From a child rights' perspective the use of biometric data is an unnecessary and disproportionate interference with their right to privacy. Cashless payment systems need not be biometric and since there are less invasive means available to take payments, such as using chip cards, the least intrusive tool should be the only one used.

There's also questions of scope creep not only of the purposes where facial recognition may be applied, but of the child's photo, taken when they start school. Questions of data protection and privacy, of companies' interference in children's lives turning your business into theirs, are not only about the single transaction. Transactional data is used to build up profiles over time and connected via the cloud to a parental app and platform. Behaviours and purchases are recorded, monitored, and dashboards drawn up.

Where does that data go? Who sees it? How is it stored, and for how long? Our research shows that parents have already lost track of their child's digital footprint in school by a child's 5th birthday. How are they expected to know how children will need to use their biometrics later in life? To what might their fingerprint, face or voice be their secure access key in future and could it be compromised by not knowing where that data might be?

Together with Big Brother Watch, Defend Digital Me has written to schools using facial recognition. We ask them to stop using biometric technology and to instead offer less intrusive means for students to purchase food and make other payments in educational settings.

Schools must stop using high value biometric data for such trivial purposes.

New technologies are pushing the boundaries of what is possible. It's up to the adults in the room to push back to protect children's fundamental rights and freedoms for their future.

7 votes

Sign-up for free to stay up to date with the latest political news, analysis and insight from the Comment Central team.

By entering your email address you are agreeing to Comment Central’s privacy policy