Sometimes I feel rather worried about how children are perceived by the very organisations supposed to be safeguarding their welfare, and children’s apparent lack of digital rights in the UK is a good example of where things seem to be going wrong. First of all, though, I probably need to give a bit of background to this problem. Over the last two decades, a consequence of the increasing affordability of high level computer processing power has been the ability to store and manipulate vast quantities of data. In the public sector, this has led to what many have described as an ‘audit culture’, in which minute variables are constantly tracked and measured in relation to policy objectives. The aim of this is to increase public sector efficiency, effectiveness, reliability and accountability, but it also raises serious questions about the nature of the data being captured and processed, the ethical basis for doing so, and the practical implications for school administrators, pupils and parents.
For example, since the introduction of the Pupil Level Annual School Census (PLASC) in 1998, increasing amounts of personal data have been collected by schools and local authorities in relation to pupils and schooling processes. It might make you shuffle uncomfortably in your seat a bit if I told you that it wouldn’t take much for me as a researcher to gain access to this very database. Then I could look up your children on the basis of a few pieces of routine information, and make informed guesses about your family income, social background and domestic lifstyle; perhaps even your address. The pace of collection and processing has escalated in recent years, and most notably since the introduction of the Every Child Matters initiative in 2003 in the aftermath of the Victoria Climbie child abuse case. This culminated in the (now fortunately abandoned) development of ContactPoint, a large-scale population surveillance database for children created under the Children’s Act 2004, which brought together even more data on individually identifiable children, including health, education and social welfare information. There was also a drive to develop a similarly large-scale database of adults who come into contact with children via the Independent Safeguarding Authority, a recently established quasi-Governmental organisation (also abandoned immediately after the 2010 election). In addition to this, adults caring for children in certain situations are now regularly inspected via the Government’s Office for Standards in Education (OFSTED). As if this wasn’t enough, measures of child carers’ compliance with Governmental education and welfare policies are kept on additional databases, and made publicly available on request. The total amount of information kept on children and parents in this country is, in one word, enormous.
The reason given for all this activity is that these population surveillance methods are used to monitor and inform the strategic planning and delivery of Government services, such as schooling, Sure Start, and the Every Child Matters agenda (with a focus that has shifted from child welfare to child protection since 2003). In summary, a great deal of monitoring of individuals is taking place in an educational context, of both adults and children, and British implementation of European Data Protection law in this regard is weak in comparison with other European member states. In this regard, therefore, we are increasingly out of step with our European neighbours, and it could be argued that we are also moving towards a firmly entrenched culture of surveillance. (This of sufficient concern to the European Union to have resulted in the Director General writing formally to the British Ambassador in December 2010 for clarification, which can be seen as something of a slap on the wrists for the UK authorities in this regard).
However it is not always anonymous bureaucrats in remote council offices gathering up all this data. Head teachers are centrally involved in this information collection and processing at a number of levels. Obviously they need to keep pupil data for practical purposes, such as knowing who attends their school, and how to get in touch with parents, as well as whether pupils have health problems, for example. However in addition to this, they are also now legally required to hand over this information to Local Authorities, without the consent of parents. There are additional forms of data that might be kept in school if a head teacher considers it desirable or necessary. For example there have been recent moves in some schools to collect children’s fingerprints to facilitate registration, the borrowing of library books or for making lunch money payments. CCTV is also frequently used for security purposes in education settings, very occasionally alongside the introduction of face recognition systems (even though these systems often break down after a matter of weeks, despite what manufacturers may tell you).
There’s a paradox in all this. Although collecting and handing over pupils’ personal data to Local Authorities is a legal requirement for head teachers, it is currently unclear whether it is actually lawful. This is because the collection of biometric data might well constitute what is known as excessive processing. Therefore it might be in breach of Data Protection Act guidelines, particularly if parents and/or children have no knowledge of whether it is being collected, how it is being stored, and have no opportunity to opt out of such a system. Yet even though this is a legitimate concern, and one many organisations have spoken widely on, head teachers and governing bodies continue to implement biometric systems, in some cases without consulting parents.
The problem doesn’t stop there, however. There are other problems with the way schools and Head Teachers handle information. For example, since 2005, maintained schools have been subject to the Freedom of Information Act, and as such are required to provide copies of most information documents to members of the public within 20 days on request. Similarly, head teachers are often responsible for responding to Subject Access requests under the Data Protection Act (1998) whereby individuals can ask for copies of any documents pertaining to them personally (or in some cases their children). But even though head teachers are legally required to respond to such requests under the two Acts in their capacity as Data Controller, it can lead to genuine confusion as to which type of request comes under which Act, and which types of information they can reveal, or whether they should reveal anything at all.
This confusion about what constitutes personal data and how it should be handled extends to the parents’ involvement in the school on a day to day basis. Some head teachers (and I must emphasise the word some, as it is by no means all) appear to use a rhetoric of risk when communicating with parents, to ensure that negative occurrences are avoided that might reflect badly on their school.The way they do this is to take a generalised perceived threat within society, and then create a specific concern from it, assuming that they have duties that lead them to interpret (but in practice manufacture) legal obligations. In other words, if a risk is perceived, they assume there must be a solution in law, which is a convenient workaround and allows them to remain unchallenged.
An example of this in practice is the tendency amongst some head teachers (encouraged by a governing body) to require all adults visiting the school to apply for a Criminal Records Bureau (CRB) check to prove they do not have a criminal conviction. This means individuals (for example parent volunteers) giving the school extensive personal information, and presenting administrative staff with a number of identity documents for photocopying, which are then sent off to a central organisation for processing. Whilst this is a legal requirement for teachers in maintained schools, there is not always a similar requirement for this to be applied to non-teachers, particularly if they are not to be left alone with children.
Another example of confusion about the nature and role of personal data is the use of photography in schools. In this case, the generalised threat of paedophiles acquiring digital images of children for manipulation has in some cases resulted in the banning of parents taking pictures and films of their children at school, for example in school nativity plays. This could be seen as an example of an inability of head teachers to scale risk, resulting in an over-interpretation of legislation, in this case, assuming that because schools need to seek permission to use photographs of children for school prospectuses and so on, parents also need to seek permission to take photographs at public events, which is not the case, as the Information Commissioner’s Office took such pains to point out in 2007.
In all these examples, we see that the actions of the state are being reflected, but in a localised and even eccentric manner, and out of context. At UEA we are about to carry out some research looking at the relationship between Governmental surveillance and control mechanisms used on schools, and head teachers’ understanding of how this impacts on their understanding of children and parents as citizens, as well as their own professional role. We think that with better training and support for teachers, we might end up with a more useful understanding of children’s information rights, and more sophisticated digital policies as a result.
Image: Clare Bloomfield / FreeDigitalPhotos.ne