Status report: the Lords’ debate a Motion of Regret 31/10/2016

Whatever the outcome of Monday’s debate [1], the single questions the government will have to answer on all the open issues will be, what are you going to do about it now?

Even before questions on the census expansion, there are significant questions that need answers, and issues that need solutions around the handling of the National Pupil Database (NPD).

As the Department is working towards modernising its national approach to pupil data management, discussion in which we have been  involved since September 2015,  it seems ill-conceived to add more personal confidential data to the mix. The scrutiny required  for this census expansion, is also required in the wider NPD context of data collection, data retention, and data copying and giving out to third parties for secondary uses.

Here is our list of what is broken and needs fixing:

Before expanding the census: current Home Office purposes of use

  1. What is the government going to do about Home Office access to pupils’ home address and school address that they have had for several years? Will it continue? Will the Government make a statement which they have to date not done, despite having ample opportunity to do so at all levels of government since May in written questions, in Education questions in the Commons [see page 6 of our briefing] and the floor of the Lords?
  2. Did the government spokesman, Lord Younger of Leckie, not know on Wednesday October 12th that the Home Office has access to pupils’ confidential data from the National Pupil Database when he said in the House of Lords, “I can reassure the noble Lord the information is not given to the Home Office.”
  3. Parliamentary written question 48635: How many Home Office requests for information to the National Pupil Database for individual personal confidential data that have been granted were for the purposes of immigration control? “Between July 2015 and September 2016, the Home Office has made requests of DfE data on 25 occasions. Two of these requests were subsequently withdrawn. During this 15 month period, requests relating to a total of 2,462 individuals have been made by the Home Office to DfE and 520 records have been identified within DfE data and returned to the Home Office.”
  4. The NUT has called fora guarantee from the Government that personal information will not be passed to the Home Office, so that it is clear that schools are not part of policing.” That covers all data, not only the census expansion.
  5. When will the Department for Education include Home Office and police access to its record of all third-party access to identifying pupil data, just as for other government departments such as the Cabinet Office and Department for Business, Innovation and Skills? A question we have asked the Department over the course of 2016. There is no clear reason why it should differ from the model of tracking Home Office and police access to the NHS records at NHS digital.

Country-of-Birth and Nationality data: School Census expansion

  1. Schools Minister Nick Gibb wrote in reply to a PQ on July 26th that, “There are currently no plans for the Department to change the existing protocols and processes for the handling and disclosure of confidential information.” Has that policy been changed and is what was said to the BBC on September 26th true, that: “These data items will not be passed to the Home Office.” “They are solely for internal Department for Education use for analysis, statistics and research.” immigration.” How will that be upheld and respected by any future policy changes?
  2. How and why will they be treated differently from all other school census data collected, as no other data are solely for internal Department for Education use but handed out as raw data into the wild? 709 times between March 2012 and March 2016.
  3. Reportedly a data sharing agreement will withhold these data from access by the Home Office. We know from our meeting that this was not able to be shared on 29th September as it was a “recent development”. Given the sensitivity on this agreement and what it will and will not permit, it is surprising that it has not been published for scrutiny to ensure it is robust.
  4. How will flawed fair processing be addressed that has failed across the country due to the rushed rollout and assumption that this was ‘a routine expansion’ of the School Census? Data even for research and analysis that are not processed fairly, are not processed lawfully. The NUT has said “Government has not been entirely transparent about the uses to which individual pupils’ information may be put; in particular, the third parties to whom such information may be disclosed” saying that“Government needs to ensure that use is consent based – again, so that relations between schools and parents are not compromised.”

National Pupil Database: upcoming changes in data handling

  1. Following the next stage to realise the Department for Education plans, an assessment into current data practices and users will follow from the workshop led by the Open Data Institute. The DfE intention is to deliver a better privacy preserving model than today and we continue to support this work towards a model of data access that both serves all current data users and pupil privacy with fair processing, safe data use and transparent policy and practice.
  2. We outlined our campaign goals in a paper for the Data for Policy 2016 conference to improve the delivery of the benefits of using pupil administrative data securely and in line with the public benefit intentions of the 2012 change of law that enabled the release of individual pupil data, “or the purpose of promoting the education or well-being of
    children in England ” (with an eye to preparation for the new legal requirements of General Data Protection Regulation that the NPD doesn’t meet today).
  3. The issues associated with the NPD direct releases into-the-wild of raw data without audit, conflict with good data handling of personal data in security, transparency, oversight and the DfE fails as Data Controller to take adequate accountability for fair processing. There should be no surprises for the public how their personal data are handled. Consent and fair processing offer a sound basis for a social license for research use, and data experts widely agree on this.
  4. Current NPD practice is to have multiple copies of raw data either in large depots or sent out in chunks. Charities with limited company elements, such as Fischer Family Trust, or the Education Endowment Foundation currently manage copies of the entire database or are sent very large volumes from it, and yet don’t appear on the Department data management flow chart (which was published as part of transparency efforts only in April this year). How many more organisations store copies of the National Pupil Database holding millions of pupils identifiable data in this way and how they regulate its oversight, access and security, are questions the ongoing DfE modernisation must address. Any distribution of data that relies only on that the recipients says no individual will be identified in published data is inadequate.
  5. This role in any  new data management model will need careful thought. Organisations like this may be considered for enabling a ‘second tier’ of data access, for other users that do not meet the accredited researcher criteria to be able to follow that highest standard process. Giving access to users through these providers raises questions of onward sharing, duties under Data Protection law. Devolved oversight of third-party use could risk simply duplicating and outsourcing  today’s issues of NPD management at a lower level. All questions we have been helping the Department data team think through at our last meeting, considering how all current data users can be mapped to a potential future model and assessed how they can then meet the objective which is quality data access with better pupil privacy to meet data protection law, and good modern data handling practices.
  6. There are considerations of how these organisations contribute public benefit and how they are sharing the derived knowledge about what works in our education system using these data, where they are driving private company or charity earnings, and often their analysis is not open. Especially true where the data are given for free then sold back to individual schools as data analysis as a commercial product. Arguably the benefit of these research data collected in public administrative services at taxpayer expense should mean the results of its use should be  available to all.

Changes in data law and the NPD:  change demands for children’s digital future

  1. Data Protection principles that permit the National Pupil Database to be kept indefinitely, that override the principle of data minimisation, and restrict parents or pupils from subject access and seeing their own records, are for example not met today, when some use includes companies which provide tailored pupil services doing calculations of predictive future attainment margins, and returning that to schools or local authorities on a named child basis, data that can be used to have a direct intervention with the child.
  2. Those with interests in data cloud processing companies or global data mining based commercial companies like Google owned companies and their parent Alphabet, may see good data privacy as a threat. In fact, data privacy is the lynchpin to successful digital government platforms of the future, and to ensure the success of our cross-border digital market.
  3. Careless use of this database jeopardises good data research and public benefit. Some of the named data uses, again used to have a direct intervention with the child, and small business commercial use in web products, could invalidate the research exemptions that the NPD currently enjoys. To be a research database, the handling should follow codes of practice like that of the UK Statistics Authority. This is why the UKSA Director General of Regulation recommended to the Department that improvement was needed in secure handling and transparency in April 2016. And why the Information Commissioner has undertaken a long term review over many months of the National Pupil Database handling.
  4. The General Data Protection Regulation, already enacted, but enforceable from May 2018 requires more exacting standards on personal data handling especially of minors. Today’s existing principles must be met. Data retention principles are not met today, that data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research.
  5. Consent based data management is a requirement in new legislation, for today’s use by commercial private product providers like tutor-pupil matching services. These users who have been granted the most sensitive (Tier 1) pupil data at individual level to create ‘catchment area mapping’ and display their tutors alongside are the kinds of commercial use that are untenable without consent, as we move towards any modern data management good practice.

tutorhunt_wminster1

The reasons for this school census expansion are too few and the risks too great to entrust the government with more personal confidential data until full transparency, safeguards and oversight are put in place for all uses of the data already held. The government must answer why identifiable data on individual pupils is going out to journalists and commercial businesses without parental consent and take accountability for how this new data might be used not only today but under any future change of policy.

We need to be able to trust not what they say, but what they do, and what they have done so far is highly concerning. Having snuck this Statutory Instrument through in the six week recess without clear due diligence, any assessment of privacy or ethics, it must now receive the public and parliamentary scrutiny this invasive policy requires.

 

About the campaign: Defenddigitalme

Defenddigitalme is a volunteer non-profit campaign group for children’s privacy rights formed in response to concerns from parents and privacy advocates about increasingly invasive uses of children’s personal data. The campaign asks the Department for Education (DfE) to change their policies and practices to protect 20 million children’s identifiable personal data in the National Pupil Database (NPD).

We call on the government and Department for Education to:

  • stop giving out identifiable personal data to commercial third parties and press without consent
  • start telling school staff, pupils, and guardians what DfE does with Workforce and Pupil personal data
  • be transparent about policy and practice

_____________________

[1] defenddigitalme Briefing on the Motion of Regret, 31/10/2016 Call to Action: share the link.

[2] The motion: On Monday 31st October the Lords will discuss the school census expansion to include Country-of-Birth and Nationality, in the Motion of Regret: that this House regrets that information about pupils’ nationality and country of birth collected under the Education (Pupil Information) (England) (Miscellaneous Amendments) Regulations 2016 (SI 2016/808) could be used to help determine a child’s immigration status. [Business 31/10/2016]