A survey of parents in England has found that only half of parents agree they have enough control of their child’s digital footprint.
Survation asked 1,004 parents of state-educated children age 5-18 on behalf of defenddigitalme, between 17th – 20th February 2018 about their understanding of which technologies are used, and how data are used. Personal data was defined as “any information that can be used to identify a child”.
As many as one in four (24%) parents said they do not know if their child has been signed up to systems using personal data. When asked how often they were told if their child’s personal data will be stored or transferred to third-party organisations through a school administration software or an online learning service, only 31% of parents said they were always informed of this. 23% said they were never informed of this while 10% of parents replied, “Don’t know.”
Many are unaware personal data on every child in school age 2-18 are submitted in the school census to the Department for Education or how a child’s personal data from the National Pupil Database are used. 69% of parents said they had not been informed the DfE may give out data from the National Pupil Database to third parties.
Defenddigitalme is concerned the results shows how low understanding is of how children’s personal data are used, especially on national pupil data distribution, and on use of Internet Monitoring.
Parents want a say in how their children’s data are distributed at national level and why.
When it comes to a child’s personal data being passed from a school to third parties or to the Department for Education (DfE), parents want to be asked for consent.
Most strongly from all answers, parents appear to consider children’s special educational needs data merits extra consideration, before a school passes that sensitive information on to the Department for Education (DfE) for secondary re-uses.
- 81% of parents agreed that parental consent should be required before a child’s special educational needs data is shared.
- 60% parents agreed parental consent should be required before schools pass data to the DfE National Pupil Database.
- 65% agreed the Department for Education should have parental consent in order to pass children’s personal data to commercial data analytics companies.
- Over three quarters (79%) if offered the opportunity to view their child’s named record in the National Pupil Database would choose to see it.
Known as “subject access rights” the Department for Education refuses to tell parents or the child themselves, what’s in a child’s national record today, or let them check its accuracy or make corrections; despite that the sensitive identifying data are given out to third parties.
Parents do not have control over who has their children’s data given to third-parties at school level.
While there is lots of talk about making the UK the safest place for children to go online, we believe the government is not doing enough to give parents and children control over our own personal information. Over two thirds of parents today, don’t know the Department for Education gives away sensitive, personal confidential data about individual children to third-parties including companies and charities. This is of serious concern when educational games and apps can be found leaking personal data freely, on international scale without adequate thought for security and privacy.
Sensitive information about children, including details of their behavioural problems, have been leaked on the internet in the past in England, including from a company advising parents about applying for top independent schools.
Parents don’t know how companies use children’s data from school; from homework apps, the school census, to CCTV. Only half of parents say they have been told how long CCTV images are kept for. Not all CCTV data are kept securely. Recently some UK school CCTV was even found recently streaming onto US websites.
28% of parents say their school uses Internet Monitoring software but don’t know how. Software designed for web monitoring by commercial companies as part of safeguarding in schools can be used by staff to control the child’s webcam. Freedom-of-Information requests collected between December 2016 and April 2017 from 190 schools in England and 30 schools in Northern Ireland for the defenddigitalme report The State of Data: New rights and Responsibilities show 50% of schools that replied, enable this web monitoring software on BYOD (Bring your own [private mobile] device).
It appears increasingly that schools track a child’s Internet searches on the child’s personal phone remotely, or on a school laptop a pupil has home for the summer holidays. Parents clearly want to know how these flags and watchwords are being used about their children.
86% of parents think that both children and parents should be informed of what the consequences are if these keywords are searched for, and 69% believe children should be told what these keywords are.
Parents were also asked about their levels of trust in third parties to use their child’s national pupil data appropriately.
While parents give the Department for Education a high level of trust to use data well (68%), almost the same number of parents (69%) said they had not been informed the DfE may give out data from the National Pupil Database to third parties.
We campaign for inappropriate uses to be curtailed in order to keep pupil data safe, and for transparency and fairness which are integral to trust. Trust in how the public expect their personal data to be used must be cherished, if academic research uses in data are to remain protected. Misuse of data for other purposes, or uses beyond the public’s reasonable expectations puts this trust at risk.
On a scale from 0 to 10, where 0 means “don’t trust at all” and 10 means “trust a lot”, to what extent do you trust each of the following to use your child’s personal data appropriately?
Better policy and practice is needed
We believe parents and children have lost control of a child’s digital footprint by their 5th birthday due to national and local policy and practice in education.
defenddigitalme wants the government to:
- respect a child’s right to see their own national pupil record and support Subject Access Requests
- inform parents and children directly how their personal data are distributed at national level,
- make all pupil data safe, ending distribution of identifying data; and
- acknowledge that parents and children want to have consent over how their data are used and start work to make this happen.
Schools need much more support to understand data protection laws, and do better for our children, to have safe, fair and transparent data about us, to meet their responsibilities under the new UK Data Protection Act coming soon, and the General Data Protection Regulation (GDPR). Over a third (38%) of those who said their child’s school uses biometric technology said they were not offered a choice of whether to use this system or not and 50% have not been informed how long the fingerprints or other biometric data are retained for, or when they will be destroyed — despite the Protection of Freedoms Act 2012 requiring parental consent, and an alternative to be on offer, showing that practical guidance is needed to help schools understand how to implement the legislation.
We believe a Statutory Code of Practice would support schools and companies in better applying their data protection and privacy law responsibilities with clarity, confidence, and consistency, and that it would better support parents’ and children’s rights in education.
This survey was carried out as part of defendigitalme’s work in a review of children’s data privacy in education for The State of Data 2018. defenddigitalme is currently fundraising for a judicial review of the Department for Education’s use of children’s sensitive data collected in the Alternative Provsion census.
For more information please Contact defenddigitalme
Email email@example.com or call 07510 889833.
defenddigitalme commissioned the survey from Survation as part of research for an upcoming report, The State of Data 2018: New rights and responsibilities, a review of children’s data privacy and protection in England.
The Data Protection Bill
The Bill started Second Reading in the House of Commons on Monday March the 5th and new laws and the General Data Protection Regulation (GDPR) are enforceable from May 2018. https://services.parliament.uk/bills/2017-19/dataprotection.html
The National Pupil Database
More background: https://en.wikipedia.org/wiki/National_Pupil_Database
We commissioned Survation to carry out a survey of 1,004 parents of children age 5-18 in state educated schools in England between February 17 and 20th.
For more information please contact Survation email firstname.lastname@example.org or call 0203 818 9661.
Full tables can be found here.
Personal data was defined as any information that can be used to identify a child.
The polling was carried out by Survation, on behalf of defenddigitalme, between 17th-20th February. The survey was conducted online with a sample size of 1,004 parents of children aged 5-18 in state education in England. Survation is a member of the British Polling Council and abides by its rules.
About defenddigitalme and what we do
We are a non-partisan civil society organisation. We campaign for safe, transparent and fair use of personal confidential data across the education sector in England. This work was funded as part of our 2017-18 grant from the Joseph Rowntree Reform Trust Ltd. for which we are very grateful. defenddigitalme | Registered company number 10768509 | ICO registration number ZA267313.
This report is distributed under the terms of the Creative Commons Attribution 4.0 International licence, which permits unrestricted use, distribution and reproduction in any medium, provided the original authors and source are credited. Original illustrations by Rebecca Hendin are excluded from this licence but available on request.