Student data privacy compromised in UK, at risk in US
The Information Commissioner’s Office (ICO) in the UK has issued a reprimand to the Department for Education (DfE) following a prolonged misuse of the personal information of roughly 28 million children.
The warning follows an ICO investigation that found that the DfE’s poor due diligence resulted in a database of pupils’ learning records being used by employment screening firm Trust Systems Software UK (AKA Trustopia) to check whether people opening online gambling accounts were 18 using age verification technology.
According to the ICO, the DfE did not use the database for its original purpose, thus going against data protection law.
The reprimand notice set out clear measures the DfE needs to take to improve its data protection practices so children’s information is adequately looked after.
“This was a shabby, sorry affair,” comments Yoti’s CEO, Robin Tombs. “DfE had no positive consent from 28 UK million children for their Learning Records data to be used for age / ID? checking by private companies.”
Writing in a LinkedIn post, the executive added that government departments should only license data with clear rules and/or transparent tender processes.
“Otherwise, it damages trust with both the public and the business community,” Tombs adds. “The ICO must be seen to be independent of Govt and should fine on the facts of each case – regardless of whether the organizations involved are private sector or public bodies.”
Yoti says that its own biometrics-based age verification software protects young people’s privacy by not identifying subjects, and discarding data after it is used.
US schools put student privacy at risk
Meanwhile, in the U.S., a new study by the American Educational Research Association (AERA) suggested schools in the country have shared an estimated 4.9 million posts that include identifiable images of students on public Facebook pages.
The paper, published in Educational Researcher, further suggests that 726,000 of the posts mentioned above are thought to identify one or more students by their first and last names.
Images on social media and other internet sites have been used for biometric algorithm training, and can also be searched using facial recognition.
The research counted 18 million publicly accessible posts published by U.S. school accounts between 2005 and 2020.
“While the percentage of Facebook posts that identified students was small, the sheer volume of posts meant that hundreds of thousands of students had personally identifiable information shared by their schools,” comments the paper coauthor Joshua M. Rosenberg, an assistant professor of STEM education at the University of Tennessee, Knoxville.
“These findings suggest that student privacy may inadvertently be threatened by the social media activity of schools and districts.”
The paper comes weeks after parents in Texas were given the option to collect DNA samples of their children using freely distributed test kits.