By Baroness Beeban Kidron
When I first introduced the Age Appropriate Design Code (AADC) into the Data Protection Bill in 2018, I had no idea that it may not apply to education settings. Now, a few years on, there is still some confusion.
What happens if schools are working remotely: does the AADC suddenly apply? Or if a teacher uses an app or service in the classroom that they downloaded directly from the internet: does the AADC no longer apply? Why is there a difference between state and private schools, when surely all pupils need their data protected? Why is the burden disproportionately put on teachers and schools to understand the complex data processing terms set out in the terms and conditions of services that are hungry for data? And, perhaps most crucially of all, why are schools sharing intimate pupil data (wittingly and not) with commercial companies at all?
The Digital Futures Commission’s new report, Governance of data for children’s learning in UK state schools, by human rights lawyer Emma Day, starts the work of unravelling these questions, and in doing so identifies gaps in provision, gaps in clarity, gaps in understanding. As such, it is the first step to working out what good might look like when the education sector and schools are brought into an effective data protection regime.
At the report’s launch, we heard from the report’s author, Emma Day, the Digital Futures Commission’s lead, Professor Sonia Livingstone, the ICO’s Jacob Ohrvik-Scott, and the BBC Research and Design’s principal research engineer, Bill Thomson. Responses to our report – from panellists and from our well-informed attendees – concurred that better data governance for EdTech focused on children’s best interests is urgently needed.
Our decision to work on education data preceded the pandemic that has shown just how urgent it is that government acts. The pandemic required emergency provision of remote learning, but it also supercharged the centrality of Google Classroom and Microsoft Teams in our schools. This normalised the use of a wide variety of EdTech without any corresponding protections, either in the proposed Online Safety Bill or by formally extending the AADC so its application is beyond doubt.
The report owes a huge debt to defendigitalme who in 2020 published a detailed analysis of what was happening to pupil data. We salute them for their persistence in bringing this issue to the fore. While the Digital Future Commission’s report examines the regulatory questions and regime failure, it is important to keep in mind what is at stake. Data includes anything from intimate details of a medical visit made to the school nurse or assumptions about the child’s attitude or behaviour to how many clicks per minute pupils are doing in any particular lesson – and everything in between. Sharing this data, without adequate protection, leaves it open to abuse, discrimination, misinterpretation, commercial exploitation. And, if interpreted or used poorly, this can profoundly impact on a child’s life chances.
There is undoubtedly, a positive role for data analytics to promote education, to support school administration, to make learning more fun or more styled to a particular pupil – or simply for research. But all those benefits rely on creating a data protection system applicable across the sector that is fair, trusted and understood. The DFC under the leadership of Professor Sonia Livingstone OBE is starting on the journey of describing what that system could be. We hope that this analysis of existing regulatory systems is a useful start.
Baroness Beeban Kidron OBE is the Founder and Chair of 5Rights. She is a Crossbench member of the House of Lords and sits on the Democracy and Digital Technologies Committee. She is a Commissioner for UNESCO’s Broadband Commission for Sustainable Development where she is a member of the Working Group on Child Online Safety; a member of Unicef’s AI group; and sits on the Council on Extended Intelligence.