By Kruakae Pothong and Sonia Livingstone
The rise in data-driven education is marked by polarised discourses of hopes for the beneficial uses of data about children in education (“education data”) and harms, mainly from unreliable technologies and commercial exploitation. Those full of hopes say education data can be leveraged to improve administrative decision-making and resource allocation, personalised learning, learning analytics design and assistive technologies to enhance learning experience and outcome among children with physical as well as learning disabilities. Others raise serious concerns about data protection, privacy, responsible use and ownership and are wary of the known harms, ranging from algorithmic bias affecting students’ educational progression to discrimination under the Equality Act 2010 in local government decisions about education, welfare and social care.
So, is there a problem with the current data governance regime for children’s learning? Governance of data for children’s learning in UK state schools argues that yes, there is. This report, by human rights lawyer Emma Day, marks the Digital Futures Commission’s first step towards its recommendations for data governance mechanisms that can uphold child rights while unlocking the potential of education data. It focuses on “National School Data” and learning-related EdTech, and is grounded in a legal analysis of applicable governance frameworks and expert interviews.
The analysis reveals significant regulatory and implementation gaps in data processing in education contexts. The data collected from UK children while they learn at school is governed by five parallel pieces of legislation . Yet there is a lack of enforceable guidance for translating these legal requirements into practice for different types of data controllers and processors. The division of responsibility between schools and EdTech providers is unclear, undermining schools’ and children’s control and autonomy over the data generated and processed during teaching and learning.
Schools are not provided with the legal and technical resources to navigate the complex education data landscape or hold EdTech providers to account for their processing of education data and its outcomes. Children can rarely opt out of the EdTech services schools use for teaching and learning and they lack the practical means to rectify any wrongs in the processing of their education data. By contrast, EdTech providers have considerable flexibility in interpreting the law, with little oversight over their compliance. Thus they enjoy access to real-time learning data from children which they can use for product development and sharing with third parties.
The report highlights the need for systemic change, including child rights-respecting data governance and independent oversight mechanisms to bridge the regulatory and implementation gaps identified in the report. Immediate steps to be considered include requiring existing tools (such as data protection impact assessment (DPIA), child rights impact assessment (CRIA) and ISO/IEC privacy and security standards) to be required of EdTech companies and built into schools’ procurement processes, together with the development of authoritative guidance regarding standard contract clauses that respect children’s rights). Further steps could involve developing an EdTech Code of Practice, similar to that of the Age Appropriate Design Code (AADC), for the development and audit of EdTech services procured by schools. Such code, could initially be voluntary but should be equipped with a regulatory backstop and penalties for violation. Such steps are surely necessary before the public benefits of increased collecting and sharing children’s education data can be fully explored and widely debated.
The governance of data for children’s learning in the UK state schools represents our first, crucial step towards envisioning a child rights-respecting future for education data and EdTech. Join us in our launch of the report. We are keen to engage with diverse views about what research is needed next, and how our work and recommendations could be developed further.
 Data processing that this report focuses on is governed by the Education Act 1996, the UK General Data Protection Regulation (GDPR), the Human Rights Act 1989, the Equality Act 2010 and the Digital Economy Act 2017.