The UK Department of Education collects highly sensitive personal data about students for the National Pupil Database, which is routinely shared with other departments and third parties for academic and commercial use. Some children are labelled as young offenders, disabled, or having mental health issues. Because this data is stored indefinitely, these labels can be shared and used throughout someone’s lifetime.
Based on complaints by defenddigitalme in 2019, and an earlier complaint from Liberty and Against Borders for Children on the distribution of pupil data to the UK Home Office, the UK Information Commissioner’s Office audited the Department of Education in 2019-20. A summary of the audit report was published in October 2020 and found that the Department had broken the law in the processing of the database, containing details of every state school pupil in England since 2002. Data protection was not being prioritised and they were not fulfilling their duties that data “shall be processed lawfully, fairly and in a transparent manner.” The audit listed more than 130 recommendations for the Department to implement.
UK's national pupil database
Organisation Name
defenddigitalme
Country/Jurisdiction
United Kingdom
Amount Granted
EUR 83,451
Current Status
Case won; further litigation planned
Grant type
Single Instance Litigation Support
Description
The UK Department of Education collects highly sensitive personal data about students for the National Pupil Database, which is routinely shared with other departments and third parties for academic and commercial use. Some children are labelled as young offenders, disabled, or having mental health issues. Because this data is stored indefinitely, these labels can be shared and used throughout someone’s lifetime.
Based on complaints by defenddigitalme in 2019, and an earlier complaint from Liberty and Against Borders for Children on the distribution of pupil data to the UK Home Office, the UK Information Commissioner’s Office audited the Department of Education in 2019-20. A summary of the audit report was published in October 2020 and found that the Department had broken the law in the processing of the database, containing details of every state school pupil in England since 2002. Data protection was not being prioritised and they were not fulfilling their duties that data “shall be processed lawfully, fairly and in a transparent manner.” The audit listed more than 130 recommendations for the Department to implement.
defenddigitalme is now considering further litigation, through judicial review proceedings at the UK High Court, to ensure that the Department implements the required changes that would ensure pupil data storage and use meets privacy and data protection standards.
"Some children are labelled as young offenders, disabled, or having mental health issues. Because this data is stored indefinitely, these labels can be shared and used throughout someone’s lifetime"
Strategic Goal
For the UK Information Commissioner’s Office or High Court to rule that current data processing practices in the context of the National Pupil Database are in breach of data protection law. Ultimately, defenddigitalme want to ensure, across the UK, that the information stored about students is time-bound and limited and that every family knows how, when, and why their child’s data is being collected and processed.
Media and related links
Organisation Name
Women’s Link Worldwide
Image credit: Yustinus Tjiuwanda on Unsplash