Schools have responsibility but not control over pupils’ data

by | Apr 23, 2025 | Uncategorized

Schools have responsibility but not control over pupils’ data

New report states “Schools have responsibility but not 

control over pupils’ data” 

A new report by the Digital Futures Commission recommends that the government ‘s Data Reform Bill should regulate data taken by educational technologies (EdTech) services widely used in schools.

“It is near-impossible to discover what data is collected by EdTech. Data collection is so extensive that we think that once combined, it is likely to be sufficient to construct a full profile of each individual child, including their identity, location, biometrics, preferences and abilities,” report author and barrister Louise Hooper.
Test studies were conducted on Google Classroom and ClassDojo, an app designed to help teachers manage pupil behaviour, as they were both widely adopted by schools to provide remote and hybrid learning during the pandemic and have remained since.
The main issue being that relatively strong data protection terms applied to education-focused services including Google Classroom stop applying when a child moves to other Google products such as YouTube. Due to government pressure in Germany and the Netherlands, Google has changed the way it handles children’s data but does not appear to 
have done this in the UK.
The report recommended that under UK data protection law the government should introduce specific rules for EdTech suppliers “to relieve schools of the impossible burden of managing data protection without impeding uses of education data to benefit children and the wider public interest”.
Rectifying the situation in children’s best interests is difficult because the size of EdTech companies’ and the lack of real clarity in their privacy policies and legal terms making it almost impossible for schools and children to counter or renegotiate how companies process data from children.
For more information read the DFC report here
Electronic vs. Paper copies

Electronic vs. Paper copies

Should you keep both electronic and paper records of some important data? In light of the ever increasing number of cyber attacks on the education sector, and the advice given by the NCSC,  we at DPO For Education continue to advise our clients to keep both electronic...

Appointing a Data Protection Officer

Appointing a Data Protection Officer

A simple guide to understand the role of a DPO in schools and who is and who is not suitable for the role. Whatever the size and setting of your school, the GDPR (General Data Protection Regulation) places high expectations on you to protect the personal data in your...

GDPR DOs & DONT’S Infographic

GDPR DOs & DONT’S Infographic

Training and Awareness is a way to inform your staff that data protection is everyone’s responsibility and that small steps to protect data can make a big difference. Print this poster to display in the staff room and offices. Poster: GDPR - Data Protection Dos and...