Schools have responsibility but not control over pupils’ data

by | Apr 23, 2025 | Uncategorized

Schools have responsibility but not control over pupils’ data

New report states “Schools have responsibility but not 

control over pupils’ data” 

A new report by the Digital Futures Commission recommends that the government ‘s Data Reform Bill should regulate data taken by educational technologies (EdTech) services widely used in schools.

“It is near-impossible to discover what data is collected by EdTech. Data collection is so extensive that we think that once combined, it is likely to be sufficient to construct a full profile of each individual child, including their identity, location, biometrics, preferences and abilities,” report author and barrister Louise Hooper.
Test studies were conducted on Google Classroom and ClassDojo, an app designed to help teachers manage pupil behaviour, as they were both widely adopted by schools to provide remote and hybrid learning during the pandemic and have remained since.
The main issue being that relatively strong data protection terms applied to education-focused services including Google Classroom stop applying when a child moves to other Google products such as YouTube. Due to government pressure in Germany and the Netherlands, Google has changed the way it handles children’s data but does not appear to 
have done this in the UK.
The report recommended that under UK data protection law the government should introduce specific rules for EdTech suppliers “to relieve schools of the impossible burden of managing data protection without impeding uses of education data to benefit children and the wider public interest”.
Rectifying the situation in children’s best interests is difficult because the size of EdTech companies’ and the lack of real clarity in their privacy policies and legal terms making it almost impossible for schools and children to counter or renegotiate how companies process data from children.
For more information read the DFC report here
Collecting Staff Vaccination Data

Collecting Staff Vaccination Data

Collecting Staff Vaccination Data There is no quick answer as to whether schools are legally permitted to collect vaccination data.   As well as considerations under data protection law, employers must also be mindful of obligations arising under areas such as...

Sharing Personal Data with the Police

Sharing Personal Data with the Police

One of the most common questions we get asked concerns sharing data with law enforcement offices. The UK GDPR does not prevent you sharing personal data with such bodies such as the police (known under data protection law as “competent authorities”) who are...

Core Principles of Data Protection

Core Principles of Data Protection

And the rights of individuals  Core Principles of Data Protection  Data must be processed lawfully, fairly and in a transparent manner Data must be collected for specified, explicit and legitimate purposesThe data collected must be adequate, relevant and limited to...