Use of facial recognition in schools. DPIA’s are essential.

by | Apr 23, 2025 | Uncategorized

Use of facial recognition in schools. DPIA's are essential.

Facial Recognition – DPIA’s are essential

North Ayrshire council was criticised for attempting to introduce facial recognition technology so that pupils can pay for school meals in an attempt to speed up service and to reduce the risk of spreading Covid-19 via pin pads or fingerprint recognition.

However, the authority came under fire from privacy campaigners and the Information Commissioner’s Office (ICO) stepped in.
The council stated that the “facial registrations” are encrypted and cannot be used by another agency, and when the student leaves school or opts out of the system, they will be deleted.” And that it added : “Facial recognition has been assessed as the optimal solution that will meet all our requirements.”
Many parents questioned its use and said that the phrasing of the consent that they were asked to give for its use wasn’t “freely given, specific, informed and unambiguous indication of the data subject’s wishes..”
Concerns have also been raised previously about facial recognition technology because it frequently misidentifies women and people of colour.
Significantly, the biometrics company refused to disclose who else children’s personal information could be shared, which should certainly ring alarm bells.
In response to the queries, the ICO commented that “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so,” an ICO spokesperson told the Guardian.
“Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner. We are aware of the introduction, and will be making inquiries with North Ayrshire council.”
This prompted the Council to suspend the initiative.
The matter highlights a few things:
  • Firstly, whilst the Council claims it was an appropriate system to use, each school should conduct their own Data Protection Impact Assessment to prove that they are satisfied with the features of the product. 
  • Also it is important to understand that the UK GDPR is in place to protect the individual not an organisation, and the individual’s protection should be paramount. Not knowing things such as exactly where personal data is stored or with whom it is being shared are unacceptable. 
What to do if Your School Suffer a Data Breach

What to do if Your School Suffer a Data Breach

Data Breach: What to do if your school suffers a data breach:   Our growing reliance on technology has been compounded and increased by the coronavirus  pandemic . From working remotely, to communicating with family, to test and trace apps, to online  shopping, our...

What Schools Must do to Tackle Ransomware Crisis

What Schools Must do to Tackle Ransomware Crisis

What schools must do to tackle ransomware crisis! Cyber criminals are increasingly using ransomware to attack the education sector. The trend is most noticeable in the US, with criminals locking up school’s systems and demanding a payment to release the data, but...

Support for UK Education Sector After Growth in Cyber Attacks

Support for UK Education Sector After Growth in Cyber Attacks

The NCSC has updated an alert following the increase in ransomware attacks against the education sector National Cyber Security Centre (NCSC) provides additional support for education establishments following rise in ransomware attacks since late February Spike in...