Facial recognition in UK schools: ICO intends to intervene
Facial recognition in UK schools for collecting meal payments has raised some concerns, over which the ICO intends to intervene.
Nine schools in North Ayrshire are currently using a facial recognition payment system in their canteens. The change happened this month, and schools claim that it helps the lunch line move more quickly, while also offering a contact free method of payment for students during the COVID-19 pandemic. However, this situation has raised much concern, and the ICO deems it necessary to intervene, and encourage a less intrusive approach to collecting contract free payments quickly for student meals.
While fingerprints have been used in UK schools for years, privacy advocates believe that using facial recognition technology is an unnecessary and intrusive step.
The use of live facial recognition technology in schools has been challenged because of issues with consent. While CRB Cunninghams, the company installing the software claims that the parents had to give explicit consent and cameras check against encrypted faceprint templates stored on school servers, many are wondering whether such an intrusive method of collecting payments is indeed necessary. The use of facial recognition in UK schools involves using sensitive, biometric, special category data. According to this article from The Guardian, Silkie Carlo, the director of Big Brother Watch said “This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children’s personal information could be shared with and there are some red flags here for us.” According to the North Ayrshire council, 97% of children or their parents have consented to the use of the new system.
A representative from the ICO has suggested that school officials should consider a less intrusive manner of collecting payments if the same effect can be achieved.
The ICO has been made aware of the situation regarding facial recognition in North Ayrshire schools and intends to make an inquiry with the North Ayrshire council. The ICO is of the view that if the same effect can be achieved using less intrusive methods of collecting payments, then this should be done. Organisations which use facial recognition technology need to comply with data protection law before, during and after the use of the technology. A representative from the ICO said “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so.” While parents and guardians may have consented to the use of facial recognition in UK schools for collecting meal payments, the question here is whether this is indeed the best approach for contact free payments from minors.
Do you need additional insight on facial recognition and GDPR specific to your company’s operations? Aphaia can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- Data protection standards for adtech outlined by ICO - December 2, 2021
- Children’s Code compliance called to question by the ICO - November 23, 2021