Feeds

Schools can fingerprint children without parental consent

DfES qualifies its stance

SANS - Survey on application security programs

Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner.

But parents who have campaigned against school fingerprinting might still be able to bring individual complaints against schools under the Data Protection Act (DPA).

DfES admitted to The Register that schools can fingerprint children without parents' permission.

This position has also been taken by the Information Commissioner, who interprets and enforces the Data Protection Act - the law privacy campaigners hope might be used to stop schools fingerprinting their children.

The Information Commissioner's Office (ICO) is drawing up guidance on the use of fingerprints for purposes other than law-enforcement. The guidance will say once and for all whether parents can prevent their children's fingerprints being taken.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

"The Data Protection Act talks of consent of the individual - essentially that's consent of the child," he said.

"Now there's a requirement that consent is informed and freely given. That will depend on the age of the child," he said.

The idea is that as long as children can understand the implications of what they are being asked to do, they can give consent without deferring to their parents.

"The Data Protection Act is about the pupil's rights, not the parents' rights over the children's information," said Smith.

The ICO set a precedent of sorts over the consent of children with regard to direct marketing. It decided that kids could sign up to get free gumpf through the post without parental consent unless they were required to hand over detailed personal information.

You might think that a child's fingerprint is one of the most personal pieces of information that can be stored in a database. But the type of information is irrelevant to the Act. Even a child's age is of little importance to the DPA, said Smith.

More important than consent even, the guidance will consider how a fingerprinting system has been applied: whether it is reasonable and proportionate. If a school wants to use children's fingerprints to control their use of its library books, anti-biometric parents might not have much room for protest within the law.

Even where the act does consider consent of the child, it cannot rule in a blanket fashion so as to, say, proclaim that schools should seek parental consent before fingerprinting children below a certain age.

"The capacity of a child to make a decision varies from child to child, while some decisions are more involved than others," said Smith.

What do you do, Smith asks, if a child refuses to have its fingerprint taken but a parent insists that it should?

The DPA is clear on this. The parent only has limited opportunity to control the consent of their child.

"Where the child isn't capable of giving consent then under the data protection act it should go to the parents," said Smith.

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.