Feeds

Schools can fingerprint children without parental consent

DfES qualifies its stance

3 Big data security analytics techniques

Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner.

But parents who have campaigned against school fingerprinting might still be able to bring individual complaints against schools under the Data Protection Act (DPA).

DfES admitted to The Register that schools can fingerprint children without parents' permission.

This position has also been taken by the Information Commissioner, who interprets and enforces the Data Protection Act - the law privacy campaigners hope might be used to stop schools fingerprinting their children.

The Information Commissioner's Office (ICO) is drawing up guidance on the use of fingerprints for purposes other than law-enforcement. The guidance will say once and for all whether parents can prevent their children's fingerprints being taken.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

"The Data Protection Act talks of consent of the individual - essentially that's consent of the child," he said.

"Now there's a requirement that consent is informed and freely given. That will depend on the age of the child," he said.

The idea is that as long as children can understand the implications of what they are being asked to do, they can give consent without deferring to their parents.

"The Data Protection Act is about the pupil's rights, not the parents' rights over the children's information," said Smith.

The ICO set a precedent of sorts over the consent of children with regard to direct marketing. It decided that kids could sign up to get free gumpf through the post without parental consent unless they were required to hand over detailed personal information.

You might think that a child's fingerprint is one of the most personal pieces of information that can be stored in a database. But the type of information is irrelevant to the Act. Even a child's age is of little importance to the DPA, said Smith.

More important than consent even, the guidance will consider how a fingerprinting system has been applied: whether it is reasonable and proportionate. If a school wants to use children's fingerprints to control their use of its library books, anti-biometric parents might not have much room for protest within the law.

Even where the act does consider consent of the child, it cannot rule in a blanket fashion so as to, say, proclaim that schools should seek parental consent before fingerprinting children below a certain age.

"The capacity of a child to make a decision varies from child to child, while some decisions are more involved than others," said Smith.

What do you do, Smith asks, if a child refuses to have its fingerprint taken but a parent insists that it should?

The DPA is clear on this. The parent only has limited opportunity to control the consent of their child.

"Where the child isn't capable of giving consent then under the data protection act it should go to the parents," said Smith.

Combat fraud and increase customer satisfaction

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.