Feeds

Schools can fingerprint children without parental consent

DfES qualifies its stance

Secure remote control for conventional and virtual desktops

Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner.

But parents who have campaigned against school fingerprinting might still be able to bring individual complaints against schools under the Data Protection Act (DPA).

DfES admitted to The Register that schools can fingerprint children without parents' permission.

This position has also been taken by the Information Commissioner, who interprets and enforces the Data Protection Act - the law privacy campaigners hope might be used to stop schools fingerprinting their children.

The Information Commissioner's Office (ICO) is drawing up guidance on the use of fingerprints for purposes other than law-enforcement. The guidance will say once and for all whether parents can prevent their children's fingerprints being taken.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

"The Data Protection Act talks of consent of the individual - essentially that's consent of the child," he said.

"Now there's a requirement that consent is informed and freely given. That will depend on the age of the child," he said.

The idea is that as long as children can understand the implications of what they are being asked to do, they can give consent without deferring to their parents.

"The Data Protection Act is about the pupil's rights, not the parents' rights over the children's information," said Smith.

The ICO set a precedent of sorts over the consent of children with regard to direct marketing. It decided that kids could sign up to get free gumpf through the post without parental consent unless they were required to hand over detailed personal information.

You might think that a child's fingerprint is one of the most personal pieces of information that can be stored in a database. But the type of information is irrelevant to the Act. Even a child's age is of little importance to the DPA, said Smith.

More important than consent even, the guidance will consider how a fingerprinting system has been applied: whether it is reasonable and proportionate. If a school wants to use children's fingerprints to control their use of its library books, anti-biometric parents might not have much room for protest within the law.

Even where the act does consider consent of the child, it cannot rule in a blanket fashion so as to, say, proclaim that schools should seek parental consent before fingerprinting children below a certain age.

"The capacity of a child to make a decision varies from child to child, while some decisions are more involved than others," said Smith.

What do you do, Smith asks, if a child refuses to have its fingerprint taken but a parent insists that it should?

The DPA is clear on this. The parent only has limited opportunity to control the consent of their child.

"Where the child isn't capable of giving consent then under the data protection act it should go to the parents," said Smith.

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.