Feeds

Schools can fingerprint children without parental consent

DfES qualifies its stance

Application security programs and practises

Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner.

But parents who have campaigned against school fingerprinting might still be able to bring individual complaints against schools under the Data Protection Act (DPA).

DfES admitted to The Register that schools can fingerprint children without parents' permission.

This position has also been taken by the Information Commissioner, who interprets and enforces the Data Protection Act - the law privacy campaigners hope might be used to stop schools fingerprinting their children.

The Information Commissioner's Office (ICO) is drawing up guidance on the use of fingerprints for purposes other than law-enforcement. The guidance will say once and for all whether parents can prevent their children's fingerprints being taken.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

"The Data Protection Act talks of consent of the individual - essentially that's consent of the child," he said.

"Now there's a requirement that consent is informed and freely given. That will depend on the age of the child," he said.

The idea is that as long as children can understand the implications of what they are being asked to do, they can give consent without deferring to their parents.

"The Data Protection Act is about the pupil's rights, not the parents' rights over the children's information," said Smith.

The ICO set a precedent of sorts over the consent of children with regard to direct marketing. It decided that kids could sign up to get free gumpf through the post without parental consent unless they were required to hand over detailed personal information.

You might think that a child's fingerprint is one of the most personal pieces of information that can be stored in a database. But the type of information is irrelevant to the Act. Even a child's age is of little importance to the DPA, said Smith.

More important than consent even, the guidance will consider how a fingerprinting system has been applied: whether it is reasonable and proportionate. If a school wants to use children's fingerprints to control their use of its library books, anti-biometric parents might not have much room for protest within the law.

Even where the act does consider consent of the child, it cannot rule in a blanket fashion so as to, say, proclaim that schools should seek parental consent before fingerprinting children below a certain age.

"The capacity of a child to make a decision varies from child to child, while some decisions are more involved than others," said Smith.

What do you do, Smith asks, if a child refuses to have its fingerprint taken but a parent insists that it should?

The DPA is clear on this. The parent only has limited opportunity to control the consent of their child.

"Where the child isn't capable of giving consent then under the data protection act it should go to the parents," said Smith.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.