Pippa King is a UK-based activist seeking transparency and accountability with the use of biometric surveillance, particularly when it comes to the surveillance of children. We speak with her about the invasive technologies appearing in schools and the challenges of enforcing existing privacy laws.
What are examples of some of the most egregious collections of biometrics/data at schools that you’ve encountered?
- A child refused to have his fingerprint taken and was placed in solitary confinement for a day—even though he was within his rights to refuse his biometrics being processed based on the UK’s Protection of Freedom Act.
- RFID tagging over 5,000 kids to real-time track them without their knowledge at West Cheshire College for two years to develop IEEE technology.
- Infrared palm vein scanning used in a primary school in Scotland in 2006.
- Using experimental mood-indexing biometric technology to gauge the emotions of students in class in China.
What is coming in terms of biometric or data collection tech in schools and/or in public in general—for lack of a better phrase, the “next big thing”?
Biometric facial recognition verification ID for tablet use for homework. For example, Scotland has undertaken a large program of giving students iPads, and while at the moment facial recognition is not used to verify who is doing the homework, such technology has been used in schools in California to scan the faces of iPad users every minute to check who was at the screen. This was eventually scrapped due to privacy issues, but this technology is ready to go.
Some parents might consider CCTV and RFID tags to be great safety features. What would you say to them?
The UK has one of the largest numbers of CCTV cameras per person. As far as I know, the levels of crimes solved are not proportionate to the cameras that we have. But I do see a need to have cameras in schools for other reasons than “safety”—I think they could be useful to resolve disputes.
Kids learn by taking risks. There is little evidence that technology keeps them safe. In fact, an RFID tag only provides the location of the tag and not the child—thus giving a false indication of their true location, potentially compromising the safety of the child.
A lot of adults don’t take basic steps to safeguard their privacy and data. Do you find that children are more aware than adults on this issue? Are children being educated enough on this subject?
In my opinion, children are blissfully unaware of how their data is used in schools and the potential to impact their privacy. I do not think they are educated enough on the issue. I would like to see data protection and their privacy rights as in the Protection of Freedom Act and Data Protection Act taught as part of their personal, social, health, and economic (PSHE) education in schools.
In my opinion, children are blissfully unaware of how their data is used in schools and the potential to impact their privacy.
You campaigned for the passage of the UK’s Protection of Freedoms Act 2012, which requires at least one parent to consent to a child’s biometrics being processed, while also allowing a child to opt out (among other privacy protections). More than 10 years on, how would you sum up the difference that the Act has made?
The Act has brought some level of awareness to parents and students in schools about biometric technology uses. However, a recent survey in 2018 by Defend Digital Me found that “38% of parents whose children were using biometrics in school said they had not been offered any choice, and over 50% had not been informed how long the fingerprints or other biometric data is retained for, or when they will be destroyed.” So there is still a way to go in clarifying both a pupil’s and parent’s rights in the respect of schools taking and processing a students biometric data.
What single piece of privacy legislation do you want to see passed into law right now? Why is it important?
That’s difficult as everyone’s privacy boundaries are different. GDPR/data protection legislations are good but useless unless enforced. In a recent case, North Ayrshire Council were using over 2,500 children’s faces for a facial recognition system that enabled them to buy lunch—a program described by Defend Digital Me as “likely unlawful”—yet there was no enforcement of the law in this instance by our UK data regulator, the Information Commissioner.
The Protection of Freedoms Act is not always adhered to, and no regulator polices that legislation or the Data Protection Act with regards to breaches of children’s biometric data, so it would seem that those legislations are not necessarily a safety mechanism for our children’s biometric data.
I would say we have adequate legislation, but need a better way of monitoring and regulation.
This is important because technology is a fantastic tool. However, I think we have been like kids in a candy shop gorging ourselves with tech over the past 30 years. I think tolerances need to be made in our future society to accommodate those that wish to swim in the sea of digital data and those of us that don’t. Kids do not necessarily have that choice, and I think that their digital data must be very closely scrutinized by responsible regulators, with parents and schools teaching our next generation to be digital data responsible—which is not really happening at present.
We have been like kids in a candy shop gorging ourselves with tech over the past 3o years.
You are clearly passionate about stopping biometric data collection and surveillance in schools. What drives this passion?
Initially by children using biometric fingerprint scanners. This was sending my young children a subtle, subconscious message that it was O.K. to give up their most sensitive, irreplaceable data to eat, to read a book, to access areas or their money.
Using a child’s biometrics in this way is simply not necessary when other identification methods are available, as enshrined in our Data Protection Act and GDPR—but those legislations need to be enforced, especially with the younger generation. Their digital data needs to be secure for the span of their lifetime, and who knows where computing, hacking, or AI and “presuming” capabilities may be at in say 30-plus years’ time?
Finally, what are five tools (like apps, devices, or other methods) you use to protect your privacy?
- First tool is me—being aware of who I am giving my data to and where I leave my personal digital footprint.
- I use a VPN.
- Use cash as much as I can.
- Switch my phone off when I can.
- Try to live life without a screen.
Mask your IP address with a VPN
30-day money-back guarantee