Chapter 2 of Part 1 of The Protection of Freedom Act 2012 was commenced on 1 September this year, to little publicity. It contains quite radical provisions regarding use of children’s biometric information.
(…One for the no doubt thousands of younger readers of this blog…)
Hey kids – want to annoy your teachers and your parents while at the same time asserting your rights to autonomous decisions about your privacy? Then put down your tamagotchis, or whatever it is you play with these days, and have a look at Chapter 2 of Part 1 of The Protection of Freedoms Act 2012 (POFA). Bear in mind (as I know you will, as you guzzle your ginger beer) that, by virtue of The Protection of Freedoms Act 2012 (Commencement No. 9) Order 2013, sections 26, 27 and 28 of POFA are now in effect.
And note that, if your school processes your biometric information (for instance, if you have to provide your fingerprints in order to register, or to access libraries (to read the latest Enid Blyton, no doubt) or get school meals) then (after September 1 this year) the school has to have informed your parents that it is going to do this (or continue to do this). If your parents object, then the school has to stop (and almost certainly give you an alternative way of registering/accessing the library/getting school meals etc). The school
must ensure that a child’s biometric information is not processed unless—
(a)at least one parent of the child consents to the information being processed, and
(b)no parent of the child has withdrawn his or her consent, or otherwise objected, to the information being processed….
The relevant authority must ensure that reasonable alternative means are available by which the child may do, or be subject to, anything which the child would have been able to do, or be subject to, had the child’s biometric information been processed.
But also note (here’s the totally rad bit) that, even if your parents are OK with it, you have the right to object, and if you do, that trumps what your parents, and your school, think. Cool eh?
if, at any time, the child—
(a)refuses to participate in, or continue to participate in, anything that involves the processing of the child’s biometric information, or
(b)otherwise objects to the processing of that information,
the relevant authority must ensure that the information is not processed, irrespective of any consent given by a parent of the child
Now, kids, you will have your own views, and some of you may approve of administrative systems which rely on the gathering, use and retention of personal information. You may think that the potential time- and costs-saving benefits are the most important factors at play. But some of you might well object, on perfectly reasonable grounds. You might be worried about what might happen if, for instance, this information fell into the wrong hands, or was simply kept too long, and was misused to your detriment. You might even object in principle to this sort of private information being used in this sort of way, when there are less intrusive methods available.
And you might want to consider that, if sufficient of your classmates object, under what is an admirable and rather radical statutory scheme which gives priority to the wishes of children, then the whole purpose of having this sort of system (convenience and cost benefits for the school) might fall away.
informationrightsandwrongs 
May not be a bad idea for us to have a chat?
Hi Joseph – sounds a good idea. As newly-elected chair of NADPO I’m keen to forge links with organisations and institutions with common aims and interests.
But if a child of a suitable age positively consents, is it not a breach of his / her human rights to allow a parental veto ?
That is a very good point – drafting error?
I am a firm believer in the use of biometric technology to further public safety and efficiency.
However, a key consideration in the use of this technology should be proportionality; is the collection of such sensitive data justified for the benefit realised?
Biometric data by its very nature is sensitive and absolute assurance must be provided that it will managed, secured and used appropriately. Given this, the consent of those whose data will be captured should be sought, and the use of such systems should not be mandated without such consent (with caveats for government, law-enforcement and public safety deploments).
Minors, by definition, are unable to supply consent, so the responsibility to do so (or to withhold consent) must fall upon the parents AFTER they have been given the opportunity to ensure they are satisfied that their child’s data is appropriately safeguarded and all privacy concerns have been considered within the context of the benefit to their child.
http://allevate.com/blog/index.php/2012/12/29/uk-schools-banned-from-fingerprinting-pupils-without-parental-consent/
It’s a very outdated idea that “minors” cannot give or withhold consent, and, explicitly, this is contradicted by the provisions of POFA which I have written about here. Children *can* refuse consent to the processing by schools of their biometric data, and that refusal of consent overrides any expression of consent that parents might have given.
Particularly we all know of 16 and 17 year olds we wouldn’t trust to open a tin of beans let alone understand issues around consent to the use of their data while also knowing younger children who are more than switched on and would be fully aware of the issues concerned.
” must ensure that a child’s biometric information is not processed unless—
(a)at least one parent of the child consents to the information being processed, and
(b)no parent of the child has withdrawn his or her consent, or otherwise objected, to the information being processed….
The relevant authority must ensure that reasonable alternative means are available by which the child may do, or be subject to, anything which the child would have been able to do, or be subject to, had the child’s biometric information been processed.”
great something.everyone should remember it
Do you think this would be valid for children’s opt out 100% of HSCIC data?
No definitely not – these are specific statutory provisions regarding processing of children’s biometric data by schools. I think any possible challenge to HSCIC collection would have to under the Data Protection Act (tricky, because care.data has statutory underpinning) or/and a broad brush Article 8 challenge.
How about at Amusement Parks? I live in Tampa and take my children to Busch Gardens as well as another water park ran by the same company. The are usually good about me going in without scanning my fingerprint however, I was told that my daughter who is 7 had to scan her finger. I refused. I understand that they can refuse me admission however do they have to follow the same rules in regards to children?
Hi Andrew – I’m afraid I don’t know how the law operates in the USA. In the UK, and most of Europe, that sort of thing would engage data protection law, and the amusement park operator would need to justify the practice and show that it was fair and lawful to take your daughter’s biometric data in that way. As far as I know the US doesn’t have equivalent laws at federal level, but whether there are any state laws engaged is something else.