On Wednesday 21st October, Wyeside Consulting, with Monckton Chambers, hosted a webinar to discuss EdTech and Data Protection Law. A fantastic line-up of speakers included Susan Nicolai (Director at the EdTech Hub and Senior Research Fellow at the Overseas Development Institute), Will Perry (barrister at Monckton Chambers) and Toby Phillips (Head of Policy and Research at Digital Pathways at Oxford), chaired by Sam Wilson (Education Lead at Wyeside Consulting). The discussion - covering COVID-19 and education, EdTech, the state of data protection laws in Europe and around the world and the present and future of EdTech and data protection governance - attracted over 50 audience members from 8 countries. These are some of the key things we learned:
COVID-19 is causing an educational catastrophe; EdTech has the potential to help.
Nearly 24 million more pupils may either drop out or not have access to school in 2021 as a result of the COVID-19 pandemic. An estimated 500,000 more girls risk being forced into child marriage by 2020. As shown in the recently launched #SaveOurFuture white paper, authored by global education organisations including contributions from the EdTech Hub, education as the bedrock of children’s future is in danger. EdTech has real potential to help, but it also has the potential to cause harm and widen inequality.
Data has huge potential to improve educational decision making
Good quality, timely data is sorely needed to improve decision making in education, especially in lower income countries. EdTech has huge potential to help in this area. In the past EdTech interventions (such as ‘One-Laptop-Per-Child’) have failed by focussing too much on hardware - ‘give them laptops and they will learn’ - whereas education systems are, in reality, far more complex and challenging to improve. EdTech has the power to help decision-makers better diagnose and treat challenges in the education system - this is somewhere it could make a real difference (as argued in the #SaveOurFuture Background Paper on EdTech).
The more powerful the technology, the greater the risk of harm
EdTech is increasingly powerful. It increasingly involves the capability to construct data systems containing sensitive and personal children’s data, AI and biometric systems that can be used for surveillance and software that has the power to hoover up children’s data without their knowledge or consent. Examples such as a Swedish municipality’s breach of GDPR after trialling facial recognition software, the ICO’s damning audit of the UK Department for Education’s data handling (recommending 139 improvements, 60% of them urgent) or the University of Michigan’s new report finding facial recognition technology to be discriminatory, inaccurate and a threat to human rights should act as ‘cautionary tales’ showing that powerful technologies, when mishandled, can cause real harm.
Most countries do not have proper data protection regulation….yet
Only 66 % of countries have data protection and privacy regulation, whilst only 43% of lower income countries do. Whilst there are promising signs in the EU (GDPR), India (DEPA), the US (COPPA) and Africa (Malabo Convention) there remains a long way to go. The African Union’s Malabo Convention on Cyber Security and Personal Data Protection, for example, has only been ratified by 8 out of 54 African countries.
New laws may not need to start from scratch, but build on existing principles
In Europe at least, the underlying principles of the data protection laws have remained remarkably constant overtime - for instance, the EU’s GDPR (2018) is based on the EU’s 1995 Data Protection Directive, which itself can be traced back to a 1981 Council of Europe Convention. Similarly for African countries the Malabo Convention may provide a blueprint for national legislation. On the up side this may mean lawmakers do not have to start from scratch. On the downside, the fact that these laws are not yet in place may mean that it is not the complexity of the law that remains a barrier but other political or regulatory factors.
‘No laws’ should not mean ‘anything goes’
EdTech firms should hold themselves to the highest standards of privacy and data protection whatever the laws. The absence of an up-to-date privacy law should not mean ‘anything goes’, and providers should be pragmatic and responsible rather than waiting for regulation to tell them how to act ethically.
The world is waking up to the issue of EdTech and governance of children’s data
As technology becomes more powerful, there is a great responsibility to ensure that children are kept safe, and their human rights respected. But the risk may not be so much in the technology itself, but in who is providing it and their motives for doing so. For example, many dedicated, innovative companies are using EdTech to reach the most marginalised children (such as the EdTech Hub’s new partners eKitabu, Rising Academies and Learning Equality) at a time when education is in crisis. On the flipside, multiple lawsuits against Google’s education technology projects show the potential dangers of education conflicting with the interest of companies whose business model relies on the sale of personal data for profit. Significant regulatory action and court cases such as those in Sweden, Kenya (Huduma Namba) and India (Aadhar) show that governments themselves, when unconstrained by proper regulation, risk abusing human rights through the misuse of children’s data.
There is much to be done and it’s time to get moving…
There is growing concern about the need to protect children’s privacy and data. International efforts are underway to agree global standards for the governance of children’s data. But more work is needed. National governments can strengthen and enforce legislation. EdTech providers can get ahead of the curve and hold themselves to the highest standards of privacy and data protection without waiting to be told to do so in law and schools, parents and communities can understand, and stand up for, children’s right to privacy and train themselves in how to protect children’s data.
Written by Sam Wilson - Education Lead at Wyeside Consulting
With thanks to William Wilson, Gemma Rawlinson and Philip Moser