Government Plans for Children's Data

Show Notes

Children today are growing up in a world where almost everything they do leaves a data trail. From the apps they use, to the schools they attend and the healthcare they receive; data is being collected, analysed and increasingly connected and shared. But at what cost?

Recent Government proposals mean that this question is more important than ever. The Schools White Paper and the Children’s Wellbeing and Schools Act 2026 have major implications for children’s privacy; from age verification to plans for a “Data Spine” to link information across the public sector.

In this podcast, we analyse the Government’s plans for our children’s data, discuss children’s privacy in the internet age and the role Big Tech is playing in the collection storage and analysis of all our data.  We ask if the government is simply trying to do a better job of protecting children or if it is quietly building a surveillance system which will impact all of us. 

Ibrahim Hasan is joined by Jen Persson, Director of Defend Digital Me,  a not-for-profit organisation that advocates for children's privacy and digital rights in UK education and the wider public sector. 

Please note that this podcast was recorded on 11th April 2026 when the  Children’s Wellbeing and Schools Act 2026 was still a Bill going through the final stages of Parliament. The Bill received Royal Assent on 29th April 2026.

Useful Links

Phaselaw

Defend Digital Me

No2ID

GeneWatch UK

The Data Justice Lab

Med Confidential

US Teen Social Media Addiction Case

DfE ICO Reprimand

NHS Palantir Deal

Weapons of Math Destruction by Cathy O'Neil

ADRN Ipsos Mori(2014). Dialogue on data: Exploring the public's views on using administrative data for research purposes

Evaluation report of the children missing education database pilot (Wales) 2025-26 

This podcast is sponsored by Phaselaw - a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn't designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the World are using it to cut response times from weeks to days.

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment.

Transcript

Ibrahim Hasan 0:06

Welcome to Guardians of Data, the show where we explore the world of information law and information governance. From privacy and AI to cybersecurity and freedom of information. I'm Ibrahim Hassan. In each episode, we speak with experts and practitioners to unpack the big issues shaping the IG profession. Children today are growing up in a world where almost everything they do leaves a data trail. From the apps they use to the schools they attend to the healthcare they receive, data is being collected, analyzed, and increasingly connected and shared. But at what cost? Are we simply trying to do a better job of protecting children, or are we quietly building a surveillance system? And what does that mean for the privacy of the next generation? Recent proposals from the UK government mean that it is more important than ever that these questions are debated. The school's white paper and the children's well-being and schools that have major implications for children's privacy, from age verification to plans for a data spine to link information across the public sector. In this podcast, I'm joined by Jen Person, Director of Defend Digital Me, a not-for-profit organization that advocates for children's privacy and digital rights in UK education and the wider public sector. Jen also contributes to the Council of Europe Digital Citizenship Working Group on AI and education. She has authored multiple publications on the state of data, biometrics, and data policy in the UK education sector. Let's jump in. Hi Jen. Thank you very much for joining us. I'm really excited about this conversation.

Jen Persson 1:47

Thanks for having me. I'm glad to be here.

Ibrahim Hasan 1:49

So, Jen, you're the director and founder of Defend DigitalMe. What inspired you to set up the organization?

Jen Persson 1:56

Just over a decade ago, we were at the point in England where it was all across the media that the national government at the time was going to extract all of our medical records from GPs and take them into a national database to use pretty much as government found fit, and we weren't going to get any choice over it. And a little bit of personal data to give away on a privacy conversation. I'm the daughter of a retired GP. That struck home for me. And I thought, no, medical confidentiality really matters. And I disagree with that. I want to find out a bit more. So I got in touch with the then organization Med Confidential, who were civil society campaigners at the time, making sure that everyone knew what was going on about their health records and how we could take back some of our agency and make decisions about it, what we could do about it, and say to our MPs, no, that's not what we want, and what can we do? And they made the change that we got to have an opt-out. And uh that made all the difference. And uh they then spoke to me as I was quite engaged about the issue at the time and said, Well, look, nobody's looking at what happens to our children's records and education, and we have just been doing some work on that ourselves, but we're focused on health. Why don't you go never look at education? And so, to long story short, I then started to investigate at the time because I had three children who had just started school, and nobody had told me anything about how their personal details, when I gave them to the school in the admissions process and gave them to the school for the purposes of attending school daily, as I thought I didn't know they were going to go to the local authority, to go to the national government, or to go to other third parties in fully identifiable format, that they would get my entire record. I somehow assumed the government would get statistics and aggregated data, but no, they actually were building up an individual profile of each of my children. And I wasn't particularly concerned about at the time, but I was concerned that I didn't know about it. And so I dug a bit into it and found that there was very little information in the public domain, but that there was a thing called the National Pupil Database. And this was where 25 different collections of data from schools in England were getting sucked up into the National Department for Education and put into this one department database. And then I, through the process of lots of freedom of information requests and some supportive MPs questions, started to get information put into the public domain that should always have been there, that should have been transparent from the start, that this database existed, how many records were in it, what it was used for, where it was going, and all of the questions that data professionals really deal with every day. And I asked my first subject access request. I asked the department to give me a copy of my children's records that they held, and they refused. And that was the start of a process of 10 years engaging with the Department for Education to try and make data safer, fairer, and more transparent, and get change over how our national pupil records are managed, and data is managed now across the entirety of the public sector and the state education system. And that's where we got to today.

Ibrahim Hasan 5:08

So your interest started off with medical data and then moved on to educational data and having a personal interest, similar to my experience, really, that when my children started school, when you asked questions, you found that even the school itself didn't know where the data was going and who was going to have access to it. So that's interesting that we share the same experience and inspiring that that led you to start a campaign. And here we are today. So, Jen, when I was a child, similar to yourself, I'm sure, we had real friends, not online friends. We went out, we played real games, and sometimes even got into some mischief. Nothing serious, I'm sure. But now kids are living their lives online from a very early age through smart toys, online games, and social media. I read a recent survey which said that one in five UK internet users are under 18. And of course, all this online activity leaves a data trail, which somebody somewhere is using, analysing, and sharing for all sorts of purposes, some good and some not so good. So I want to ask you: should we be concerned about our children's privacy, or is it just the price of living in a connected world?

Jen Persson 6:23

What a good question. And of course, privacy means different things, different people. But I think everybody agrees that there are some situations and data relationships between individuals, communities, and organizations that they expect to have kept confidential. And that's a difference. I think what a lot of people fail to grasp about data protection law, that your audience and listeners will probably be very familiar with as a problem, is that data protection law, of course, is permissive. It's about enabling the data flow between individuals and organizations for lawful purposes, which need to be set out in law, and you need to pick one of your lawful bases to do it. But it doesn't necessarily protect privacy and it doesn't necessarily protect what people expect about how their data are used. And of course, it's all over the media right now. How big, bad tech are the villains, and they're collecting all of this information about you and particularly your children, seen through the lens of children, everything seems more urgent, more harmful, more fearful. And that gives people an impetus to act. The challenge is that sometimes at the moment they're acting without either thinking or really understanding the implications of what they're proposing, and very often without a very good evidence base, or indeed any at all, for making good policy decisions. And so some of that law is being formed on very, very precarious grounds. And we've found with some of similar decisions in recent years that they don't stand up. And of course, these companies that we interact with on a daily basis, and I think we can't make that distinction anymore between, you know, we used to do this offline, now we're online. You simply live your life. And some of that is uh through digital tools, and it enables connections in real life as much as online friends. Um, we're obviously speaking to children and young people's organizations at the moment who are talking about how, you know, friendships and gaming and connections between children are enabled online and in the digital environment, which are real people and they're real friends, they know in the classroom, but they enable those friendships out of hours, you know, when they're not uh together in person to be able to chat to each other or play games offline. And so there isn't that distinction anymore. I think where there is something that we we don't really understand properly yet as a general uh theme in the public is it's not just about information that you think you actively hand over to an organization or that they actively collect about you because you've had a profile. So say your child has decided to sign up for a popular gaming app and they need to sign up and get a profile. And so they they log in and they'll have to give an email address and a name and perhaps a pseudonym and pick an avatar. And that you think might be quite reasonable. Now, if they're under 13 at the moment in the UK, that will also mean that you probably have to hand over information as a parent as well, because you'll be asked to meet the minimum requirements of Article 8 in the UK GDPR, and that means giving parental consent or really permission. It's not really a consent basis at all. But actually, what you don't see is that many of these companies then do behavioral tracking about how you use the app. And so your child isn't just to them a user with a pseudonym or a real name, possibly a date or a month or an age of birth, and you know, an account name. They're actually tracked from when they log on, how they log on, what type of machine they're using, what type of computer it is, is it a phone? Uh, what times of day do they use it most? How long do they spend playing? And all of that metadata, those small bits of information, are be collected and traded around the world all the time by these massive international data brokers. And I think people and MPs are sort of starting to get a bit of a handle on some of that. But that world, which is for the most part enabled by ad tech, so to facilitate advertising, is the thing that I think has got some members of the House of Lords really riled up and seeing that it's because the things going on that we don't see in the real world that are being done to us that we're being given perhaps uh differential pricing. We're being offered, you know, two different people can be offered uh two different prices to buy the same train ticket or whatever else it might be online. And it's because uh that's just an example, it's not necessarily a real one, but just to get a handle on it, you know, because your patterns of usage, the types of equipment you're using, who you look like to the company can suggest that you're a wealthier person than somebody else. And that might mean you get charged more. And so those kind of things, that kind of discrimination online, I think is what gets policymakers uh starting to look at these kind of big uses of data, big data, big tech. But it does mean they then conflate all of that with every other small company that might be using the internet. And I think that's where we get back to the question about how is this necessary and proportionate types of lawmaking when we're not dealing with the meta and the big ad tech processing world that everybody seems to be concerned about, but actually just talking about everyday transactions in everyday life, the small interactions with small businesses.

Ibrahim Hasan 11:37

So I suppose there is a trade-off between living in a connected world and the data that we have to supply. But at the same time, it's about ensuring that the public are fully educated, that it's not just about their or their children's privacy, but it's also about what implications all that metadata has in terms of other services that they use, as you mentioned, discrimination, uh, you mentioned differential pricing and everything else as well. So the collection of data, whether it's about children or adults, will have an impact on other aspects of their life, not just on quote-unquote pure privacy.

Jen Persson 12:18

Yeah, I think privacy is often given a bad name in abstract terms. And I think we should almost abandon thinking about that in that way. What you do to my data, you do to me. There is no real distinction anymore between your online and digital life and your offline life, as you said at the start. So whatever you know about me through my digital footprint, you know about my real life. Now, part of the problem with that is you only see part of it. And some of those little pieces of pieces of children's lives in particular can be seen through a particular lens. And I think sometimes for the children affected, we we worked with a youth group in Hull, for example. We produced a report looking at how data policy and data was used about children, and particularly the language that's used in national data policy around children. And we talked to children about what they felt, how did their data and their data usages, you know, make differences in their lives? And they said one of the problems interacting, for example, with public services is that then they don't get a voice themselves. And the services they're interacting with are taking the data instead of speaking to the children. So the datified child is the one that has the interaction, but the actual child doesn't know about it. So you could find that decisions are being made on partial data that are incomplete, inaccurate, or out of date. And that person is having something done to them in their real life based on that data that actually shouldn't be being done at all. And we see time and time again cases of that around the world. If you look at, for example, the most serious misuse or abuses of those types of information, it's actually in abuse that happens to children, which is an awful and really urgent uh social issue that needs solved. But it isn't solved through using, for example, big data and AI and predictive pattern matching. You see um lots of case examples in the writing, for example, of Virginia Eubanks, or uh looking at uh book uh Weapons of Math Destruction by Kathy, whose last name I've forgotten, we'll look it up later. I'm sure we can put a link to it and uh and afterwards. But those kind of you know, case examples in the US are are only backed up by by work here. So if you look at uh Cardiff Data Justice Lab, for example, they've got lots and lots of examples from the public sector of miss or abuse of people's data about things like universal credit, DWP, who of course is a department that's already been to courts and lost about how they were using algorithms. And so we've got this sort of story and data that's being told about your life, but it's actually much more important because it ends up being what's done to you in your everyday life. And I think that's where we need to get more of a better, not just awareness, but actual call to action about what we do about that, because it's so important that we don't see some of these things as a tick-box exercise. Well, fairness means I told you that we were going to process your data. Well, it doesn't mean anything to that person if that's what they understand from it. Well they need to understand is what are those impositions being made about them as a result? What can they do about it if the data is not correct? And how can they see it? And that's so important. And we found that with education records is that because nobody knows this data exists, nobody's making subject access requests. And actually, that's then used to say, well, we don't need a subject access request process. And we go a bit full circle there.

Ibrahim Hasan 15:31

You mentioned that politicians are starting to catch up. There have been a number of political developments in this area that I want to focus on, starting with the children's well-being and schools bill, which is currently going through parliament. One of the proposals is a unique single identifier. The government says a consistent identifier will allow those responsible for the safeguarding and welfare of children to better join relevant data and identify children who will benefit from additional support. So by introducing this single unique identifier for children, we're going to get faster information sharing and no more uh misunderstandings about data sharing powers, especially when it comes to the public sector. Sounds like a great idea, Jen.

Jen Persson 16:16

Everybody wants to keep children safe. I mean, apart from sometimes you get people having really interesting discussions about what a safe mean and why uh actually children having no ability to be able to go up outside and climb a tree and fall down actually makes them less safe. But that's a different discussion for another day. I think the important thing in the children's well-being in schools bill is that there is so much going through it that is untested and unevided. So some of our work has been to analyse that as it went through parliament. And for example, the single unique identifier is only part of the data aspects of the bill, but it's very vague. And uh there's been very little actually set down in writing or said in parliament about it. We really had to push hard to get peers or MPs to ask questions about what does this, you know, SUI, the single unique identifier, we'll just call it an ID. What is this ID number going to be used for, and which one will it be? And eventually they came out and said, it's likely to be the NHS number, and we're doing a pilot, and we think it's in Wigan, and uh we'll we'll report back. Well, that was over a year ago. There's been no report back. Uh the only report that has come out about single identifiers being used across the public sector in this way is actually from Wales. And it's not to do with this bill, although there is a connection. So this bill at the very last minute, even that, even less last minute than we're now talking about other things in the bill this week, but relatively recently, we're talking this year, uh, added Wales into its scope. So prior to that, it was a bill for England. Suddenly Wales became part of the scope. So it missed all of the scrutiny stages. Anyone that wanted to ask anything about the impacts, the provisions, the rules for Wales weren't able to because the scrutiny had all been and gone. And the the Welsh uh government at the time was introducing a program to link their NHS numbers, their education records, and including uh education records from private independent schools at local authority level. And they passed laws locally in Wales that were valid for say only a few weeks. So they could go out and grab this data, bring it in, and then the law wore off, which of itself seems like a slightly dubious way of passing law for a very nationally significant uh change of policy. Needless to say, nobody would be surprised to listen, they didn't tell people. So we've taken this challenge to the ICO. We've heard nothing so far, but we do hope the ICO is going to take it very seriously because the failure to tell people what is being done with their personal details from their health records and their education records is very serious connotations, not just for now, but for the future. And if they then, as they did in Wales, join all of this data up. And uh, by the way, the Welsh government has just published a report on it. If you want to go out and find it, it's it was ostensibly for the purposes of finding children missing education. And that's not children who are homeschooled, because the local authorities all have their own register of that already, and they have a duty in law to already collect that, even though the children's well-being and schools bill made a big song and dance about having a new register of home children. Uh, so the uh law then says go out and find these records, match them all up, and find children that they somehow were missing education. Now, you can understand when you see like a state and you see like a government, this seems like a good thing to do. If you look at that through history, there are lots of communities and populations that would say, we do not want a state that can see us and find us and match us up and label us. And there are lots of communities still push back on that narrative. So it's not a given that everybody feels that this is a good thing to do. What we say as an organization is that if you're going to do this, there needs to be evidence-based for doing it. It has to be necessary, proportionate, and it has to be transparent. And at the moment, it doesn't seem to have been any of those things. So we're very concerned about that, which hasn't been the pilot. The lessons learned for it is that it took Wales a huge amount of time and costs, which they remarked on in the findings, and found very little, i.e., they found very few children that they didn't already know about that weren't in their uh databases already, because again, local authorities already have a duty to find and identify and keep on record children who are recorded as not in school or in home education or any other form of suitable education, the children missing education. And those are very, very small numbers compared with children who are in home ed. These are often conflated because the government sort of mixes them up and labels everybody as if the children who are not in school education should be. Uh, whereas it's actually a much smaller number that that is actually uh legally required to be uh sort of tracked as children missing education. Those are not in receipt of suitable home education either. So we've got this sort of trial going on officially in Wigan. We've got a what's been effectively a similar pilot going on in Wales. And what the government's doing now is rushing through this children's well-being and schools bill without really scrutinizing any of the evidence. They won't mention the report that's been found in Wales, I'm sure, this week. And it does mean that we're likely to see a huge amount of work going through local authorities who haven't got the time or capacity. They're going to find a huge data matching exercise if that if Wales's evidence is anything to go by. Find it is terribly difficult, costs a huge amount of hours for very little return, and doesn't bring them much benefit. And so on those grounds alone, you would say you'd be much better targeting public money and services and time to those children who actually need and are actually in requirement. And I think children's social services uh often say that. The Monroe report found the same thing a decade ago, that you're better targeting your public resources to the targeted services and individuals that need it. And these sort of massive data matching cleansing operations don't replace that good old-fashioned traditional human social services that actually bind people together and they know their area and they know their local communities. And that's what we need more investment and safety in. So children's safety doesn't come from big data, in my view. It comes from using information well and wisely in the places and the context that you need it. And that has to be safe and lawful and transparent. And we're missing those three things at the moment in this bill.

Ibrahim Hasan 22:34

And for me, the lack of transparency and scrutiny is astonishing when you consider we've been here before, haven't we? If you remember Contact Point in 2005, designed by Cap Gemini. I don't know if they're still around, costing £224 million to set up and £41 million a year to run. That was heavily criticized for privacy, security, and child protection reasons. It ran for five years and was scrapped by the new coalition government in 2010. So we don't have a great record when it comes to large IT projects and databases doing this country.

Jen Persson 23:09

There isn't, and there is this sort of misperception that socio-economic problems can be solved by technical solutions. And I think we we do prove time and time again, we just unfortunately don't seem to have governments that are able to learn from those lessons learned and take on board what we might do differently. And we're repeating a lot of those same mistakes over and over. And of course, Contact Point had legal challenges as well. And it was found to be ineffective. And I think that's the main thing you have to look at is it's all very well talking about the purposes you want to achieve. But if we know that the technical solutions are not going to bring it, then it's a waste of time and effort to start along those routes. And instead, there are things that we can do with data and technology that help social and political and economic challenges that governments might face. But the ones that we're doing right now don't seem to be it. And what really concerns me about the children's well-being and schools bill is that the minister who was actually talking about this maybe around a year ago in Parliament said already that if this worked, they would see, you know, it could be used for other uses. And so there's already scope creep built into the thinking about this. And in fact, we're seeing little stories of other things coming into white papers and other bills and discussions that sounds like increasingly the Department for Education is seen as a go-to place for all data about a child. And of course, it is the place that children's data is first collected about them longitudinally. You don't just have your health records, which start at birth or pre-birth, but the education records build up over time, probably in a more consistent way than even health records do. And so I have a sneaking suspicion that government already sees the National Department for Education records as a kind of a go-to, a core, a spine, if you like, of national data that could be used for other purposes. And when they've already said it in the bill debate that we could use it for other things, it already tells me we're not thinking about necessity, proportionality, data minimization, and very importantly, purpose limitation. And that principle seems to have gone out the window in any sort of data processing right now. And I'd love to see it come back.

Ibrahim Hasan 25:20

Another provision in the Children's Wellbeing and Schools build will extend age verification. In March, the Information Commissioner's Office published an open letter to social media and video sharing platforms calling on them to strengthen age assurance measures so young people cannot access services that are not designed for them. What's interesting in the bill is that it contains a provision for age verification to be extended beyond explicit content sites to all social media platforms. How is that going to work? And do you have any concerns?

Jen Persson 25:54

Is it going to work? I think is the first question. And what are they trying to make work is really the starting point? And I think the biggest challenge is everybody wants something done and they want somebody else to do it when it comes to children's social media. And I have the greatest sympathy and empathy with everyone involved in the worst of the worst when it comes to children's experiences online and indeed the effects it has throughout their life and as adults and with some adults and for many adults as well. And one of the challenges we have in this space is that those stories are so emotive, so compelling, and often very, very hard to take in the round. And they tend to be uh imbalancing in a conversation in a room where you're trying to talk about what does this therefore mean for social media? And of course, I will say clearly up front, I don't receive any funding at all from social media companies. In fact, at the moment, we don't receive any funding at all. Uh so it's a very challenging time for civil society across the digital sector. But the use of, you know, kind of these big narratives is often seen as somehow nefarious, you know, these big companies out to make lots of money and exploit everyone. I think the challenge is that also then obfuscates what's actually possible with the technology. And we carried out a report and did lots of work interacting with a huge number of organizations, including child abuse survivors and victims and technical experts around end-to-end encryption a couple of years ago. And we produced a report together with Child Rights International Network in 2023, which is available on their website called Privacy and Protection and looking at encryption through the lens of children's rights. And I think it's really important to try and remember those at the forefront of what we're trying to do here, because protection is only one of children's rights, and it does not need to. And in fact, the law and the universal charter, if you like, the UNCRC, the Universal Convention on Children's Rights, really puts all of their rights on an equal footing. And so we need to be considering both participation and privacy as well when we consider protection. And that includes things like freedom of assembly and freedom of speech and freedom of access to information. And these rights are all important as well. So we need to see them in the round. And we need to think what does that mean? And one of the challenges that the government has in this bill is that they put a whole measure, a whole series of measures in. And in fact, only last night, because we're talking on the 21st of April, then the bill passed again in the House of Lords with uh amendments that will make some rather punitive powers available to government to not just change the age at which age assurance is required or age verification is required, but do it through the vehicle of Article 8 in uh GDPR and data protection law, which of course means not just social media, but if they do it clumsily, it means all processing that happens on the basis of Article 8 would be affected. And so that means, in fact, instead of protecting children's privacy and somehow making it safer because they are older and wiser and know what they're doing, all you're gonna do is for those children who at the moment's parents do not need to then also sign up with them to a service because they're over 13, they're between 13 and 16. It means those parents now of children between 13 and 16, let's say the age is raised to 16, now also have to sign up with their personal details as well. So if the aim of that is to protect children's privacy and to have less data about them passed around these companies, it'll do the exact opposite. So that's a problem to start with. But I think the challenge is that the purposes of this are just not defined. And they're using the wrong vehicle, data protection law, to try and achieve a social aim, which is to keep children away from certain social media content. And of course, the online safety act was already designed to do that. We had 10 years almost of back and forth discussions about what that should and shouldn't look like, and almost as many ministers at the DCT and DCMS. And uh Ofcom is uh, you know, tasked with trying to sort it out. And they they just keep getting wrapped over the knuckles by every MP that finds it shorthand to say, you know, we're not doing harder, faster enough online uh with that act. And uh the the cases in the US you raised actually quite interesting because, of course, these huge fines are being imposed on companies, and we're likely to see some of the same happening, although it hasn't yet in the UK. But if we look at that, what's happened in the data protection world, we'll see a sort of mirror of the ICO in the few enforcement actions it's taken with big, big fines. They're finding it virtually impossible to enforce. And so they're either going away and coming back with much smaller actual real amounts that don't hit the headlines in the way that their big, you know, big number did, or they're not enforcing actually anything at all because they're then locked in legal battles and courts and negotiations and appeals, which doesn't serve anybody. And so I really am frustrated and I think, you know, this is going to be a big challenge because what will happen is that we'll be on a slippery slope of MPs and peers being stuck in the House of Lords under pressure from their constituents saying we want our children safer online, we don't like this content, we think it's nasty, we think it's unsafe, we think it's harmful. And that comes from a whole range of people from different reasons for different purposes. You know, whether you're looking at it from the sort of people that are coming from affiliated groups with US sort of evangelical conservative with a small c sort of right-leaning tendencies that say we don't want access to particular information around particular uh genders or LGBTQ information or sexual orientation or or indeed sex education. We don't want our children learning too much about those sorts of things too young. We're taking library books out of some places in the US. In fact, we've seen some of that in the UK recently as well. There's that sort of tendency in some groups, right down to the very ordinary, you know, parents on the street who just say, I don't like them. My child spends, you know, four hours of an evening sitting on their phone, and I'd like screen time to be enforced because I can't do it. And I find that really hard. So, yeah, let's get the government to pass a law that says they can enforce screen time laws, Cinderella laws. And we've seen that South Korea and other places that got scrapped because it doesn't work. All sorts of things are in that bill. You know, we're we're looking at not just age various and age assurance, uh, we're looking at things like, you know, age gating the entirety of the internet. And as a result of that, you're not able just to say they can only go and ask those information of children, but they'll have to ask it of everybody in order to spot who's not a child. And so this sort of lens of we only want children to see this type of content online will actually mean the government can mandate and restrict what content and what lens is used for everybody to see anything online. And I think that's a very dangerous slippery slope we're on if we don't get some sort of proper safeguards and mandates around it and some realistic non-magical thinking about what's possible.

Ibrahim Hasan 32:51

I like the term non-magical thinking because the government misunderstands the provisions and the potential function creep, but also they're not in touch with reality because children are very clever and they're always one step ahead. If they're up to something, uh like my kids, they can get around the restrictions, whether they are physical restrictions or online. And it leads us nicely on to the proposed amendment to the bill, which would prohibit the provision to children of virtual private networks, which can facilitate the evasion of age verification. Now, considering the concerns about social media usage, this on the face of it looks like a good idea, but is it a step too far because it then invades everybody else's privacy, doesn't it?

Jen Persson 33:36

Yeah, and also there's this big misconception about what a VPN is and what it looks like and what it's doing and what it's for. I mean, I was asked recently in the Education Select Committee, is it should we ban VPNs? And you could see that this was a sort of shorthand for should we ban any way that children are able to evade what our parents and what we as adults want them to do online? VPNs are somehow, you know, painted as the big bad villain or some sort of, you know, a man in a trench coat with dark glasses, enabling them to do things that parents don't want them to do. It's simply a mechanism for enabling your traffic, your data communications to be made more confidentially between two points of transfer on the internet. So between your server and somebody else's. And that's pretty much it. I certainly have bought them for my children. I would recommend using them, not only for a confidentiality and privacy perspective. I find it reduces, but some of the advertising and some of the ad tech data tracking and the profiling that will happen about them and because of them. So VPNs, I think, you know, we look at Russia, look at the amount of the laws that they brought in after their invasion of Ukraine, and it was banned to offer and provide VPN services because they wanted to be able to restrict access to not only Russian and Ukrainian, but other foreign media. So lots of, including the BBC's websites and others, to some extent are blocked or banned in Russia. They're not able to have communications and unsafe communications uh networks and try and avoid that, uh, those bans by using VPNs. But of course, the provision is then tries to be to be banned by governments. So, you know, something is very real in that. It's not just a fictional imagination of a what if scenario. The countries that ban VPNs are those that have nation states that say we don't trust our people. We don't trust that you know what you're doing online and that we think you're capable of doing it. And I think, you know, if we get to that stage in the UK, we have lost something intrinsic about our agency and our autonomy and our freedom and our sense of, you know, what makes a person able to determine their own life. And I think if you take that away from children very early, we haven't yet got research on it, but I suspect that that is also a very damaging approach to how you enable children to become confident in independent, critical thinkers and able to have confidence that what they do, not just online, but every decision they make in their life, they can trust themselves and that they are trusted, that they are responsible and that they are accountable for their actions. And if we keep saying we'll ban everything and we'll take these possibilities away because we don't trust you and we think you're somehow going to go off and do something naughty, then I think we're bringing up children with a very, very misplaced sense of who they are in the world and what that will mean for them as adults. So it's not just a technical question. I think this is a deeply psychological, social question about how we we expect our interactions to be managed between families, between children and parents, and how we manage authority and their views of authority are going to be very changed by this if they keep saying authoritarians, decisions made about them by the state, and you know, you're gonna tell me what to do. Well, you know, I remember as a child myself saying to, you know, stop watching what I'm doing, or just leave me alone, or why do you want to control what I'm doing? You know, I think those feelings are still every child has that as they grow up, and they need the ability to have trusted conversations with adults that they trust and be able to understand what the implications of these tech are. So lots of things in that bill are concerning the VPN bans. I mean, it's backing, it's batting back and forth between the House of Lords and House of Commons at the moment. The amendments do and don't contain some of that wording. It really gives a lot of powers to the government to make it up as they go along. So we won't know for sure what those provisions are going to look like until they set them down in law in secondary legislation as we get towards the summer. But we've pretty much got commitments that's gonna be sooner rather than later, that's gonna be before they uh go into recess in in the summer. And that's July. So we're looking out for those. And I think everybody that has an interest in protection of freedoms, protection of privacy, protection of data is gonna need to understand very much what those bill provisions are going to mean in real life.

Ibrahim Hasan 37:50

Absolutely agree with your sentiments, uh, particularly the importance of ensuring that children grow up as independent critical thinkers, especially in the current age of misinformation, of AI-generated slop and propaganda. More important than ever that they are critical thinkers, able to scrutinize, able to ask the right questions. So anything that has an impact on that, I think we should all be concerned about. Let's turn to another recent development, if I may, the school's white paper. There was a lot of media attention about children with special education needs and also children with disabilities. There was less discussion about the technology and data-driven policy and practice areas, especially as how it impacts children. So I want to focus on a couple of these, starting with the data spine. Now, the government says they're developing this data spine to connect and share pupil information across different systems in education. Sounds very much like the NHS data spine, doesn't it?

Jen Persson 38:52

It does. And I think we're not wrong to make that link because the government's talking very much about linking health data and education data. And of course, it's done already for all the reasons you might expect, or the public tends to expect, when they're asked in public polls, for public interest research to benefit the sort of bigger, wider public of medical research. But even then, most of the polls over the last decade and engagement from that was done for the ADRN. So there was ESRC dialogue on data in 2014, uh, polling and work that went out, workshops across all four nations, devolved nations in the UK. There was work done with the Royal Association of Engineers with young people. Everyone did some work, Ipsos Mori and Royal Statistical Society. Lots and lots of polls and information and studies have been done about this. And everyone comes back, including the most recent done by the Department of Education themselves, with parents and pupils asking about whether they want their data used in AI development, for example. We might come to that later. They did that in 2024. And everyone comes back and says, we want to know what you're doing with our data. And we don't trust that you'll do only the good things with it, really, you know, unless you tell us, unless you show us. And yet government seems to say just uh nothing on that. And so when they talk about something being privacy preserving, I'd really like to see their definition of that. Because uh, to me, that's just uh what you might call weasel words. It's just packaging. It makes it sound good. Uh, what actually happens in reality today is the Department for Education takes identifying records and gives them away to thousands of third parties. We have identified just recently, we matched up all split 27 records that the government uh website has about the Department for Education's national pupil database. We linked them all together. There were two and a half thousand approximately releases of millions of pupils' records each time. And those are identifying and sensitive at different levels, and they're all classified, that's in the public domain. You can look at it on the DFE data uh external third-party registers. But as I said, 26 of those are all in the archives, and you've got to take all the different files out and Excel files and link them together, match them and cleanse them and do the maths on it. But uh, that's if that's their idea of privacy preserving, then they can uh, you know, go and uh define that somewhere else, I think, because the data spine has no packaging around what it actually means. They're going ahead with this developing, as they say, in their own words, without any accountability to parliament, without any information in the public domain. We don't know what the full intentions of it are, and yet at the same time, in the children's well-being and schools bill, they're saying we're going to create this unique identifier that will create an ability to link any record we choose, and not only possibly in education and health, but across other sectors. And of course, those other sectors at the moment, the Department for Education already gives away, and you can find this information on our website, information to the DWP. They've been matching it to find benefit fraud, and Schools Week covered that if you want to look up that article. They've been using it, of course, since 2015, although they swore blind, literally in a room that we sat in. They said we will not use these data for immigration enforcement. And we got the FOI back the very same day showing you the importance, critical importance of freedom of information in this country, which must be defended and is under attack right now in government, showing that there was actually already an agreement between the Home Office and the Department for Education that had word for word in it saying these are the data we will share across the departments and nationality once collected was listed 15.2, paragraph 15.2. So I don't trust at the moment anything the government says in public. And I certainly think anything that's in woolly packaging like privacy preserving needs a lot of scrutiny. And as you can tell, I'm quite passionate about this. But I I really feel strongly that government is very keen to take data out of systems that people do not give to them for the purposes that the government intends to reuse it for. And this is secondary purpose repurposing of data, which to my mind is incompatible for the purposes it was collected. You collected it because you wanted your child to go to school and get an education and for nothing else. And if they are repurposing that, they need to be able to prove to the ICO and to everybody in the public why those purposes are compatible. And they should be following the minimum principles of data minimization. And instead of having a database of 28 million identifying records that they can give away willy-nilly or pass around any other services without oversight, they should be looking at what data minimization means. And the ICO needs to be enforcing from the 2020 ICO DFE audit what they found. And we don't know what they found because they won't release that audit. So if anyone wants to make a freedom of information request and ask the ICO to release that uh 2020 audit to them, it might encourage them to actually, you know, think there's this is in the public interest. Um, and we don't mean that just because the the public is interested. It is genuinely a matter of national interest how this database is being built. And if the data spine is now some sort of integration mechanism that the Department for Education is going to be used to not only share children's data, but because A child grows up and ages, and the department never deletes the data. It's an adult database. It's a database of everybody that's been in the country, now named since 2002. So anyone that's around roughly 48 or so, you'll be in this database if you were state educated. You could make a subject access request to the Department for Education and ask to see your record. And some of your audience might be the very people that would get the best results because you'll know the questions to ask. And we need to find out how it's being used. Is my record being given away to who? Who's got it now? You know, have they still got raw copies? Are they still keeping it? Are they passing it around for something else? And all of that's very opaque. So when the department can put that information into the public domain, I think then they might have the position to be able to say, we are going to do something that's privacy preserving, that's new. Until that point, I want to see a lot more made transparent about this data spine and what its real purposes are.

Ibrahim Hasan 44:53

Thank you very much for that. Uh, Jen, your passion really comes through. And as a result, many of our listeners will be interested in making subject access requests and um all power to them. You mentioned on a number of occasions breaches or questions should which should be asked in relation to the UK GDPR. Of course, we have a regulator, the Information Commissioner's Office. Do you think they should be playing a much bigger role in terms of scrutinizing these provisions?

Jen Persson 45:21

The legislative scrutiny that we've seen has been dire. I don't know, though, whether that has or has not included the ICO. So to be fair to them, we have not seen what interactions they've had. I can only give you another example. A couple of years ago, the Department for Education decided it was going to take uh all the named records out of the school's information management systems in real time. They were going to collect twice a day from every school's management system to know what attendance was. Now, they already had attendance data that was collected in the census retrospectively three times a year. So every term there's a school census. So they had that data. Why do they need to know it in real time? We were not made clear. And it certainly wasn't made clear to schools who basically were kind of encouraged with a big stick to sign up. And the Department for Education did engage with the ICO, but only after they had started sharing or collecting the data. And we only knew about that because we made a freedom of information request as soon as we saw this process and policy announced in the public domain. And Schoolsweeks did some investigation as well. But we found the ICO had had plenty of correspondence with the Department of Education and that they had severe and substantive concerns about the process. They were most concerned that not only had the Department for Education started collecting this data without really explaining it to schools, certainly hadn't explained it families and children, it was about, but they've been using the ICO's name to do it. They'd packaged the marketing to the schools as we have engaged with the ICO and we're going ahead with this program. And the ICO's emails show that no, you didn't. So I think that's a really significant thing that we need to not just laugh off. This is really, really a big problem at the moment in data, what's called sharing, it's actually using, you know, taking and reusing without our permission and without telling anyone. And these are policies that are being made behind closed doors. They're not being transparent, not just for the people that the data are about and where the data are coming from, but they're not being transparent with parliament either. And so, unless you have organizations or committed individuals who want to go and ask these questions, nobody would be any other wiser. That's a very bad starting point for things to go very badly wrong when you have a punitive government in power who decides, let's look to the states, that they decide they don't like certain nationalities or people born in certain places or certain ethnicities. And they literally have people design the squads to go and round them up on the streets. Now, this is not making this up. This is not things that we've just read in Margaret Atwood. We are seeing this in real time on our news coming from the states. We need an infrastructure in a data information management system that's about people in this country, that is robust enough, that has safeguards in place, that stands up to that kind of political change. Now, we don't know what will come in the next five years or the next 50 years. We don't know what infrastructures will be built and information management systems are only likely to become more and more porous as we find not only more data has been collected for longer, but the technologies available to process them, like AI, become integrated at every level of government. And it's basically the layer through which everything will be managed. And those systems don't need you anymore to hold the database. They'll simply be the agent that will go off and find that data held by other databases. And you'll find you will have a government network of information that sits everywhere that we already know databases are linked sometimes physically. The DVLA, policing, home office, police national computer, the intelligence database as well as the criminal database that police hold. The NHS, education records, uh, your DWP, your welfare records, and also recent law that was passed to allow government to reach into your bank account if you're on universal credit. We are getting more and more networked data infrastructure in this country that isn't robust, that we only have policy being made behind closed doors that we don't see into. And we have to design those systems with the safeguards in place, as if it was the worst of what we might imagine it would be used for, so that it can be used for the best of what it could be used for safely and well and productively and for the benefit of everybody it should be. So, yes, I think there's lots of things we need to be doing differently about that.

Ibrahim Hasan 49:45

And as you say, we only have to look at what's happening across the pond, how data is being used to enforce right-wing policies and think what if we get such a government, then they could use this very same legal infrastructure to carry out their agenda, and there would be nothing we could do about it because it would all be perfectly legal. And what also concerns me is the way primary legislation is passed with very little detail, and then with the wave of a pen, the Secretary of State can put the flesh on the bones, as with all statutory instruments, they don't have the same level of scrutiny. You mentioned previously AI. There's been six mentions in the school's white paper in relation to AI. One quote which caught my eye was where the government says they want to work with industry, particularly with frontier labs, and they mention Google DeepMind and OpenAI, who are already working with government on initiatives designed to develop sovereign solutions to the UK's hardest problems. Now, these companies, Google DeepMind, OpenAI, should I even mention Palantir, they're not without controversy. 2017, the Auncio ruled that the Royal Free Hospital failed to comply with data protection legislation when it handed over 1.6 million patients' data to Google DeepMind. So can we really trust AI companies with our children's data or indeed with our data?

Jen Persson 51:16

It's an excellent question because, as I said, I think this is not a passing fad. I think there's a tendency for people to think Chat GPT or large language models are just something that you know is going to the uh the stochastic parrots, the things that just repeat back text that they just ingested lots of data and copyrighted or otherwise uh content will never actually become something uh more important, more substantial. But I think we have to look at the government's agenda and as Keir Starmer has said, to mainline AI into the veins, his words, of the uh the state infrastructure. And when that happens, we will have systems that the government does not own and therefore does not directly control these uh technologies. And if we have agentic systems, arguably the companies don't necessarily have the same level of direct control uh over what they might do as they would if a human uh officer was sitting at a desk and pushing data through a system and can view it all the time in real time. So if we have, you know, these three companies, Google DeepMind, OpenAI, Palantir, have one thing in common, amongst probably others, is they're pushing huge amounts of data through their system. Now, we will work with industry, we will work with any political party, you know, and not so in terms of we are non-partisan, is what I mean. Uh, I mean party with a small P. And so we don't take a perspective on this of whether this is right wing, left-wing, or any political agenda. But I think you need to read uh only this week Alec Carp's own agenda around what he thinks the vision of the internet and these big data systems should be, to see what the vision and values are that some of these CEOs permeate through their companies. And if you look at the other big player in this and his famous quote, you know, Peter Teal, who was said, you know, he no longer believes in democracy. And if you read his, I think it was 2012 article that he wrote at Cato about that, it was essentially saying he thinks these systems and companies in the information network society are too big for governments to handle anymore, that we are beyond democracy. It's not that he didn't believe in the principle, but that he didn't believe that it was actually possible in practice. So, what do you see instead? You see these big CEOs becoming essentially state-level, nation-level players. Sam Altman and other CEOs are welcomed into government meetings. We've got venture capitalists like Andresen being welcomed to breakfast meetings at D Cert. And you can understand it. The government is desperate in a country that's been broken through pandemics, broken through breaking off ties with our biggest trading partners across uh the English Channel and really struggling for economic growth. You can understand why governments of any colour might seek to make these technology solutions and easy answers, as it looks like, you know, the route out of economic challenges for the country. So the fact that they're talking to these people is of itself understandable. The problem comes when it's starting to steer the agenda for the country, indeed, how we make sure that is genuinely in the long-term public interest and not in this effective altruistic sense of long-termism, but actually the the interests of the UK public that uh we share in terms of wanting to get on with our lives in a framework of human rights and democracy and rule of law and being able to get on in our communities and do what we do on an everyday basis. These things are going on now at nation scale and they're also linking up globally. So I think we certainly need to think about and contribute and take part in discussions. I don't think we need to worry about it. I think worry is an unproductive feeling to have in this sector because we don't channel that in a way that's productive. If we allow these companies and the narrative they spin, which is often about these tools being existential threats, being about the end of humanity, even you know, Ian Hogarth sort of kicked off some of the government's thinking when he said it was god-like. You know, they use these narratives and myth building and somehow all-powerful, all-seeing, as Palantir was even named after, tools, as somehow being something that therefore the government must act. It gives them a sense of urgency. They have to do something now and they have to do it urgently. And that reduces the ability to have scrutiny and the ability to involve and be inclusive in other communities and other populations and civil society and representatives of groups with disabilities, groups with mental health focus, groups with different minoritized groups, and what these technologies and data that tend to flatten out any anomalies in the data. So they norm data and they profile communities and they profile their data, singling out people by characteristics. And what that might mean could be really impactful for those minoritized, you know, third sector representative groups. And those are the very people that the government does need to be spending more time with when it's thinking about AI, because we are certainly the groups that are the probably most affected and will be those that feel its effects first. And we're seeing some of that, as I said, in some of that work that Cardiff Data Justice Lab has already released about the UK, some of the legal challenges that we've had. And certainly the track record that some of these companies have, as you mentioned, Google Deep Mind. I mean, they've met on record, I think, with the ministers at DSIT, uh, you know, several times. Uh, they've m met with the Department for Education, you know, more than more than average of any other company in the last five years. And not only are they interested in education records, they offer services to free or a very low cost to schools. We were told by one of their staff, you know, their senior executives, only a few years ago in a meeting, the reason they offer Chromebooks and some of these services to schools for free is of course, so that they have children who then become Google-liked, you know, employees. They want their Google experience to continue into the workplace and that they will go to companies that have Google, that therefore obviously employee enterprise products, and that that's their market base. So they're really, you know, buying this sort of captive market by getting into these sectors in the public sector for free. And I think the government really isn't asking at what cost? Who does it cost for these services to come into the public sector for free? And yes, you could look at it from data perspectives and say, well, you know, Google then has a huge amount of data about our children that we don't know about and we don't get to control. But I think it's more about what does that tell them? What are they learning about our public sector and our systems that really matters? And so if you've got, you know, Palantir or uh companies walking off with huge amounts of, or even just the ability to process the huge amounts of information for virtually free or for a pound. I think it wasn't the case of Palantir, what's in it for them? And I asked that question at Google Deep Mind at that very scenario you you raised, you know, over a decade ago, when patients were very worried that their records had been given to Google Deep Mind by the hospitals. And they tried to package it in all sorts of terms, like, oh, it's research. And then they realized, well, it's not research because we're we're delivering a product in real time. And then they tried to say, well, it's direct healthcare. And then they realized, well, the hospitals have given them lots of patients data that's not, they're not in the care of their hospital. They've already left. And so it turned out that all of the lawful bases they thought they had didn't really apply. And that was why they got a wrap over the knuckles from the ICO as a data processor. But it was the hospitals took the, you know, you've been doing something unlawful hit as controller. But really, we need to be asking Google's not daft. You know, they they're a big company. They've got access to the best, most expensive lawyers in the world, and I'm sure they do employ some of them. So if they're getting things wrong in data protection law, is it because they really didn't know? Were their data protection experts so much worse than probably most of your audience listening? I don't think so. But I think they're working around these laws in ways they know they can push or can get past, and with a very receptive audience, a government that really wants to have these companies embedded, as they said, you know, mainlined into the veins of the public sector's infrastructure. And we need to ask what the safeguards are, what the transparency is, what the uh rights of redress are, what the break clauses are in procurement, even at local level. How do we know that what they say they do is what they actually do? How can we trust that therefore we build up a trustworthy relationship with these companies? And they're not just going to change their terms and additions or be bought out by another company tomorrow. And that applies to companies of any scale, whether your staff, you know, are working in a hospital or a local authority or a school, you know, with just a small ed tech company or uh these big VMoths like Google.

Ibrahim Hasan 59:55

I agree, Jen. And we should, like you say, all be asking these questions. We can't just leave it to the politicians. And the tools are available to all of us, the tools that you've used in terms of GDPR subject access requests and the Freedom of Information Act. We had Maurice Frankel on recently to talk about 20 years of the Freedom of Information legislation. I think we're quite lucky in this country that we've got that legislation. It allows us to ask the difficult questions of government, to see internal documents, to see internal discussions. So we should all be getting involved in the debate. Jenny, it's been a fascinating conversation. We started off looking at children's data and the proposals within the legislation, but we went on to an even more interesting discussion talking about the role of big tech in society, in our government, the nature of democracy and geopolitics. So I've really enjoyed the conversation. So thank you very much for your time, Jen. Finally, if I may, are there any other campaigns or issues that you're working on which you'd like to draw the attention of our listeners?

Jen Persson 1:00:59

Oh, that's a great question. Thank you. Well, I mean, there are lots of groups doing lots of great work in the sector and across sectors at the moment. I think if data protection and freedom of information officers are able to understand why that work is going on, that some of this type of questions that are being asked are not to be a nuisance. They're not to take time away from public authorities. And that, for example, when I use freedom of information requests, I do it very consciously of the time and cost it will entail on the other side. But I always make sure they're in the public domain and make sure that the information we get back is there for everyone to benefit from. And that is the purpose of freedom of information. It is that we understand the state works for us, not the other way around. Even if you do work for the state as a civil servant or as a data protection officer, the state is there to serve the public interest. And we need to make sure that the public is being served in the ways that we expect. And that includes, so for example, when I make a freedom of information request, I make sure it's in the public domain. I make sure that information goes back to serve the public. And I think that's what we need to remember, whether we're working as civil servants, whether we're a data protection officer working for the local authority, we're all there to serve the public interest. And that means that we make sure things are transparent, fair, scrutinizable, able to be accountable. And it's only that accountability that is the function of freedom of information and data protection transparency that enables us to balance out some of the power that the state otherwise has to influence your life and to intervene in your life. And this is not some sort of scaremongering or conspiracy theory, you know, trying to be looking at the big bad state, not at all. But it's just recognizing that when you are a busy, you know, everyday individual, working parents, you're trying to manage perhaps welfare payments or three jobs or your bank account and your children's school life and perhaps caring for an elderly relative, you haven't got a lot of time or capacity or the knowledge to be able to understand how these things work. And so being in a position where you've got an ability to serve the public really means you support their understanding of how their lives are being impacted by the state. And therefore, that sort of role that the state takes on to say, how much power do I have? How much power can the state impose on me without me having some sort of say in it? So I think it's really critical at the moment that the tools like freedom of information and subject access requests and transparency registers are upheld and that we really champion those and make sure that we don't see them as an administrative burden, that actually they are the tools of democracy. And without those, we really risk being in a dangerous place where all the information, all the power that that information gives is not just being given to the state and to a government, but is actually being given to these companies who think they are bigger than states, they're bigger than government, and that their power, their informational power, is something that's not accountable to anyone and it's not democratically controlled. And so we play tiny pieces of uh, I think a jigsaw in that, in that role of making sure that that big picture of that data landscape is uh safe and secure for everyone. But I think at the moment, the crux of what government is trying to do, both in the children's well-being and schools build around this single unique identifier, but also in the other piece of legislation that is outside necessarily our remit. But the consult, the consultation about um national ID is open at the moment. And uh government is looking to bring in a digital ID for everyone. And people shouldn't be confused about that and think the messaging around not being compulsory would mean they wouldn't have one. I think it's really important to understand the digital infrastructure is still going to be there for everyone. If you have to have it available on demand for those that want one, you have to have it available on demand for everyone. And so all of these things we've been talking about, where the state already has data infrastructure, databases that know something about you, would be the place that that new digital ID would be stored on. That spine of information that's your core record that says Gen Person has this digital number behind the name would be part of every record about you, about this that the state can access. Or indeed, that these in you know, in future, these uh uh data-based and APIs and agentic AI and so on might well be looking for to join information up. And that uh program and uh how that will work around national ID, I think is critical to scrutinize right now, respond to in consultation. And the organization that is best placed to ask questions about that is no toid. That's the original campaign. Watch out, there are some grifters out there who are trying to use the same sort of names, no to ID or no ID campaigns that aren't the original. But the website that belongs to this organization is no toid.uk, and that's no with a digit to id.uk. Um And they have the latest information on really what's going on with that program and policy and campaign. And I think understanding that there is, you know, a drive at the moment across both government and beyond government, those who want to govern us that don't actually aren't elected, that are working hand in glove with government because it benefits their company bottom line, are after everything they can get right now. All the data in the world should join up into their databases. And I don't say that lightheartedly. I genuinely, that is the goal of obviously Google to know all the information that's in the world. And what they do with that, I think the next question is what are they working on next? And so the thing I'd probably leave you with is to think right now, our information that the Department of Education controls is all the behavioural information about a child and you as you get older as adults, you know, who you went, who you are, your characteristics, your basic descriptions, and your behavioral data, your phenotype data, what health data linkage would mean. And as Wes Streeting announced last summer, when they start collecting the genotype information about every baby, because they're going to use uh genome uh testing for every child born in the NHS from 2030, he announced last July. Once they collect that data in health and have education records, there are a lot of people who see a very interesting linkage between your genome and your behavioral data and want to be able to then retrofit that to say these are the characteristics that we think can be predicted by genetic data. Now, there's lots of pushback on that, and there are lots of critical analysis, uh, like Ben Williamson and his academic at Edinburgh. There's uh Gene Watch, the NGO, who are very informed about really how these things are playing out. But we have to look at who are the big players in this sector. And it's very likely that some of these big players, including Google, that's just announced its alpha genome project in January, would be very interested in getting hold of that joined up data between genomes and education data. And I think, you know, again, we're not building the infrastructure at the moment that's robust enough to handle that and what those questions that might be asked of that data could be used for. So if we've any way of understanding how those infrastructures are being built right now and making sure that we play our part in questioning not just the data itself and how it's being used, but who sits behind it, where are these companies based? Where are they funded from? What are their value sets? When we're looking at things like procurement, you know, what are we really building into our state infrastructure? Because by building those into our data systems, we build them into our everyday life. I think that's the bit that matters as we we live in this sort of networked information society. We are all information to these companies. And we need to make sure that they they handle it safely and transparently and with our consent. If that is not a lawful basis, then at least with a consensual basis, that we are still self-governing, self-determining, you know, people with individual rights and freedoms, and we have to champion those.

Ibrahim Hasan 1:09:11

Jen, that's fantastic advice, particularly the importance of the work that information governance professionals do and where they fit in into the grand scheme of things. And absolutely, we all have a role to play to ensure that we benefit from new technologies, we safeguard the public purse, we deliver better services, but at the same time, we protect people's human rights and we have a say in the kind of society that we live in and our children and grandchildren live in going forward. We will be putting into the show's notes all the different websites and the reports that you mentioned. And we are hoping to get Phil Boothot to come along and talk a bit more about the national ID and what that entails in terms of our privacy. So thank you very much. Again, it's been a really interesting conversation, Jen. Hopefully, we can get you back once some of these proposals, particularly the white paper, if it makes it into legislation, we would love to continue the conversation.

Jen Persson 1:10:07

That would be fantastic. Thank you so much for having me. There's so much going on, and I really appreciate all the work you do and all the work your listeners do. And yes, we'd love to come back another time. Thank you.

Ibrahim Hasan 1:10:17

That's all for this episode of Guardians of Data. A huge thank you once again to Jen Person for sharing her insights. If there's one thing this conversation makes clear, it's that the government's proposals are really about building long-term systems around children's data. They say these systems will protect children and make sure no one falls through the cracks. But there's a real tension here. The same systems that promise protection increasingly rely on visibility, on knowing who a child is, where they are, and how their data connects. So maybe the question isn't just whether these systems will fulfill their aims, it's whether we as a society fully appreciate the kind of digital childhood we're creating in the process. And whether we're comfortable with the long-term consequences of that. If you found today's conversation useful, please subscribe, share this podcast with colleagues, and leave us a review. And remember, whether you're a seasoned professional or just starting out in information governance, there's always more to learn. And we'll be here to help you stay ahead of the curve. Thank you for listening and join us next time on Guardians of Data.