Building a rights-respecting environment in state education

Jen Persson -


In a world on fire, it’s easy to ask why anything else matters that’s not burning. Until we solve the current crises of COVID-19, conflict and climate (Beasley, 2022), we may well ask if policymakers should address anything in the education environment. But now, more than ever, at Defend Digital Me we believe that to create a better future for children needs a sense of urgency. When it comes to state education in the UK, our vision is of a rights-respecting environment for every child without discrimination, with a high-quality standards framework for an open digital infrastructure that addresses the lack of equity, access and inclusion at local level, and with qualified due diligence in procurement processes assessing companies’ integrity, technical and ethical terms. And this means change.

First, we need a common understanding of what rights we are talking about that should be respected in policy and practice before we consider what the educational environment looks like today. This will allow us to explore which rights are involved where, with whom, and how they would be actionable and respected. Only then can we put in place the mechanisms to realise them.

As people’s interactions with the state become increasingly automated, the UK Department for Education’s (DfE) approach to digital rights matters, not only for treating children with dignity and respect to their human rights within educational settings, but also, as duty bearers, educators must teach in ways that encourage learners to become digitally literate, to flourish in society living with technology, as well as to manage their own use of technology while learning with it.

Digital literacy, and specifically algorithmic literacy, is becoming increasingly important in digital citizenship (Selwyn, 2022) for both learners and teacher training. The questions of pedagogy, design and ethics around the use of artificial intelligence (AI) (Miao et al., 2021) – and the problem of ethics washing as pseudo-legislation (Ulnicane, 2021) – apply broadly to technology in education or educational technology (EdTech) and must be addressed by all devolved UK governments. For every year that policymakers fail to get this right, more children leave school without understanding their digital footprint left behind, and with insufficient awareness of the role of data in our economy, society and daily lives (de Terwangne, 2022).

The right to education

There is a broad worldwide consensus on the importance of the right to access education (UNESCO, 2016). In the UK we hear criticism of other countries that prevent access for girls, for example, but we are yet to solve our own problems of racism in education and barriers to inclusion for children with additional needs or disabilities. The DfE 2022 SEND (Special Educational Needs and Disabilities) review has identified significant inconsistency in how needs are met, but in all the mentions of the ‘right support, in the right place and at the right time’, there is no mention of the human rights of the child. This is a problem where changes are focused through the lens of impact for institutions, such as schools, rather than family or child themselves.

First and foremost, the right of every child to education is enshrined in three parts in Article 26 of the Universal Declaration of Human Rights (UDHR) going back to 1948 (UN, 1948). Later laws build on this foundation. Readers may believe they understand what is meant by the right to education, but what about its wider aims? And is it any different in the digital context? Sustainable Development Goal 4 emphasises the commitment to ensure inclusive and equitable quality education, and lifelong learning for all. States have obligations to provide free public education for children of primary age and access to education into adulthood (UN DESA, 2015).

The European Convention on Human Rights, drafted after the Second World War by the Council of Europe, added Article 2 of Protocol No. 1 to the Convention shortly afterwards. In its interpretation in cases, the European Court of Human Rights (ECtHR) (2021) has relied on the UDHR as well as other international instruments, including the Convention against Discrimination in Education (UNESCO, 1960), the International Covenant on Civil and Political Rights (ICCPR) (OHCHR, 1966a), the International Covenant on Economic, Social and Cultural Rights (ICESCR) (OHCHR 1966b) and, much later, the UN Convention on the Rights of the Child (UNCRC, 1989).

Article 29 of UNCRC General Comment No. 1 sets out to, ‘promote, support and protect the core value of the [UNCRC] Convention: the human dignity innate in every child and his or her equal and inalienable rights’ (OHCHR, 2001). This is about the holistic development of the full potential of the child, including development of respect for human rights, an enhanced sense of identity and affiliation, socialisation and interaction with others and with the environment.

There is no debate in these conventions and articles on whether the aims of education are to deliver knowledge or skills or prepare children for employment for example. The right to education is widely recognised as both a human right in itself and indispensable in realising other human rights (OHCHR, 1999). It is the same universal right, regardless of environment.

What other rights are we talking about in education?

When it comes to which rights are involved in the digital environment, discussion can quickly become reduced to exclusively ‘data’ or ‘child protection’. Instead, the full range of human rights is relevant, and what is needed to respect them in state education must be explored in more depth. 

The right to non-discrimination, freedom of expression, freedom of thought, the right to protection for reputation and from arbitrary or unlawful interference with privacy, family, or correspondence are all challenged in the digital environment in education, often in unseen ways, designed to influence a child’s mood, cognitive or personal development (Alegre, 2017; Taylor & Rooney, 2017; ViewSonic, 2022). This demands‘accurate, nuanced and comprehensive knowledge derived from rigorous and independent research’ (Council of Europe, 2022). And while there are views on how children’s right to be protected from commercial exploitation (UNCRC, Article 32) could apply in the digital environment (van der Hof & Lievens, 2019), the implications for children’s behavioural tracking in education and its use for-profit – such as profiling children’s in-app achievement combined with adTech (targeted advertising tools) to email parents (including caregivers) marketing for products to meet the child’s ‘gaps’ identified by the same company – is yet to be fully understood by the teaching sector or families.

It is noteworthy that it was the UK Human Rights Act (HRA), not legislation about education, that embedded Article 2 of Protocol No. 1 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, ECHR) (Council of Europe, 1950) into UK domestic law in 1998. Sadly, we see threats emerging in planned government reform of the UK HRA 1998 that will undermine protections for children in law. These threats make it harder to access justice through additional permissions stages and narrowing the right to respect for private and family life.

When talking about the rights of the child in education many are quick to reach for the UNCRC, which can mean that the fundamental principles of the human rights of the child (FRA, 2022) are forgotten, or ‘the best interests of the child’ becomes the be-all and end-all of debate. The UK HRA is arguably more important to children in England while the UNCRC remains unincorporated into domestic law, and cannot be relied on in law, compared with Wales or Scotland. However, there is no hierarchy of rights in either the UNCRC or human rights law, and no single right should be considered in isolation.

Human rights are ‘universal, inherent to every individual without discrimination; inalienable, meaning that no one can take them away; indivisible and interrelated, with all rights having equal status and being necessary to protect human dignity’ (Balsera, 2019). No one right trumps another and there is no pecking order of importance:

Where, after all, do universal human rights begin? In small places, close to home – so close and so small that they cannot be seen on any maps of the world. Yet they are the world of the individual person; the neighborhood he lives in; the school or college he attends.… Unless these rights have meaning there, they have little meaning anywhere. Without concerned citizen action to uphold them close to home, we shall look in vain for progress in the larger world. (Roosevelt, 1958)

The educational environment

The delivery of state education is no longer necessarily physically constrained by geography, or differences between the mainstream and alternative, or home settings. It is, in fact, the loss of boundaries between school and home in both place and time that ‘digital’ introduces that is perhaps the biggest change from digital adoption into the education environment. There is no longer a clear start and end to the school day or school setting that a teacher or child can leave and switch off, or where the school no longer has oversight of behaviour now that the school staff and/or EdTech company can see if and when a child is online.

Article 13 of the UN ICESCR (OHCR, 1966b) concerns itself with the wider environment and systems of education, recognising both the importance of enabling access to education and also protecting the fundamental freedom from imposition of its form of delivery. Article 24 of the 2006 Convention on the Rights of Persons with Disabilities (UN DESA, 2006), dedicated to education, recognises the importance of a suitable environment, the most appropriate languages, modes and means of communication, maximising academic and social development.

The education environment, including the elements of accessibility, acceptability and adaptability – common to education in all its forms – is set within the broader environment of a child’s development, rest and play, health and the living, economic, social and political conditions in which a child grows up.

What does the digital environment look like?

Exploring international governance frameworks for definitions of what the ‘digital environment in education’ is reveals that the digital environment in education is interdependent on the non-digital environment. UN General Comment No. 25 (2021) on children’s rights in relation to the digital environment points out that the delivery of its aims first depends on action outside the digital environment. It requires States parties to:

… coordinate policies, guidelines and programmes relating to children’s rights among central government departments and the various levels of government … engage with schools and the information and communications technology sector and cooperate with businesses, civil society, academia and organizations to realize children’s rights in relation to the digital environment at the cross-sectoral, national, regional and local levels.

Thinking of the digital environment as a single homogeneous place may be misleading. The provision of physical infrastructures is controlled by different companies and might not be owned by the educational setting, from home–school messaging communications or cloud-based data storage of information management systems handling millions of pupil records to virtual learning environments. Hardware used might be mobile phones, Chromebooks, iPads owned by schools or families, or servers with access for the local authority, police, research or national databases (defenddigitalme, 2020). What the digital environment looks like from providers’ point of view is increasingly intrusive, with more and more companies accessing or monitoring pupils’ personal devices and using biometrics or bodily data in ‘trait and gait analysis’ (defenddigitalme, 2022). 

While mapping common data flows into, across and out of state education in England in The state of data (2020), we imagined England’s school system as a giant organisational chart. How do organisations relate to one another? Which institutions does a child physically attend? Add to that the digital world children cannot see. Now imagine that 24/7, 365 days a year, every year of a child’s education and long after leaving age (defenddigitalme, 2020). Unsurprisingly, parents believe they have inadequate control of their child’s digital footprint in school (Survation, 2018).

Understanding those interpersonal, institutional and commercial contexts (Livingstone et al., 2019) is key to the next step in understanding what the digital environment looks like. It involves first identifying who does what in each educational activity: the owner of the digital infrastructure, who controls the decisions made in it, and whether a child, family or school staff are actively or passively involved or can access it themselves. Only then can a step in each process be inserted that is the action point for rights. Why someone interacts with the process (i.e., in admissions, daily admin tasks or academic research projects) will determine the infrastructure needed there to exercise relevant rights (i.e., receive information, make an opt-in choice or object, submit an online form).

We see three common features across what we might think of as different territories in the digital environment that overlap to varying degrees across the spectrum of data processing:

  1. The child is actively present or involved in the environment, creates and may view their own data (i.e., directly in EdTech apps).
  2. The child’s offline activity and characteristics are digitised, edited, accessed, discussed or distributed by others (i.e., the administration of attendance, teaching and learning, assessment and attainment, behaviour management, digital safeguarding, CCTV, school census collections by the local authority and DfE).
  3. Pupil or staff data is processed exclusively by ‘others’ (i.e., commercial pupil data analytics, data brokers selling staff details for direct marketing emails, with sending times based on recipient opening patterns of behaviour).

The same information collected during a child’s learning may simultaneously be part of all three. For example, EdTech apps may first process data when a school registers a child’s user profile, the pupil creates data during its use, and then the company uses the behavioural data to show advertising to parents and caregivers (Williamson & Rutherford, 2017).

In The state of data (2020) we identified a vast and growing number of actors involved in education, and an imbalance of power with lack of accountability no longer between only the child, family, school staff and the State, but across this unlimited number of ‘others’ who process both pupil and staff data (see point 3 above).

The exercise of rights

Different digital territories require different features in how to exercise rights. Some will need to hear views or act on input from the learner or parent, and others require transparency to ensure understanding of the accuracy of third party tools, that is, those used in safeguarding that claim to infer radicalisation and create child profiles.

Where a child or parent is actively present in the environment, their data rights that need to be able to be exercised, such as consent obligations or the right to object (Nottingham et al., 2022) or to request a copy of their own data (subject access request), could be made through the same user interface.

Where a child’s offline activity and characteristics are digitised out of sight, to be fairly processed the data controllers must nearly always ensure the child knows it is happening. New mechanisms may be needed to provide information to the child and/or family, receive decisions from them and demonstrate they have been acted on, such as processing in the National Pupil Database.

Where the learners’ or school staff data is created or processed exclusively by others, that is, data brokers unbeknown to the educational setting or learners, it will be exceptional that such processing is lawful and meets the obligations of fair and transparent processing. Better enforcement or new safeguards may be needed to ensure the breach of rights is restored.

From our research, schools are at best inconsistent in enabling rights (defenddigitalme, 2020). While new standards, especially with regards to equality laws, may have been expected after the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 introduction of the Age Appropriate Design Code (AADC), it has not yet created visible change in the education sector. School data protection officers focus on the protection of the institution and less on supporting pupils and their families. Whereas NHS organisations and local authorities that provide social services must have a Caldicott Guardian to advocate for patient rights, this is not extended to education, despite processing similarly highly sensitive data about physical and mental health, or children-at-risk or in-need. While accredited academic researchers may follow recognised and peer-reviewed ethical practice for research in the public interest (BERA, 2018), commercial companies may not.

Despite Article 12 of the UNCRC’s right of the child to express their views, the Committee on the Rights of the Child recognised in 2013 that children are often politically voiceless in decisions that affect them. Children are not adequately heard on data policy about their lives (defenddigitalme, 2021) or represented in the data used for policymaking (Office for Statistics Regulation, 2022). Educational settings can restrict children’s agency and autonomy in non-consensual settings, with an imbalance of power between the authority and child, but this does not remove duty bearers’ obligations to uphold children’s rights.

Children’s capacity must be recognised when considering their rights. It must also take the rights and duties of parents into consideration, as set out in Articles 3, 5 and 18 in the UNCRC, especially since they have a prior right in the UDHR and ECHR to choose the kind of education that shall be given to their children, grafted onto the child’s right to education. This intersection of the rights of the child and parents needs particular consideration when it comes to designing the mechanisms for accessing information, automated decisions to be explained or challenged and choices exercised, such as opt-in to commercial reuse of identifying pupil records or objections.

How pupil data rights are made actionable is already a gap in today’s practice in respecting UK data protection law. Even specific guidelines for data protection in educational settings (Council of Europe, 2020), without enforcement, are not enough to make that change.

The UK government direction of travel in reform of the Data Protection Act 2018 is to diminish rather than design for children’s rights. Despite this, 5Rights and the Digital Futures Commission (2021) proposals for ‘immediate steps to solve the education data governance vacuum in the digital environment’ must be considered both necessary and urgent.


Building a rights-respecting digital environment in education means one founded on human rights, which are indivisible and interdependent, underpinned by the aims of education and principles of accessibility, acceptability, availability and adaptability. It must be made safe and transparent, with genuine choice and agency(Stoilova et al., 2020) to exercise rights as protected in data protection and human rights law and seek redress.

How can it be achieved? First, the DfE must proactively focus on mapping the universal processes in the delivery of state education, identifying roles and responsibilities. Next, it must identify (a) the arrangements needed in national, local or corporate infrastructure; (b) State obligations regarding the procurement impact of the business sector on children’s rights (UNCRC, 2013); and (c) enable the role of parents and learners in realising their human rights in the right place at the right times through physical mechanisms to meet duty holders’ obligations.

Looking at human rights in education through the lens of data protection must not mean the wider aims of education are forgotten. The second clause of Article 26 of the UDHR, the right to education, is rarely articulated in full, but is as apt today as ever:

Education shall be directed to the full development of the human personality and to the strengthening of respect for human rights and fundamental freedoms. It shall promote understanding, tolerance and friendship among all nations, racial or religious groups, and shall further the activities of the United Nations for the maintenance of peace.

There should be no doubt that the time to build a rights-respecting environment in education is now.

Jen Persson is Director and founder of the NGO Defend Digital Me, founded in 2016, that campaigns for children’s privacy and digital rights in the UK education and wider public sector. She contributed to the Council of Europe digital citizenship working group on Artificial Intelligence (AI) in education, and supported the Committee of Convention 108 in drafting the Council of Europe Guidelines for Data Protection in Education Settings, adopted in 2020. Defend Digital Me has published The Words We Use in Data Policy (2021), The Best Interests of the Child in the context of the Age Appropriate Design Code (2021) and The State of Biometrics 2022.

Defend Digital Me