Facial recognition technology is being employed in more UK schools to allow pupils to pay for their meals, according to reports today.
In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology.
The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times.
Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child’s identity against “encrypted faceprint templates”, and will be held on servers on-site at the 65 schools that have so far signed up.
He added: “In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale.” He told the paper that with the system, the average transaction time was cut to five seconds per pupil.
The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England.
North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision.
Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the “next step in cashless catering.”
“This intuitive technology enables the PoS operators to quickly identify the pupil’s cashless account whilst payments are instantly adjusted in the same way as all other identification methods in CRB Cunninghams’ Fusion software,” the company said.
According to Professor Fraser Sampson, the UK government’s Surveillance Camera Commissioner, facial recognition technology may need to be regulated in much the same way as some ethically sensitive medical techniques to ensure there are sufficient safeguards in place to protect people’s privacy and freedoms.
Sampson, who works with the Home Office overseeing tech-related surveillance in the UK, told The Register last month that facial recognition was “a fast-evolving area and the evidence is elusive but it may be that the aspects currently left to self-determination present the greatest risk to communities or simply to give rise to the greatest concern among citizens.”
Privacy campaigners voiced concerns that moving the technology into schools merely for payment was needlessly normalising facial recognition.
“You don’t need to resort to airport style [technology] for children getting their lunch,” Silkie Carlo of the campaign group Big Brother Watch told the FT.
Jen Persson, director at defenddigitalme, a children’s rights and privacy group, pointed out that Sweden had issued its first fine under GDPR in the case of a school using facial recognition and the French data protection authority ordered high schools in Nice and Marseille to end their facial-recognition programs.
“We expect a similar response from the UK ICO and for all biometrics to be removed from UK schools. The law says if we can, we must, use less invasive approaches to protect children’s fundamental rights and freedoms,” she toild The Reg.
We have asked the Information Commissioner’s Office to comment.
Those concerned about the security of schools systems now storing children’s biometric data will not be assured by the fact that educational establishments have become targets for cyber-attacks.
In March, the Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, became the latest UK education body to fall victim to ransomware. The institution said it was “at least” the fourth multi-academy trust targeted just that month alone. Meanwhile, South and City College Birmingham earlier this year told 13,000 students that all lectures would be delivered via the web because a ransomware attack had disabled its core IT systems.
North Ayrshire Council has been contacted for comment. ®