Using Children’s Personal Data Legally and Securely
July 27, 2024

Context

  • The Indian school education system stands as one of the most expansive and intricate ecosystems globally.
  • It encompasses approximately 15 lakh schools, 97 lakh teachers, and nearly 26.5 crore students from pre-primary to higher secondary levels.
  • This vast system includes stakeholders from varied socioeconomic backgrounds, which adds to its complexity and richness and therefore adherence to the principles of data privacy and data minimisation is particularly pertinent given the sensitive nature of children’s personal data.

Key Functions of Unified District Information System for Education Plus (UDISE+)

  • Data Collection, Management and Real-Time Updates
    • UDISE+ is designed to collect comprehensive data from schools across the country.
    • This includes information on school infrastructure, teacher demographics, student enrolment, and academic performance.
    • By integrating this data into a centralised system, UDISE+ provides a holistic view of the education landscape in India.
    • One of the standout features of UDISE+ is its ability to provide real-time updates.
    • This means that any changes in school infrastructure, staff, or student enrolment can be quickly reflected in the system.
    • Such immediacy ensures that policymakers have the most current information when making decisions.
  • Resource Allocation, Monitoring and Evaluation
    • With accurate and up-to-date data, UDISE+ facilitates more effective resource allocation.
    • Whether it is the distribution of textbooks, deployment of teachers, or infrastructure development, resources can be directed to areas where they are most needed, enhancing the overall quality of education.
    • UDISE+ enables continuous monitoring and evaluation of educational programs and policies.
    • By tracking progress and identifying trends, the Ministry of Education can assess the effectiveness of its initiatives and make necessary adjustments to achieve desired outcomes.
  • Educational Trends Mapping and Policy Formulation
    • The platform is instrumental in mapping educational trends across the country.
    • This includes tracking enrolment rates, dropout rates, gender parity, and academic achievements.
    • Such data is crucial for identifying gaps and areas that require targeted interventions.
    • The insights gained from UDISE+ data are invaluable for policy formulation.
    • The Ministry can develop and implement policies that are evidence-based and tailored to the specific needs of different regions and demographics, ultimately improving the quality of education.

The Linkage of UDISE+ and the National Education Policy 2020 and Its Benefits

  • UDISE+ and the National Education Policy 2020
    • In alignment with the National Education Policy (NEP) 2020, UDISE+ incorporates the Automated Permanent Academic Account Registry (APAAR).
    • APAAR serves as a unique identifier for each student, allowing for the consolidation of academic credentials and demographic information in one place.
    • This integration ensures that every student's educational journey is tracked accurately, facilitating seamless transitions between different levels of education.
  • Enhancing Ease of Schooling
    • The linkage between UDISE+ and APAAR is central to enhancing the ease of schooling.
    • Automating student admissions helps reduce dropout rates during critical transitional phases, such as moving from primary to secondary education.
    • This automation also improves opportunities for continuing education by making the admission process smoother and more accessible.
  • Collaborations with Ed-Tech Companies
    • UDISE+ frequently collaborates with ed-tech companies and entities like DigiLocker.
    • These collaborations integrate modern technological solutions into the education system, providing digital infrastructure for storing and accessing academic records securely.

Concerns Surrounding UDISE+ and Solution

  • Data Privacy and Security
    • While UDISE+ significantly improves data management and policy formulation, it also brings challenges related to data privacy and security.
    • There are numerous potential pressure points wherein non-compliance of the involved actors may materialise.
    • For instance, there is limited guidance on what constitutes verifiable parental consent. Consent from parents for minors’ data, sought under the UDISE+/APAAR regime, may violate this requirement.
    • Moreover, the DPDP Act emphasises the importance of collecting personal data for specified legitimate purposes only.
    • Sharing children’s data under UDISE+ for a purpose incremental to the authorised one could violate this statutory requirement.
    • The interlinking of data raises concerns about the exposure of student information to various actors within the educational ecosystem.
    • The platform’s reliance on personal data, including Aadhaar information, necessitates stringent measures to protect sensitive information.
  • Solution: Adherence to SC’s Puttaswamy Judgement
    • The Supreme Court's recognition of the right to privacy as a fundamental right in the Justice K.S. Puttaswamy (Retd.) v. Union of India (2018) case laid down a three-part test for assessing the impact of state action on citizens' privacy rights.
    • The test includes legitimate state interest in restricting the right, necessity and proportionality of the restriction to achieve the interest, and the restriction being imposed by law.
    • Aadhaar integration in APAAR/UDISE+ must comply with these conditions, with due caution to prevent data theft and cyber breaches.

The Need for Specific Protocols to Handle Children’s Data in Indian Education System

  • Lack of Specific Mechanism for Sharing Children’s Data
    • When it comes to sharing children's personal data without a clear purpose, involving third parties like DigiLocker can create uncertainty about their roles.
    • It is necessary to identify who is responsible for data (data fiduciary), who processes it (data processor), and whose data it is (data principal) to assign liability, but this has not been done yet.
    • APAAR's privacy policy includes some data security and handling rules, but it lacks specific protocols for sharing children's data for unspecified purposes.
  • No Clarity on Legal Responsibilities
    • Both the data policy and the annual report state that the Ministry is not legally responsible for the disclosure or accuracy of data shared on UDISE+.
    • The privacy policy directs complaints to a grievance officer, but it is unclear how legal responsibility is assigned or handled.
    • This shows a clear lack of a proper complaint system for those whose data is collected and shared under APAAR.
    • There are many questions about how different systems work together, consent, and how complaints are handled.
    • Developing standard operating procedures, both technical and legal, within a strong governance framework is urgently needed.
    • These protocols will help ensure data accuracy and establish legal responsibilities for everyone involved.

Conclusion

  • The Indian school education system, with its vast and diverse ecosystem, requires robust mechanisms to manage and protect the personal data of millions of students.
  • Standard operating procedures, both technical and legal, under a comprehensive governance framework, are essential to preserve data authenticity and enforce legal obligations for stakeholders.
  • Implementing such protocols will create a conscientious approach to sharing, using, and retaining children's personal data, ensuring it is done lawfully and securely.

 

Enquire Now