NPD is watching you Shutterstock

Data relating to every school pupil in England is now available for use by private companies thanks to a change in legislation implemented last year.

The move is part of a wider government initiative to "marketise" data, which includes initiatives such as the much-criticised Care.data and the selling off of taxpayer data by HMRC.


Education Secretary Michael Gove launched a public consultation back in November 2012 on proposal to let the Department for Education share extracts from the National Pupil Database "for a wider range of purposes than currently possible" to "maximise the value of this rich dataset".

The National Pupil Database (NPD) contains detailed information about pupils in schools and colleges in England, including test and exam results, progression at each key stage, gender, ethnicity, pupil absence and exclusions, special educational needs, first language.

Read next The UK’s A-level fiasco has left thousands without grades The UK’s A-level fiasco has left thousands without grades

The data have been collected since around 2002 and is now one of the richest education datasets in the world, holding what the government says is "a wide range of information about pupils and students" at different phases.

Extracts of the data are available for use by "any organisation or person who, for the purpose of promoting the education or wellbeing of children in England are: conducting research or analysis, producing statistics, providing information, advice or guidance." Bespoke extracts are also available on request.


This might all seem quite non-controversial, but in light of stories about healthcare data misuse there may be some cause for concern.

NPD data isn't as sensitive as Care.data, but it does contain personal identifiable information about children, including the name, home address, post code, date of birth, exam results, types of disability, whether the child is in care and whether they've been excluded from school.

Given the sensitivity of the data, one might have expected a more widespread public debate or awareness. "The central concern is that parents and pupils themselves are not sufficiently aware of the way the data is being shared with third parties," explains data consultant Owen Boswarva, who has followed the move closely. "There appears to have been no concerted effort to bring the consultation or the NPD initiative to the attention of parents or pupils," Boswarva adds in a detailed blog post dated from July 2013.


Furthermore, there is no way of opting out of the database should a child or parent so wish. The Department for Education (DfE) insists that organisations requesting information need to comply with the Data Protection Act and have appropriate security in place to process the data.

The DfE has published a list of organisations that have accessed the data between April 2012 and February 2014. It includes many government bodies, academic organisations, NGOs and even media companies including the Financial Times.

A DfE spokesman told Wired.co.uk that it would not be charging for access to the data. He added: "Decisions on whether data can be released are subject to a robust approval process and anyone requesting data must comply with strict terms and conditions on security, handling and use of the data, including protecting the identity of individuals."