Louisiana Digital News
Gambling

UK’s Department for Education Gave Student Data to Gambling Industry

0


Posted on: November 7, 2022, 06:24h. 

Last updated on: November 7, 2022, 01:03h.

The UK’s Department for Education (DfE) violated privacy laws so egregiously that it could have been shut down if it were a private company. It allowed a third-party data company to access the private information of teenagers that was then distributed to the gambling industry.

Department for Education
A sign for the Department for Education adorns the government agency’s office. A data company allegedly shared information of students as young as 14 years old with gambling-related companies. (Image: European Pressphoto Agency)

For years, the UK’s primary keeper of education records shared data with Edududes, Ltd., a training company. That company transitioned to serve the gambling industry, but the DfE continued to give it access to the data.

The Information Commissioner’s Office (ICO) accuses the government department of a “serious” breach. That would, under any other circumstance, be worth £10 million (US$11.45 million). Since the DfE would have to pay the fine with government money, there isn’t much sense in trying to collect.

Illegal Breach of Policy and Privacy

The DfE is responsible for maintaining the educational records of students. It contains information about the qualifications of as many as 28 million kids as young as 14 years old.

The ICO discovered that the department continued granting access to Edududes after it informed the department it had changed its name to Trustopia. The latter, now out of business, was actually a screening company that used the database to verify age.

It offered its services to companies like ID verification firm GB Group. It also helped gambling companies confirm that their customers were over 18. Since Trustopia wasn’t using the information in the manner for which Edududes had been approved, it violated data protection laws.

It wasn’t until a newspaper reported the chain of activity that the DfE realized what was going on. The ICO discovered that Trustopia had access to the database between September 2018 and January 2020. During that time, it conducted searches on 22K pupils to verify their ages.

Nearly 12,600 organizations had access to the databases at the time of the breach, including schools, colleges, and higher education institutions.

Since the news broke, the DfE has removed 2,600 organizations from its database. It also streamlined the registration process in order to better protect individuals’ privacy. It now conducts regular checks for excessive searches and removes entities that no longer access the database.

Too Late for Accountability

Although the ICO won’t fine the DfE, it has ordered some changes. ICO also investigated Trustopia, but learned that the company, according to its statement, no longer had access to the database. Trustopia said it deleted temporary files containing data. But how it used the information before destroying it will never be known.

The regulator stated that Trustopia had been dismantled before the investigation was concluded. As a result, no regulatory action against it was possible.

Privacy in any commercial or government setting has been at the forefront of consumer protection laws for years in the European Union (EU). The creation of the General Data Protection Regulation (GDPR) was an attempt at offering the highest level of protection possible.

The UK, after its exit from the EU, announced that it wants to establish its own version of the GDPR. It has begun that process even as it tries to figure out who’s in command.



Source link

You might also like More from author
Leave A Reply

Your email address will not be published.