UK DfE rapped over data access for gambling age verification
The Information Commissioner’s Office found the department to be at fault for approving the sharing of data from the learning record service.
UK.- The British data watchdog, the Information Commissioner’s Office (ICO), has reprimanded the Department for Education (DfE) over the misuse of 28 million children’s personal data. Data from academic records ended up being used for age-screening services for gambling.
The DfE had allowed Trust Systems Software, which traded as Trustopia, to access data from the learning records service (LRS), which keeps school pupils’ academic records and is normally only accessible to qualified education providers. It contains the data of up to 28 million young people aged from 14, including full name, date of birth, gender and optionally email address and nationality.
Trust Systems Software had previously traded as Edududes Ltd, an education training provider. But the ICO found that DfE continued to grant Trustopia access to the database after it advised the department of its new trading name. Trustopia, which was dissolved before the investigation began, provided data to companies such as GB Group, which provides age verification services for gambling operators.
Trustopia had access to the LRS from September 2018 to January 2020 and conducted searches on 22,000 learners for age verification purposes. The ICO said the incident represented a misuse of information under data protection laws because the data shared “was not being used for its original purpose”. The DfE reportedly only became aware of the breach after a report in a newspaper.
UK Information Commissioner, John Edwards, said: “This was a serious breach of the law and one that would have warranted a £10m fine in this specific case. I have taken the decision not to issue that fine, as any money paid in fines is returned to the government, and so the impact would have been minimal.
“But that should not detract from how serious the errors we have highlighted were, nor how urgently they needed addressing by the Department for Education.”
The DfE has since removed LRS access for 2,600 organisations and has increased monitoring of its systems and data searches. It has now been ordered to define clear measures to improve data protection practices.
Edwards said: “Our investigation found that the processes put in place by the Department for Education were woeful. Data was being misused, and the Department was unaware there was even a problem until a national newspaper informed them.
“We all have an absolute right to expect that our central government departments treat the data they hold on us with the utmost respect and security. Even more so when it comes to the information of 28 million children.”
Gambling Commission suspends LEBOM for failure to integrate Gamstop
Britain’s Gambling Commission has suspended the licence of LEBOM for failing to integrate with the gambling self-exclusion scheme, Gamstop. Integration with the service has been a licence condition since 2020.
Operators must block players who have signed up to Gamstop. However, the Gambling Commission found that lebom.app had not fully integrated with the system. Its licence has been suspended with immediate effect. The Gambling Commission has also launched a review under section 116 of the Gambling Act 2005.
