Re: Privacy? What's that?
@israel_hands: Agree with pretty much all you say.
Biometrics, however, don't have specific legislation that I'm aware of. They are just captured as "personal data" the same as everything else. Personally, I object to (and therefore don't work with) biometric systems (from a security point of view, because you can't change the biometric if it's made public and it's easy to forge them enough to fool any sensibly-priced reader) but many, many schools have them for canteen, library, etc. Fingerprint is the most common and, no, they don't need specific permission, they can cover it in the blanket school agreements. Again, that ship has already sailed and there's not much we can do about it. I also object on the grounds that, in theory, the police would be within their rights to request and use that data for law enforcement (i.e. "We know it was one of your kids, but we don't have their fingerprint data.... but you do...").
The best defence I have is that I went to the BETT exhibition and interrogated all the major biometric vendors, and, for the age of children that I cater for, biometrics are regarded as being nearly useless - too much growth and change in their bodies means constant re-registering and high false-readings. Most companies said "Anyone under 9, don't bother" or words to that effect and I work in a prep school which goes up to age 13, so half our kids wouldn't be able to use it.
We don't do BYOD (that's just stupid, you can't secure random third-party devices without specifying models and then "supervising" them, so it's not really "Bring" your own, so much as "Buy" your own) but we do issue mobile devices that some kids take home. When they are used at home, yes, they can talk back to us. And we can track them, trace them, lock them down and switch them off if required. I strictly control access to such functions, we would never do it on a whim, but other places may not be so secure in their policies. However, if you use a device at home, it's on your wifi with our system. We don't have 3G/4G devices (that's just stupid, though you can do something called Global Proxy which means it uses the school filter for ANY CONNECTION wherever it happens to join the Internet) but in theory we can push apps, and we can also get GPS traces.
Some schools that I'm aware of also push camera-monitoring apps (at least in theory), keyboard- and screen-logging apps, etc. They are suites of software especially for that for schools (I have thus far refused to deploy them). If the kids are taking those home...
One more example: A child had an allocated school iPad. They took it on holiday to the US. They phoned us to tell us that they thought it was lost or stolen. We locked the device and had it report its GPS location. Turned out that it was half-way across the Atlantic when we asked it to check-in. It had been used on the plane (therefore presumably connected to Wifi) and therefore reported back it's location, and we watched it fly over the ocean over a series of hours. It was found when the plane was empty and the pilot had noticed it was security marked, so he decided to take it in the cockpit with him on his return journey and drop it back to the school. Fact is, we knew that before the child or parent did.
It's scary stuff. But the alternative is no technology in schools (which may not be a bad thing, but it's never going to happen, and it would put children at a detriment while ANY OTHER school allows it). If we have tech that's going to be wireless, Internet-connected, etc. and mandate that children have to use it (Google Classroom, etc.) then we have to lock it down (for their protection, and for theft-protection). There's no reason for such tech to be generic off-the-shelf hardware and Internet-connected to the wide web, but it is. As a school IT guy, my job has morphed from "control these locally connected machines that you have full power over" to "control these devices that are tagged with the child's name, advertise their location, and connect to the school database with all their personal details." The scope for misuse is enormous.
There have been, and no doubt will be, a point where as a professional I refuse to implement more measures like this, even if that involves a change of career. But parent objections? So far zero. They are statistically infinitely more likely to complain that "the wifi is schools is microwaving my child's brain" (while having a mobile phone strapped to their head 24 hours a day themselves). Nobody has ever yet mentioned, or objected to, the technical monitoring measures involved. In fact, they ask to MAKE SURE we have them and complain about the slightest thing their darling child is able to find that they disapprove of. They object to the cost. They object to the hassle (taking the device back and forth, charging, etc.). They object to the "blue light" nonsense. They object to the destruction of traditional pen and paper. They object to the device or filter not functioning correctly for a fraction of a second.
But out of literally TENS OF THOUSANDS of parents that I've dealt with professionally, not one has ever raised an objection about a clearly-stated policy on monitoring of all their child's school-internet and school-device activities. *I* have. But not a single parent.
I remember in a private school rolling out compulsory iPads (not my choice!) like this and then charging the parents for them on their annual bill. The only objection came from two sets of parents (out of 500+) who came to an induction meeting we held on it. That objection? "Well, you'll still be setting them homework on paper, won't you, we don't want them losing the ability to hold pen and paper!" (that's an entire other rant in itself, though).
And when nobody objects to that kind of thing, it becomes the norm (as it has done) and then it becomes too late to object because "all the other schools do it". Sadly, it may take an incident such as you hint at (some IT guy mis-using it to groom children or similar, God forbid) to actually make people take notice.