While much of the “post Covid” world remains quite uncertain and subject to ongoing media speculation, it does seem safe to assume - if ever there were doubters - that the increasing use of technology in schools (or “EdTech”, to use the buzz phrase) will be an enduring legacy.
That’s not to say of course that schools pre-Covid were not already exploring new and innovative ways to use technology in the classroom and to support delivery of curriculum content – and indeed more widely across the school community, including for example in the delivery of parent and alumni communications and use of general pupil information management systems. But, as in other areas, Covid has supercharged existing trends: forcing schools to move to remote provision almost overnight inevitably ensured that.
Now we are looking (we hope) at life post-lockdown(s) important questions need to be considered by school leaders about how technology is going to be used on an ongoing basis. As the relentless pace of technological development continues, the opportunities within education are considerable and the breadth of what EdTech covers is huge – everything from simple times table learning apps to sophisticated virtual reality programmes enhancing the “in classroom” experience; from anti-plagiarism screening software and other assessment tools to safeguarding reporting platforms and biometric security systems. The furore over last summer’s exam grading system and the U-turn over the algorithm used to moderate students’ results, provided a further indication of how emotive and contentious the issues can be.
Inevitably there remains a lively debate among educationalists about how effective different types of technology, platforms and approaches are (and how best to blend traditional “chalk and talk” with more technologically enabled provision and more independent study). And indeed we need to be realistic about what EdTech can and cannot do and that much of what the independent schools sector is renowned for cannot be replicated or re-packaged in a remote or digital-only format – indeed no-one (least of all parents and pupils) would want it to. Taking part in sport, art, drama and musical activities (as well as more practical subjects in the curriculum) requires pupils to be physically present and engage with one another, not least when important “soft’ skills” such as team-working, socialisation and public speaking form such a crucial part of the school experience. As ever, there is a balance to be struck and school leaders will be well aware of where, in an ideal world (competitive pressures aside), they feel lines should be drawn.
Wherever those lines may be drawn, however, some involvement of EdTech-enabled provision is inevitable. The purpose of this article is, therefore, to focus on the commercial, contractual and compliance issues that bursars and compliance leads should be considering as they commission and integrate new technology into their schools’ systems, and the core “everyday” offer to pupils and parents. This is particularly important as the technology becomes more sophisticated and therefore likely to raise bigger questions about, for example, user privacy and wider data protection issues.
1. Contractual issues: parents and providers
(a) The parent contract
Looking first at the contractual relationship with parents, as a starting point schools should be reassured that the ISBA model parent contract specifically makes allowance for the school to decide the means by which its educational services are provided – including, where necessary, doing so remotely. The model contract has been updated in the last 12 months to make this even clearer than before (in light of the experiences of Covid).
Nevertheless it remains important for schools to be clear in marketing and admissions materials as to the broad principles on which the school is run and, increasingly, this is likely to include a clear articulation of the school’s “digital strategy” – ie, what it will seek to deliver, and via what methods in terms of the use of technology in educational provision in “normal” times. Obviously too those materials still need to remain realistic, in terms of a school’s ability to deliver on those aspirations, not only from a reputational point of view, but also given their potential to form part of the contractual offer to parents.
Parents and pupils will want to know how technology is used by the school and what the expectations are on pupils in their own use of technology at school (including, for example, the rules around use of smartphones during the school day / in classrooms). We anticipate that one of the inevitable post-Covid consequences will be increasingly sophisticated parental expectations in this area – for example, asking schools what, if any, lessons will be recorded for catch-up / revision purposes, and what remote provision will be offered as standard (in the event of international students unable to travel to the UK because of travel restrictions related to Covid, say, or any other analogous circumstances). Equally, the centrality of technology, and smartphones / social media in particular, to safeguarding issues such as peer on peer abuse, is unquestionable.
We expect too that staff (both current and prospective) will have questions and expectations in this area – including how “available” they are expected to be to parents and pupils (both in person and remotely), what and how they are expected to teach (in different formats and across different media and at different times) and what opportunities there may be for teacher-led innovation, for example in curriculum development or the engagement of external EdTech providers.
(b) Contracts with commercial providers
The other key contractual relationship that schools need to consider is with third party service providers who the school may be engaging to provide the technology, be that content, platforms, integrated systems, as well as anything in between.
At a basic level, the same principles will apply to a contract with a technology provider as it will to any supplier or service provider used by the school. It will be important to carry out appropriate due diligence into the provider – both in terms of the quality of the product or service it is offering and the general reputability of the provider itself. Schools need to ensure they consider all available options (potentially developed out of a separate procurement strategy and / or policy) and develop a consistent approach to things like the security settings that need to be put in place when pupils use third party services or platforms. Other key commercial and contractual arrangements that will need to be scrutinised will include:
- How long is the contract for? Is there a trial period or minimum commitment period? How do the software licensing arrangements sit alongside the contract term (perhaps most notably, is there a “cliff-edge” if the school does not renew)?
- How much is the school paying and what for (eg, a certain number of user licences, or a white label product that the school can take and develop itself)?
- What are the service level commitments provided by the supplier – for example, what technical support is offered? Is there any training included or is that charged for additionally?
- What is the “plan B” if the technology fails to deliver?
- How embedded will the technology become in the school, informing things like how regular the refreshes might need be, or the lead-in time for any move away to a different technology or solution?
- How and in what circumstances can the contract be terminated? Are there early exit restrictions or costs?
The other crucial element in the due diligence jigsaw is that of data protection – as considered further in its wider context below.
2. Data protection and privacy issues
(a) Due diligence around third parties’ compliance
As the EdTech market continues to expand, and with the inherently high-risk profile around the collecting and processing of pupil data (which, in some specific instances, such as safeguarding reporting tools / databases, will constitute more sensitive, or “special category” data, where the compliance requirements are stricter) reputable providers and platforms should be making a virtue of their standards of data protection compliance and be able to demonstrate these to the school. Particularly important will be the technical and organisational measures implemented to keep personal data secure – particularly noting the increasingly common and unwelcome trend of cyber-attacks on education settings in recent months.
When a school is formally engaging a third party provider it will be important to ensure the contract contains appropriate data processing provisions. When the provider is acting as the school’s data processor (ie, acting on the data controller school’s instructions) there will need to be GDPR-compliant terms governing the handling of any personal data processed by the provider (including ensuring appropriate security measures are in place, arrangements for the return or deletion of data at the end of the contractual term, prompt notification of (and assistance to) the school in the event of a data breach, and restrictions on the transfer of data outside the UK and/or European Economic Area).
Even where a third party is acting as an independent data controller, the contract between school and provider should contain appropriate data sharing / processing provisions governing similar issues around, for example, the permitted purposes of processing, and ensuring appropriately robust measures are in place around data security and deletion of data.
(b) Transparency and accountability: key GDPR documentation and considerations
Aside from what external platforms may themselves provide to users about their processing of personal data (again, something to scrutinise at the pre-contract stage), schools should consider specific privacy information at the point of sign-up or login to specific platforms or services in respect of which schools are processing pupil data. This could potentially be in the form of “bite sized” explanations at the point of access (consistent with the ICO’s Age Appropriate Design Code, which although not directly applicable to schools, does provide useful principles of how and what privacy information should be provided to children – particularly in the context of online services), which link to the school’s full Privacy Notice.
On the back of the experience of Covid, the most recent update to the model ISBA Privacy Notice (March 2021) does refer specifically to remote provision, but only in brief / high level terms as there is not a catch-all approach that will work for every school or EdTech context. Any key information (eg, whether consent is relied on, whether and for what purpose recordings may be made and kept, and for how long) should be provided up front – for example in separate, standalone notices or updates to parents. The full Privacy Notice is not necessarily the best place to convey that, particularly where schools are using technology in a new or more substantive way now, rather than it just being a temporary “fix” during Covid lockdowns.
Equally important will be updates to the wider suite of policies which are likely to have been drafted before Covid and where technology might well have been more peripheral to schools’ day to day provision of services. For example, the IT: Acceptable Use, Working From Home / Use of Own Devices, and eSafety / Cyber-bullying policies (or their nearest equivalents) – as well as the school’s overarching Data Protection Policy (distinct from the Privacy Notice discussed above) which should inform staff about their and the school’s key data protection obligations and responsibilities.
Conclusion: challenges and opportunities
The hope must be that looking ahead, schools can learn some valuable lessons from the Covid experience in how they use (and indeed how they want to use) technology to complement the core school experience, ethos and culture. As, no doubt, any parent who had to live through the home schooling experience will now testify, technology is not a substitute for the fundamentals of face-to-face, teacher-led education. It surely does though have the potential to provide some real benefits which can be harnessed in the core offer to parents and pupils. As a result, it is crucial to ensure that key legal and commercial compliance considerations are baked into this process, with policies and practices kept regularly updated and in line with best sector standards. This will help schools stand in good stead as they navigate this fast moving and evolving world.
If you require further information about anything covered in this briefing, please contact Paul Jones and Sam Talbot Rice or your usual contact at the firm on +44 (0)20 3375 7000.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, October 2021
Please note this content was originally published in the Autumn 2021 edition of the Independent Schools’ Bursars Association (ISBA) termly magazine, “The Bursar’s Review”, issued October 2021, and is reproduced with the kind permission of ISBA.