Nine schools in North Ayrshire UK will begin taking payments for school lunches using biometrics. Students will be able to pay for lunch by scanning their faces. The schools say this aims to streamline lunch periods, but many have reservations about the implementation of the practice.
The Financial Times points out that the use of personal markers for verification isn’t new to schools. Some institutions have used fingerprinting before. However, privacy advocates are worried that institutions are normalizing biometrics. Especially because it’s a type as pervasive and error-prone as facial recognition.
The schools say that contactless payment can speed up the serving of thousands of students during a short period. Moreover, this method reduces the chance of spreading diseases. A total of 65 schools reportedly signed up.
Facial print data will be stored on school systems. It’s unclear whether each school will have its own database or if there will be a shared infrastructure like those used by sites for background checks.
Parents and watchdogs are concerned about this practice normalizing biometrics. Many argue that something as mundane as school lunch doesn’t warrant its use. Even most mainstream background check services don’t include biometrics yet.
Furthermore, some parents are worried that children don’t know enough about biometrics to consent to the collection of their facial prints.
David Swanston, managing director of CRB Cunnigham, the company that installed the system, has a contrary opinion. He argues that this system is different from “live facial recognition” that scans crowds.
Indeed, the application is different, but it uses the same data—facial prints. Hence, it is prone to the same threats, including advanced ID theft, data breaches, etc. Even countries that are increasing surveillance, like the US and China, impose strict controls over facial recognition.
Another consideration is data privacy. This is a matter of increasing importance in Europe, which has created the GDPR to guide legislation. While the UK is no longer part of the EU, its data privacy guidelines are similar.
Finally, the subjects in question are children, and that alone is an important consideration. Seeing as the program is voluntary for now, it may be a while before more is heard on this case.