Parents Say No to Digital ID — While Their Kids Are Biometrically Scanned at School

A parent spends their days fighting digital ID, convinced they’re protecting their family from a system they don’t trust. But every morning, without realising it, they walk their child straight into the very machinery they oppose. In schools across the country, children are being fingerprinted, face‑mapped, palm‑scanned or voice‑logged for “lunch queues,” “library books,” “cashless payments,” or “attendance.” Parents assume it’s harmless admin, but the biometric data isn’t stored by the school — it’s held by private vendors and third‑party companies they’ve never met, never approved, and never even heard of. These companies can access, process, and retain a child’s most permanent identifiers while parents remain completely unaware. The parent who refuses digital ID for themselves has already had their child enrolled into a biometric system without understanding what’s happening or who controls it.

​

This is how the story goes — fully explained below.

​

​

​

​​​1. The story: “No to digital ID”… and then

​

​

Day 1: The school form

​

Alex is furious about digital ID.

They’ve watched the debates, shared the posts, told their friends:

“No way I’m letting the government or corporations track me with some digital ID system.”

Monday morning, Alex is rushing.

Their 6‑year‑old, Mia, has just started Year 2.

In the school bag is a crumpled letter:

“We’re moving to a modern, cashless catering and library system. It’s faster, safer, and reduces bullying around money. Please sign and return.”

​

There’s a tick box:

“I agree to my child being enrolled on the system.”

​

No mention of:

• fingerprints

• biometrics

• third‑party vendors

• cloud storage

• data retention

• subcontractors

​

​

Alex skims it, thinks: “Okay, cashless lunch, sounds fine,” ticks the box, signs, and throws it in the tray.

They don’t connect this to “digital ID” at all.

​

​

Day 2: Enrolment

​

At school, Mia is taken out of class with a small group.

They’re led to the library.

On the table: a small fingerprint scanner.

The staff member smiles:

“Pop your finger on here, sweetheart. Great, now again. Perfect, you’re all set for lunch and books!”

Mia thinks it’s a game.

​

In 3 seconds:

​

• her fingerprint pattern is captured

• converted into a mathematical template

• sent to a private vendor’s system

• stored in a database she will never see

​

No parent present. No real explanation. No sense of permanence.

​

​

Same day: The protest

​

That afternoon, Alex is in town, holding a sign:

“NO TO DIGITAL ID”

They chant, they march, they post videos:

“We will not be turned into QR codes. We will not be tracked. We will not be reduced to data.”

They go home feeling proud.

They protected their freedom.

They don’t know that, earlier that day, their child’s biometric identity was handed to a private company.

​

​

Fast‑forward: 10 years later

​

Mia is now 16.

​

Her fingerprint template has:

​

• sat in vendor databases

• been backed up

• been mirrored to cloud servers

• been accessed by support staff

• survived software upgrades

• survived staff changes

• survived school leadership changes

• ​

The school has changed catering providers twice.

​

Each time:

• data was “migrated”

• contracts were signed

• nobody asked Mia

• nobody asked Alex if they still agreed

• ​

The original vendor was bought by a larger company.

The database moved jurisdiction.

Nobody told the parents.

​

The breach

​

One day, the new parent WhatsApp group explodes:

“Has everyone seen the news? School catering provider hacked. Data stolen.”

​

The headlines talk about:

​

• names

• emails

• payment details

​

Buried in the article:

​

“Biometric templates may also have been accessed.”

​

Alex reads it three times.

Biometric templates.

Fingerprints.

Mia’s fingerprint.

The one she gave at 6 years old.

The one Alex never really thought about.

The one that cannot be changed.

​

​

The realisation

​

Alex suddenly sees it:

​

• You can cancel a card.

• You can change a password.

• You can get a new phone.

• You cannot get a new fingerprint.

​

Somewhere, in a dataset they will never see, Mia’s biometric template is now:

​

• copied

• traded

• analysed

• potentially combined with other data

​

Alex goes back through old emails and letters.

​

There is no clear explanation of:

​

• how long biometrics would be kept

• what happens if the vendor is sold

• what happens if the vendor is breached

• who the subcontractors are

• where the servers are

• how to delete the data

​

They realise:

​

They shouted “NO to digital ID” for themselves… while their child was quietly enrolled into a stronger, permanent ID system.

​

​

2. The worst‑case outcome (what this actually means)

​

The “worst possible outcome” isn’t sci‑fi.

​

It’s this:

​

• Permanent biometric identifiers (fingerprints, face maps, vein patterns)

• Captured in childhood

• Stored by private vendors

• Copied in breaches

• Potentially linked to other datasets over time

​

That creates a future where:

​

• identity theft can use biometrics, not just passwords

• profiling can be tied to unchangeable traits

• access systems (banks, borders, workplaces) may one day use the same biometric types

• your child’s body has become their login—and that login leaked before they were old enough to understand

​

The deepest risk is irreversibility.

​

Once a child’s biometric template is out, there is no:

​

• “reset my fingerprint”

• “change my face geometry”

• “issue me a new vein pattern”

​

The system has taken something biological and permanent and treated it like a password.

​

3. The solution: opt‑out, withdraw, and SARs

​

Here’s the part you wanted to land on: What can parents actually do—right now?

​

A. Opt‑out before enrolment

​

If the school hasn’t enrolled the child yet:

1. Write to the school (email is fine).

2. State clearly:

   • You do not consent to your child’s biometric data being taken or used.

   • You want your child to use non‑biometric alternatives (card, PIN, name lookup, etc.).

3. Ask for written confirmation that:​

   • your child will not be treated differently or penalised

   • your child will not be enrolled

This sets a clear line before capture.

​

B. Withdraw consent and demand deletion

​

 

If the child is already enrolled:

1. Write to the school and the vendor (if known).

2. State clearly:

   • You withdraw any consent previously given for biometric processing.

   • You require the immediate deletion of your child’s biometric templates from all systems, backups, and subcontractors where legally possible.

3. Ask for proof:

   • written confirmation of deletion

   • date and method of deletion

   • list of any third parties who held the data

   • ​

You’re not asking nicely. You’re asserting rights.

​

C. Send a Subject Access Request (SAR)

​

A SAR is how you say: “Show me everything you have on my child.”

​

You send it to:

• the school (as data controller for school activities)

• the vendor (if you know who they are)

• ​

You ask for:

• all data held on your child

• all biometric data and templates

• all logs of when/where biometrics were used

• all third parties the data was shared with

• data retention periods

• copies of any Data Protection Impact Assessments (DPIAs) related to biometrics

​

This forces the system to reveal:

• what they took

• who they shared it with

• how long they plan to keep it

​

D. Demand a non‑biometric alternative

​

You also make it clear:

​

• your child must be allowed to:

  • eat lunch

  • borrow books

  • attend class without using biometrics.

​

You state that:

​

• any attempt to disadvantage or single out your child for refusing biometrics is unacceptable and may be unlawful discrimination.

• ​

E. The closing loop of the story

​

Back to Alex.

​

After the breach, Alex:

• sends SARs to the school and vendor

• withdraws consent

• demands deletion

• insists on a non‑biometric alternative for Mia’s younger sibling

​

They also go back to the next protest with a new sign:

​

“NO TO DIGITAL ID AND NO TO BIOMETRICS FOR CHILDREN”

​

Because now they see it:

​

You can’t be against digital ID for adults while silently feeding your children’s biological ID into private systems at school.

​

​

​

Once a parent realises their child’s biometrics or device data may have been taken, the next steps are the same for everyone — parents, teachers, and pupils. This is about withdrawing permission, forcing transparency, and finding out exactly what data exists, including anything linked through apps on your devices.

​

​

1. Withdraw consent immediately

​

Email the school and state clearly:

​

• You withdraw consent for any biometric processing

• You want all biometric use stopped

• Your child must be given a non‑biometric option (card, PIN, name lookup)

• ​

This stops new data being taken.

​

​

2. Send a FULL SAR to the school

​

A Subject Access Request forces the school to reveal everything they hold or have passed on.

​

You ask for:

• biometric templates

• fingerprint/face/palm data

• logs of every time biometrics were used

• all photos, videos, and files linked to your child

• any data collected through school apps

• device data collected by those apps (if applicable)

• all third‑party companies who received data

• copies of contracts, DPIAs, and retention policies

• ​

The school has one month to respond.

​

This is where you find out if:

• photos from your device were accessed

• videos were uploaded

• files were scanned

• app permissions allowed access to galleries or storage

• third‑party vendors received anything from your phone or your child’s device

​

​​

This is not a partial SAR — it is a full data disclosure.

​

3. When the school replies, check the companies

​

The school’s response should list:

• the catering vendor

• the library vendor

• the biometric system provider

• cloud storage companies

• subcontractors

• IT support companies

• any app developers involved

​

These are the companies that may hold your child’s:

• biometric templates

• photos

• videos

• documents

• device‑linked data

• behavioural logs

• usage logs

​

If the school’s response is missing companies, vague, or incomplete, you ask again.

​

4. Send SARs to every vendor listed

​

Each vendor also has one month to respond.

​

You ask them for:

• all biometric data

• all photos, videos, or files they hold

• any data taken through apps

• all logs of access

• all subcontractors

• all cloud locations

• all backups

• all retention periods

• all breaches involving your data

​​

This is where you discover the real scope of what was taken.

​

5. Request deletion from all parties

​

Once you know who has the data, you send deletion requests to:

• the school

• every vendor

• every subcontractor

​

You ask for:

• confirmation of deletion

• date and method

• confirmation that backups were included

• confirmation that subcontractors deleted their copies

​

6. What this process reveals

​

Parents often discover:

​

• biometric templates stored for years

• photos and videos uploaded automatically

• files scanned by apps

• device galleries accessed when permissions were granted

• data shared with multiple companies

• cloud storage outside the UK

• data kept long after the child left the school

​

This is why the full SAR matters — not the watered‑down version schools prefer.

​

​