Scottish pupils 'sex survey' data advertised

[ArabellaScott]

https://www.bbc.co.uk/news/articles/c5yvr65dpgzo

'Data from a controversial survey which asked school pupils as young as 14 about their sexual experiences has been advertised for use by external researchers, without the explicit consent of children or parents, BBC Scotland has learned.
The Scottish government's Health and Wellbeing census hit the headlines in 2021 after asking highly personal questions of more than 130,000 school children, raising concerns among education experts and families.
Parents said they were not told the nature of the questions in advance and were not asked to agree that their children's private information could be shared.'

...
'However, the data is now being offered publicly to external researchers via the website of Research Data Scotland, a charity created by the Scottish government in 2021 with a stated aim of making it easier to access data around health and wellbeing.

I think this is the data:

https://www.researchdata.scot/metadata-catalogue/search-results/result/?id=438&originId=0

The BBC link has a contact form you can use if you're affected by this.

Concerns about whether the data could be used to identify individual children:

'...the Information Commissioner's Office warned the Scottish government in 2023 that the way they had gathered, stored and transferred the data created potential risks that children could be identified by "third parties and rogue actors". '

Scotland views children's ability to consent quite differently and an over 14 year old is viewed as able to consent to data sharing and this type of thing. Obviously the issue about identifiable data raised is a concern.

A warning, great work there.

A test case is needed so parents and the child need to use their rights under data protection legislation.

Not a fan of "paper terrorism" but an active campaign of letter writing by individual parents and children to politicians and SAR request to the LA, Research Data Scotland, plus any other body which controls access or may hold a copy of the database may move them to act while the case goes through the process.

Oof.

This is reminiscent of the BeeWell survey re GDPR and "opt out"/public task.

There were two issues with that survey: a) the content (gender identity positioned as fact) and b) how the data was used. Here's a link to the latter issue:

https://www.mumsnet.com/talk/womens_rights/5209872-the-beewell-survey?reply=139873687&utm_campaign=reply&utm_medium=share

Any parent in half of the LAs in Scotland could do it.

Anonymised health data is made available to researchers on a daily basis in Scotland, without explicit consent from patients. This is a non story.

I feel that more should be done to explain to the public how data is used and how it is made safe.

ZanyPlumWasp
Anonymised health data is made available to researchers on a daily basis in Scotland, without explicit consent from patients. This is a non story.

This is data collected in local schools from children.
The people in charge of checking that it is anonymised dont think it is.

Per the report:
The Scottish government did have a section on its website which said that "individual level data may be shared for research purposes".

The government said its traceable to a student

I feel that more should be done to explain to the public how data is used and how it is made safe.

Per the report:
The pupils answered the questions online in classrooms and were told on the survey form itself that the information would not be shared.
In a section called "What Happens to My Answers?" it says: "The local authority will not tell anyone your answers, not your teacher or your family."

So non story but no explaing at the point of collection and not made safe

Children have been given a survey that asks very intimate questions.

No consent sought. No consideration of the impact on children, a proportion of whom will have been abused. Questions that children may well not want to share in a classroom setting, or have a teacher/teaching assistant see their responses to. No provision made for children who were upset or impacted by these questions.

Adults being asked about their sexual history would be bad enough.

This was asking children.

Then, the 'anonymisation' wasn't done correctly. As the ICO warned.

Firstly, children's uniquely identifying numbers were used. This presents a vulnerability for sensitive info to 'leak'.

Secondly, the survey combined some potentially 'outing' information with the sensitive information. So 'jigsaw' identification is potentially possible.

Thirdly, the LA said the info wouldn't be shared. And now it's up for sale to researchers.

A series of 'non-issues'.

I have absolutely no doubt that someone would be able to identify themselves in the data. Trick is to allow only trusted individuals and organisations to access the data, with sufficient penalties. The data isn't the problem, people are.

Making a candidate number, or something else, which can be publicly searched doesn't sound good, and I'm surprised that's happened, and sceptical if that has actually happened given my knowledge of the process.

Did you read the article, Zany?

ZanyPlumWasp

I have absolutely no doubt that someone would be able to identify themselves in the data.

Do you think an individual child can be identified or not?

Trick is to allow only trusted individuals and organisations to access the data, with sufficient penalties

Do you think that persons data should be collected [edit] by conditional/specific permission and once collected the holder should be allowed to use that data in any way they choose?

Define trusted imdividual / organisation
Would that include persons who engaged in the collection of child apecific sensitive data with out proper controls?

The data isn't the problem, people are.

What do you mean here, which people?

The child who did not understand how their data would be processed?
The child who was informed by an adult in a position of trust that they had no option to not fill in the data?
The adults who organised the data collection all of whom had or should of had DP training plus child safeguarding training when the child specific was data never within their controls system and could be accessed by multiple unknown persons?
The designers of the database?
The staff at all levels of implementation who had a contractual obligation to ask is the collection in lawful compliance of the extra rules enacted to protect children?
Other random people the staff chose to provide access to?

Making a candidate number, or something else, which can be publicly searched doesn't sound good,

Its not good
And even " private" serches are not good.
its desiging 101 a database which holds specific sensitive data about children when there is no need to be child specific is collecting data with no lawful purpose

and I'm surprised that's happened, and sceptical if that has actually happened

Data subjects said it happened
Parents of data subjects said it happened
Some LA decided not to collect data because it could happen
The conclusion by the organisation charged with carrying out an independent audit said it happened.

So what evidence are you using when you formed a belief that it did not happen?

given my knowledge of the process.

Could you expand on what you mean by process?

Is it the specific database?
Or data protection obligations?
Or something wlse?

This isn't new though, right? We had to do something similar when I was 14 and that was over 15 years ago.

Felt a bit uncomfortable answering questions like 'have you ever had oral sex?' (all of my answers were no lol, I hadn't even had my first kiss at 14) and then our teacher said to just leave them on our desks when we wait to break. I bet she had a look at the 'anonymous' surveys while we were gone...

Facing those questions at school, for children who have complex histories, is pretty distressing.

I approached a sexual violence support service via an online form, specifically requesting they not telephone me. I had to leave a number to complete the form.

They phoned me. That meant my day was trashed, everything I planned out the window because they opened that box when I wasn’t prepared.

I’m 55. If you had done that to me when I was 14, in the classroom where I was relentlessly bullied anyway…

No wonder kids refuse school. It’s not a safe place. Though maybe the dc had preparation even if parents weren’t informed.

And if you had told the same teacher that you were approached at the school gate and asked that by a random stranger the teacher would not have ignored it and told you go to break.

There was an urgent question asked about this in Parliament today.
https://www.parliament.scot/chamber-and-committees/official-report/search-what-was-said-in-parliament/recent-publication?meeting=16245&iob=138769

At least the data has now been removed from the research website.

Thank fuck for that.

Lots more to address, though.

'I am sorry—I see that the member does not have a particularly happy face right now. I would have thought that she would welcome the Government’s approach, because it has been her approach throughout. [Interruption.] I can hear her chuntering from a sedentary position. '

Jenny Gilruth is rude and unpleasant.

Hm. On further reading she appears to be deferential to all the other (male) MSPs when answering their criticism. Just Megan Gallacher she's accusing of 'chuntering' and criticising how she looks.

The link doesn't say that the data has been taken down all it says is that they aren't collecting anymore data right now.

Gilruth said this right at the end, Hoard:

' I have asked the chief statistician to write to Research Data Scotland so that it removes the health and wellbeing census from the data catalogue on its website. The sharing of that information is the salient issue that has been raised today. Data access requests by researchers in relation to the health and wellbeing census will be paused while we undertake our considerations. It is important that I have an opportunity to engage with the chief statistician on that data set.'

Did we say at the time that this was going to be an issue and clarity was needed about what this was for?

Thanks I missed that

"Data access requests by researchers in relation to the health and wellbeing census will be paused while we undertake our considerations.'

Paused.

So that what? They can quietly go back to releasing the data once the media and the public and the Scottish Parliament aren't looking any more?

Wouldn't trust them as far as I could throw them.

Welcome to SNP Scotland where:

Over 16s are “adults”
Over 14s can be asked questions about intimate matters such as sex and substance use without informed parental consent including what happens to the data

the question remains why the Scottish government are interested in the sexual activity of children .

But men under 25 who commit crimes like raping and burning women alive get a lighter sentence because their brains aren’t fully developed or some such:

https://news.sky.com/story/jill-barclay-man-23-who-raped-mum-of-two-in-aberdeen-and-burned-her-alive-given-lesser-sentence-due-to-young-age-12888501

What the actual fuck is this shitshow of a country