vchalup -

ICO acknowledges GDPR concerns over A-level results scandal

Information Commissioner’s Office says it has engaged with exams regulator Ofqual after its use of an algorithm to calculate A-level grades backfired

The Information Commissioner’s Office (ICO) has said it is monitoring the developing scandal around the downgrading of almost 40% of A-level results in England and Wales, which were calculated by an algorithm developed by exams regulator Ofqual in place of exams cancelled because of the Covid-19 pandemic.

The mass downgrading has seen thousands of students miss out on places at their desired universities, with many schools reporting dramatically lower results than in previous years.

The Equalities and Human Rights Commission has made a public intervention after it emerged that the algorithm treated private school pupils better than those from disadvantaged backgrounds, and there are also mounting calls for education secretary Gavin Williamson to quit.

An ICO spokesperson said: “We understand how important A-level results and other qualifications are to students across the country. When so much is at stake, it’s especially important that their personal data is used fairly and transparently.

“We have been engaging with Ofqual to understand how it has responded to the exceptional circumstances posed by the Covid-19 pandemic, and we will continue to discuss any concerns that may arise following the publication of results.

“The GDPR [General Data Protection Regulation] places strict restrictions on organisations making solely automated decisions that have a legal or similarly significant effect on individuals. The law also requires the processing to be fair, even where decisions are not automated.

“Ofqual has stated that automated decision-making does not take place when the standardisation model is applied, and that teachers and exam board officers are involved in decisions on calculated grades. Anyone with any concerns about how their data has been handled should raise those concerns with the exam boards first, then report to us if they are not satisfied.

The spokesperson added: “The ICO will continue to monitor the situation and engage with Ofqual.”

Under the GDPR, students have a right to request information about their performance which may include their teachers’ assessments, written comments about their provisional grade and/or rank order, and past performance records.

Read more about the GDPR

  • Two years after its implementation, an EU report says that the GDPR is achieving what it set out to do, with a few reservations.
  • Marking two years of the General Data Protection Regulation, industry voices weigh in on the state of data protection and privacy, consider what has changed, and what still needs to change.
  • As data protection and privacy laws like GDPR and CCPA take hold, data managers refine governance practices, while vendors enhance traditional big data security tools.

However, they do not have a right to access any information they have recorded themselves, which means they cannot get copies of answers from mock exams, assignments or other assessments.

Since the results have been announced, the organisation to which a student makes a request – that is to say, their school or sixth-form college – must respond to their request within a month. More information on rights of access to this information, and how to make a subject access request (SAR) can be found on the ICO’s website.

Darren Wray, CTO at Guardum, a supplier of data privacy services, said it was clear that allegations of algorithmic bias, and the almost identical debacle over Scottish exam results, meant schools in England would be well advised to brace for an onslaught of SARs.

“The pandemic and subsequent disruption to the normal school timetable means that this year’s exam results have been decided in a highly unusual manner,” said Wray. “The prospect of having to handle a sudden influx of information requests from concerned parents is a very real one.

“Fortunately, there are a few precautions schools can take now to save themselves from being overwhelmed. This includes briefing staff fully on what to do, optimising cooperation between departments and automating as much of the process as possible.”

Read more on Regulatory compliance and standard requirements

Data Center
Data Management