Surveillance

Fingerprints for Fish Fingers: Why Are UK Schools Scanning Kids Like Criminals?

Keystone Collective

8 min read
Fingerprints for Fish Fingers: Why Are UK Schools Scanning Kids Like Criminals?
Photo by Meg Jenson / Unsplash

It’s 12:35pm. The dinner bell rings. Somewhere in a secondary school in Sheffield, a Year 8 boy shuffles up to the lunch counter. He’s got three things on his mind: chips, avoiding eye contact with the maths teacher, and chips again. But before he can exchange a quid for his tray of beige, he has to press his thumb to a glowing slab of plastic. The scanner beeps. Access granted. Welcome to school, circa now, where your biometric identity is just the price of a square meal.

You’d be forgiven for thinking this was a scene from a low-budget dystopian drama, maybe one of those Channel 4 shows where everything’s just a bit too close to real life. But no, this is Britain in the 2020s, where the local academy trust has decided that fish fingers require fingerprints.

“It Speeds Up the Queue,” They Say

The official story goes like this: kids are forgetful. They lose cards. They forget PINs. They nick each other’s dinner money. Fingerprint scanning solves all that, it’s fast, contactless, and oh-so-modern. No need for lunch ladies to deal with cash or for teachers to remember who’s allergic to ham. Just tap a scanner, grab your food, and off you trot.

But you don’t have to scratch very deep to see this might be less about efficiency and more about tech theatre. We’re solving a minor inconvenience, “little Timmy forgot his code again”, with the kind of technology usually reserved for border control. All for the price of a turkey twizzler.

This is what happens when Silicon Valley thinking collides with school dinners. Instead of fixing the jammed vending machine, we’re fingerprinting ten-year-olds.

Oh yes, perfectly, in the way that a loophole in a crumbling fence is technically still a gate. Under the UK’s Protection of Freedoms Act 2012, schools can collect biometric data, if they get written parental consent (UK Government, 2012). Not “we sent a letter home and never heard back”, not “we mentioned it in a newsletter next to the PTA bake sale.” Actual consent.

Even better, if your child says no, the whole thing’s off. A single “I don’t want to” from a Year 7 student trumps mum, dad, and the entire board of governors. This leads to the delightful image of a confused IT technician having to build a parallel lunch queue for the one stubborn kid whose parents still use cash and think facial recognition is “a bit science fiction-y.”

But in reality? Schools are often unclear, rushed, or just quietly hopeful no one asks too many questions. Because, let's be honest, what parent is going to start a data protection crusade in the middle of term when they're just relieved their kid finally stopped eating Wotsits for lunch?

What’s Actually Stored?

This is where the vendors swoop in to reassure everyone. “Don’t worry,” they say. “We don’t store the actual fingerprint. Just a unique mathematical representation.” Which sounds a lot like someone saying, “It’s not your face, it’s just your face in numbers.”

Technically, they’re right. The system stores a biometric template, not an image, but a map of certain fingerprint features. Supposedly irreversible. But as academic research has shown, “irreversible” is often marketing language for “not easily reversible unless you really know what you’re doing and have some spare GPUs lying around” (Jain et al., 2008).

And when it comes to data storage, school systems aren’t exactly Fort Knox. They’re more like “Fort Word Doc on a USB stick left in a staff room drawer.” Kids' data is stored on school servers, often managed by third-party providers, and sometimes without rigorous oversight. If there’s ever a breach, that biometric data, unlike your lunch account password, can’t be reset. Your kid’s fingerprint is their fingerprint, forever.

Can It Be Hacked?

Short answer: yes. Long answer: also yes, but with more academic footnotes. In 2008, a team led by biometrics expert Anil Jain demonstrated how fingerprint templates could be reverse-engineered to generate plausible fingerprint images (Jain et al., 2008). More recently, researchers have shown that partial data from scanners, like those used in schools, can be enough to generate spoofs (Roy et al., 2017). And then there’s the human error factor: lost laptops, poor encryption, underfunded IT support, the odd rogue staff member. It’s not Mission Impossible, but it’s also not impossible.

All for the privilege of trading biometric security for a plate of lukewarm lasagne.

A Child’s Perspective

To a child, the scanner is just another grown-up machine that beeps. It's not sinister, it's just... there. In fact, many children probably think it’s quite cool. You get to pretend you’re in a spy movie just to buy an ice cream. But the real lesson being taught isn’t about nutrition or technology, it’s about normalising surveillance.

From a young age, children are being taught that in order to access basic services, like food, books, even entry into the building, they must surrender part of their body to a machine. No explanation needed. No understanding of privacy. Just do as the scanner says.

What could possibly go wrong?

Function Creep: Coming to a Classroom Near You

This is the part where privacy experts start twitching. Because once you introduce biometrics, they tend to spread. First it’s lunch queues. Then it’s library books. Then it’s attendance. Then someone in IT suggests using facial recognition “just for safeguarding”. Then gait analysis. Then palm vein scanners. Then, who knows, emotional monitoring via webcam?

We’re already seeing UK schools trial facial recognition tech, most infamously in Chelmsford, Essex in 2024 (Information Commisioner's Office, 2024). That scheme was paused after public backlash, but the industry didn’t disappear, it just waited a beat. Vendors are still pitching, budgets are still tight, and the promise of “efficiency” still seduces.

Meanwhile, kids grow up believing this is just how life works. No ID? No dinner. No fingerprint? No learning. Privacy becomes not a right, but a barrier to convenience.

What Should Parents Do (Besides Panic)?

If you’re a parent and you’re reading this with rising blood pressure, relax, you’ve got options. You’re legally entitled to say no to biometric data collection in schools. In fact, your child is too.

Start by asking the school whether they’re using any biometric systems. If they are, ask to see their Data Protection Impact Assessment (DPIA). This is a legal requirement and not something they should be improvising with a Word template from 2015. Ask how the data is stored, who has access, and what happens when your child leaves.

If you're not comfortable, refuse consent. Politely, but firmly. Insist on an alternative, schools are required to provide one. And if they start huffing about admin or “everyone else is doing it,” remind them that legality doesn’t bend just because the IT department wants shinier toys.

And if they really push back? Report them to the Information Commissioner’s Office (ICO). Nothing motivates like a regulator.

Final Thoughts (Because You Still Haven’t Eaten Lunch)

Let’s just pause for a second and consider where we are.

A child wants lunch. A child. Not a high-level intelligence operative or a VIP trying to board a private jet, just a kid who wants a plate of chips and maybe a sad little juice box. And in order to do that, they’re required to provide a biometric identifier, something that’s literally part of their body. A fingerprint. A unique, lifelong signature of their identity. All so they can access a £2.10 meal deal in a plastic tray.

Is this what we call progress? Are we really so numbed by the word “innovation” that we don’t blink when surveillance tech, originally designed for secure government facilities and border crossings, shows up next to the custard tarts?

Because let’s be honest: this isn’t about efficiency. This is about the creeping normalisation of intrusive tech under the banner of “modernisation.” It’s about quietly lowering the bar for what we consider acceptable, one fingerprint at a time. First it’s school lunches. Then it’s public transport. Then it's medical access. Then one day your child grows up thinking it’s completely ordinary to be scanned, tracked, and logged just to get into their own workplace.

We’re talking about children here, literal minors. People who can’t legally vote, drink, or rent a car, but are being nudged into surrendering one of the most personal forms of identification they have, often without understanding what it means or how it might be used against them in the future.

And where are the adults? Where’s the outrage? Where’s the “hang on a minute” from the people who are supposed to be safeguarding their best interests?

Instead, we get limp justifications like “But it speeds up the queue.” Speeds up the queue? So would not having a queue at all. So would hiring more staff. So would paper tickets, or God forbid, letting kids remember a number. But no, we reached straight for biometrics, because it looks impressive, because the vendor said it was secure, because the governors want to look digitally competent at the next Ofsted briefing.

We’re sleepwalking into a surveillance society, and we’re dragging the next generation with us. Except they won’t be sleepwalking, they’ll be wide awake and acclimatised, because we made this their normal. We made scanning your fingerprint for access to your lunch as unremarkable as putting your hand up to ask for the toilet.

And for what? For convenience? For data that schools don’t even need? For systems that aren’t properly audited, backed up, or secured, systems that are often contracted out to private companies whose business model depends on collecting as much data as possible and locking it into proprietary silos?

The bigger question, the one no one in the school IT department wants to ask, is: what are we teaching our children about consent, privacy, and power?

Because the real cost isn’t just the data. It’s the lesson. That privacy is optional. That consent is a formality. That if an authority figure says, “Press your thumb here”, you should just do it. No questions asked. That in order to participate in society, to learn, to eat, to exist in a public space, you must submit. Smile for the camera. Tap the sensor. Say thank you.

We should be furious. We should be demanding answers from school boards, from local authorities, from the Department for Education. We should be asking why schools aren’t investing in digital literacy instead of digital coercion. We should be asking why risk assessments are often missing, outdated, or rubber-stamped. And we should be asking why we’re okay with building a future in which our children’s fingerprints are traded for fish fingers.

Because this isn’t just about lunch queues. It’s about what kind of society we’re raising them into. A world where your biometric identity is a routine ticket to access public services is not inevitable. It’s a choice. A bad one. And we can still choose otherwise.

References:

Information Commisioner's Office (ICO), 2024. Essex school reprimanded after using facial recognition technology for canteen payments. ICO. [online] Available at: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/07/essex-school-reprimanded-after-using-facial-recognition-technology-for-canteen-payments/ (Accessed: 12 July 2025).

Jain, A. K., Nandakumar, K. and Nagar, A., 2008. Biometric Template Security. EURASIP Journal on Advances in Signal Processing, 2008, pp.1–17. Available at: https://dl.acm.org/doi/10.1155/2008/579416 (Accessed: 12 July 2025).

Roy, A., Memon, N., and Ross, A., 2017. MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems. IEEE Transactions on Information Forensics and Security, 12(9), pp.2013–2025. Available at: https://ieeexplore.ieee.org/document/7893784 (Accessed: 12 July 2025).

UK Government, 2012. Protection of Freedoms Act 2012. [online] Available at: https://www.legislation.gov.uk/ukpga/2012/9/contents/enacted (Accessed: 12 July 2025).

Read more