In recent years, there has been a surge in the popularity of nursery apps that enable providers to communicate with parents in real time. Staff can give regular updates to parents about their child’s day, letting them know, for example, what their child has eaten, whether they have had a nap and what activities they have enjoyed.
While this technology has been available for several years, the pandemic caused a marked increase in its uptake, with many parents expecting nurseries to use it as part and parcel of caring for their child. As a result of this, there has been a proliferation in the creation of such apps, with each one offering slightly different features, functions and capabilities.
Given the nature of the data collected by the apps, and the valuable comfort and reassurance that they provide to parents, it is very important that a nursery chooses the right one, but with so many to choose from, this can be daunting.
Looking at the app’s terms and conditions and end-user licence agreement is a good place to start. Since the app will hold large amounts of personal data relating to a child and, in some cases, special category data (formerly known as sensitive data), such as information about a child’s health, for example, the app’s terms and conditions should contain robust provisions setting out how it will comply with the Data Protection Act and the UK General Data Protection Regulation.
For the purposes of data protection law, a nursery provider is a ‘data controller’ and the app is acting as a ‘data processor’ because it stores and transfers the information about the child in accordance with the nursery’s instructions. Data controllers, and data processors each have specific legal roles and responsibilities. If an app’s terms and conditions fail to acknowledge these then this calls into question its commitment to appropriately protecting the data.