Question to the Department for Education:

To ask the Secretary of State for Education, pursuant to the Answer of 2 December 2025 to Question 95257 on Children: Data protection, if she will publish a Data Privacy Impact Assessment on the entire Bill.

A single Data Protection Impact Assessment (DPIA) cannot be conducted on the entire Bill. DPIAs are intended to evaluate specific data processing activities that may present high risks to individuals’ data protection rights, rather than entire pieces of legislation. The department has ensured that all Bill provisions involving personal data comply with data protection legislation by consulting the Information Commissioner’s Office (ICO) under Article 36 of UK GDPR.

We continue to engage with the ICO key measures, such as the Consistent Identifier and Children Not in School (CNIS) measures, to identify and mitigate any data protection risks. In line with our commitment to transparency, we will publish summaries of these DPIAs to provide assurance that children’s data will be processed lawfully and securely once the measures become operational.