By – Ann George
Abstract
As biometric technologies become increasingly embedded in educational settings, from facial recognition for attendance to emotion-detecting AI, the school is no longer just a site of learning but one of surveillance. This article critically examines the growing normalisation of biometric surveillance in schools and its psychological, behavioural, and legal implications for Gen Z. It argues that while these tools are framed as promoting safety, efficiency, and hygiene, they risk conditioning an entire generation to accept constant monitoring as the norm, thereby eroding notions of privacy, autonomy, and consent. Through an analysis of policy gaps in India’s Digital Personal Data Protection Act, 2023, and comparisons with global frameworks like the GDPR and FERPA, the article reveals the lack of adequate safeguards for children’s data. It concludes by advocating for a rights-based, child-centric approach to educational technology that prioritises dignity, agency, and digital literacy over control and compliance.
Introduction
A student walks onto campus one morning, in full view of unseen cameras that register the faces of students before they even step into the classroom. Schools are introducing biometric systems ranging from fingerprint scanners in cafeterias to facial recognition cameras used to monitor attendance and increase security. This convenience now raises deeper questions: Do these technologies teach the current students that being watched is normal? As the use of biometrics continues to grow, fuelled by AI and a global market expected to reach approximately $15 billion annually by 2025, a bigger question arises: What is this generation being taught about privacy, autonomy, and consent? Is this generation going to learn to trade personal freedom for convenience, or are we just silently normalising surveillance through their lifetime?
The Spread of Biometric Technologies in Schools
The use of biometric systems in schools is increasingly expanding across India and overseas, changing how attendance, security, and behaviour are monitored. Concerning India, increasing integration with Aadhaar is mandatory: some state governments, such as Kerala, even require students’ Aadhaar numbers to eliminate fraudulent admissions and ensure correct sharing of teacher allocation services from the centre to local bodies. Universities, such as Bharathidasan University in Tamil Nadu, have installed photo-biometric systems for attendance to strengthen mutual accountability and security. Unique Identification Authority of India (UIDAI) has called for biometric data updates for minors aged five to seventeen.
The international ecosystem of schools has seen fingerprint scanners piloted to secure library access and lunch payment ever since the early 2000s. In the UK, facial recognition was introduced in nine Scottish schools to accelerate lunch queues and uphold hygiene standards. This was also a partially COVID-19 contactless-driven need. The AI-driven emotion detection camera system has been used extensively in the US to gauge classroom behaviours based on emotions relating to boredom, distraction, or engagement with the purpose of applying those data to improving teaching and learning.
Governments and schools emphasise safety, efficiency, contactless operation during the pandemic, and strengthening of accountability. However, concerns regarding the normalisation of surveillance, data security, consent, and potential bias highlight the urgent need for transparent regulation.
Normalising Surveillance Culture for Gen Z
The use of surveillance tools such as CCTV in schools and AI-based monitoring during student assessments has led Gen Z to grow up believing that constant surveillance is a normal part of life. Applications like GoGuardian, Gaggle, Bark, and Lightspeed track students and flag specific keywords, reinforcing the sense that young people are under constant observation. Young people’s future expectation of having some privacy, at home, in school, or in their online lives, is eroded; what was once private now feels as though it can always be viewed or touched, eventually, where everything feels under constant surveillance. On a psychological level, there is the normalisation of conformity and self-censorship. Studies show that awareness of surveillance heightens norm-compliant behaviour, internalises surveillance to suppress resistance, and creates a “chilling effect,” meaning students stop exploring risky ideas or are less likely to share their authentic views daily.
On a neurological level, constant surveillance even confuses and rewires the attention systems of Gen Z brains to become hyper attentive to gaze and monitoring, even if they are unaware of it, it has an impact on them. Behaviourally, this means they express less autonomy, report more anxiety about their actions, and take limited, creative kinds of risk. All of this is occurring in the context of “surveillance capitalism”, where Gen Z, born into data-based economies, are cast as a capital resource to extract from for monetisation, not citizens with rights. The thought of ceasing to participate or resisting capitalism is absurd. Because they are digital natives, the world that they envision for themselves is one where privacy is an antique, autonomy/ agency is conditional, and conformity is social silence, producing a generation that is learning early to survey themselves.
Legal and Ethical Gaps
India’s Digital Personal Data Protection Act, 2023 (DPDPA) represents a significant step forward in legislation but has reasonable drawbacks concerning minors and educational contexts. The Digital Personal Data Protection Act (DPDPA) establishes a framework for the processing of personal data, mandating that data be collected lawfully, used for specific purposes, and protected against misuse. When it comes to minors, the Act defines children as individuals under 18 years of age and requires verifiable parental consent for data processing. It also prohibits harmful processing and targeted advertising directed at them. However, gaps remain. The draft rules do not require schools, which are among the primary sites of student data collection, to be classified as data fiduciaries based on a uniform standard. Nor do they mandate explicit opt-out mechanisms for students or their guardians. Nonetheless, there were still issues. The draft rules do not yet require schools, where students’ data collection is usually undertaken, to be classified as data fiduciaries based on a universal classification, nor do they require them to explicitly opt out.
As a result, this means that students have limited control as the school data collection systems do not necessarily follow principles of informed consent. Furthermore, schools are exempt from certain regulations (e.g., behavioural monitoring in educational contexts) and thus are legally capable of collecting personal data at will, without fully following ethical guidelines.
Compared to the EU’s General Data Protection Regulation (GDPR), India has less robust protections; it does not require a uniform framework for parental consent (rather case level approval), and it does not require data protection impact assessments, nor does it require educational institutions which would be data fiduciaries, to be accountable to transparency obligations under a data controller framework. To compare, in the U.S, educational institutions like schools must adhere to standards prescribed under the Family Educational Rights and Privacy Act (FERPA), which allows eligible parents/students access to review records and prevents third parties from studying their records. The ICO in the UK similarly requires opt-in consent and gives clear guidance discouraging the use of student data for promotional material. India’s policy, on the other hand, remains unclear on grievance mechanisms, consent withdrawal, and institutional responsibilities, especially regarding minors and children.
This legal uncertainty represents an ethical failure: educational institutions routinely collect data with insufficient transparency, thereby exposing students to privacy violations as well as continuing to violate their dignity. There are no clear fiduciary obligations, enforceable consent rules, oversight, or impact assessments as to how vulnerable children’s digital rights are being compromised in spaces of enrichment for their growth.
The Case for a Rights-Based, Child-Centric Policy Approach
A rights-based, child-centric technology policy is established on consent, transparency, minimal data collection and accountability. It requires appropriate data practices with children to operate under “privacy by design” and “high-privacy defaults”, only collecting what is necessary and having specified retention limits, as well as oversight and accountability that is auditable.
Essential to the framework is student and teacher agency and participation in policy development, as children’s rights holders under the United Nations Convention on the Rights of the Child (UNCRC). Regulators have to enforce the standards, educators need to focus on instilling digital literacy and agency, and parents must play a supportive role and not be total gatekeepers.
Good policies, like the Information Commissioner’s Office (ICO) which is aligned with the GDPR or policies which modify The Children’s Online Privacy Protection Act (COPPA) provide examples of how ethical innovations can happen without infringing on children’s rights, it implies that platforms and other designers can build it into their products or services, when it’s part of the foundation, rather than bolted on. Through an ecology of consent, communications and shared responsibility, technology can be part of learning rather than surveillance, while attending to protection and empowerment of young people.
Conclusion: Reclaiming the Gaze
The stakes could not be clearer: as we equip classrooms with smart devices, we risk turning schools into surveillance states rather than learning environments. While ubiquitous surveillance might provide a sense of safety, it destroys trust, removes autonomy, and stifles critical thought, none of which are desired outcomes of an educational experience.
This is our moment for public reckoning: we need to demand open debate, enforce strict regulations, and apply educational technologies ethically. We must move beyond asking if our monitoring devices can watch to know if they should. The classroom should be a place for discovery, not silent and passive listening under the watchful gaze of others.
Author’s Bio:
Ann Susan George is a second-year B.A. LL.B. student at O.P. Jindal Global Law School. Her interests include public policy, human rights, and law.
NICKELED AND DIMED 
