It is deeply troubling that nearly one million young people in the UK are now Not in Education, Employment, or Training (NEET). To address this, policymakers have introduced initiatives such as Youth Guarantee Trailblazers, Connect-to-Work and processes for early identification of at-risk youth. A key component of many of these efforts is the effective use and sharing of data between different organisations to identify and support youth who are NEET or at risk of becoming NEET. However, data-sharing is a lot more complicated than it appears.
NEET status often stems from multiple overlapping risk factors, including socio-economic barriers, mental health issues and educational disengagement. Various agencies—jobcentres, schools, colleges, and the NHS—collect relevant data, but commissioners in the recently launched Skills Commission inquiry, Earning or Learning: A New Agenda for Youth NEET Reduction, have highlighted significant barriers to accessing and sharing data across agencies.
The most frequently cited obstacle is the General Data Protection Regulation (GDPR), which is a set of rules aimed at giving individuals more control over how their data is collected and used. GDPR is perceived as preventing frontline implementers from identifying individuals who may be NEET or at risk of becoming NEET. Fear of legal consequences discourages organisations from sharing personal data, leading to inefficient service delivery and missed opportunities for targeted intervention. However, our research suggests that the issue lies not with GDPR itself, but with a lack of clarity on how the law applies to frontline NEET reduction efforts. Three key challenges must be addressed.
Many local authorities lacking expertise
First, GDPR defines “processing” broadly, covering everything from data collection to analysis and sharing. This ambiguity creates uncertainty, making service providers hesitant to act for fear of non-compliance. Without clear guidelines on what constitutes permissible processing in the context of NEET reduction, useful data with one organisation remains inaccessible to others.
Secondly, many local authorities lack the expertise and infrastructure for secure data-sharing. Without proper training and investment, GDPR is perceived as a barrier rather than a framework for responsible and effective data use. Upskilling programmes for civil servants like One Big Thing should expand to local government officials as well.
Thirdly, confusion over the principle of lawful basis further complicates matters. GDPR requires a lawful basis for data processing. Many assume this means explicit consent is necessary for all data processing. However, the Information Commissioner’s Office (ICO) guidance clarifies that a public body having statutory responsibility to serve certain members of the public is a valid lawful basis. Yet, statutory responsibility for NEET reduction in the 16-24 age group is fragmented.
The Department for Education (DfE) issued updated guidance in 2024, giving local authorities clear duties covering NEETs up to age 18, but not beyond. The guidance instructs local authorities to establish data-sharing agreements with local education providers but omits other crucial stakeholders such as jobcentres and integrated care boards, which work with at-risk youth beyond the age of 18.
Additionally, GDPR’s necessity principle requires that data sharing be essential—not merely beneficial—to achieving an organisation’s objectives. The subjectivity of this principle makes it critical for the government to clearly define the lawful basis and necessity for data-sharing in NEET interventions.
Action plan needed
To address these challenges, the government must take enabling action. The Department for Education and the Department for Work and Pensions (DWP) released guidance in January providing clear instructions and an understandable framework for data-sharing between Jobcentre Plus and the National Careers Service. Similar frameworks are needed across a broader range of organisations, including local authorities. The government should explicitly confirm that collective responsibility among agencies justifies data-sharing for NEET interventions, reducing confusion over lawful basis and necessity.
Finally, it must invest in local authorities’ data capabilities, equipping them with the training and resources needed to manage data securely and effectively. These will be essential first steps towards improving coordination at a local level to address the NEET issue – and for the government to live up to its rhetoric on an efficient state which uses data and artificial intelligence (AI) to govern better.
UK has a serious data problem.
Take this article as an example. Sets the scene saying the NEET figure is deeply troubling as it’s nearly 1m.
Firstly, why are we drawn to big round numbers like moths to a flame? Why wouldn’t 750,000 have been deeply troubling? Should we blame Chris Tarrant? Why not measure NEETs as a proportion of the increasing population? All valid questions if you want rigour in decision making.
But that aside. Why do we trust the ‘1m’ figure in the first place? Do you know where that figure comes from and how it is calculated? Do policymakers?
For all I know, the ‘real’ NEET figure is 500k, or it might be 1.5m. Look up how it is measured and you’ll become much more informed. Tackling the problem may well have a data protection factor, but actually knowing the scale of it is the first step before committing resources.