NOTE TO PARENTS: GET PHOTO CONSENT RIGHT & BETTER PROTECT YOUR KIDS ONLINE

Did you know… Only 52% of Australian parents/carers talk to their children about online safety and 51% didn’t know what to do to help? These and many other surprising facts…...
June 10, 2020
by pixevety

Did you know…

Only 52% of Australian parents/carers talk to their children about online safety and 51% didn’t know what to do to help? These and many other surprising facts were shared by the Australian Centre to Counter Child Exploitation (ACCCE) just before COVID hit, but sadly did not receive much media attention.

There has been an unprecedented spike in online child abuse cases during the COVID crisis, with children being targeted whilst in isolation at home. But even before the crisis, the Australian Federal Police had received almost 18,000 reports of child abuse, containing hundreds or thousands of images and videos.

The risks do not stop in the home. There has also been a proliferation of apps and platforms that are NOT purpose built for education being used by schools and families for online learning – in many cases without scrutiny around privacy, security and duty of care. For example, TikTok, Facebook, Instagram, Pinterest. Did you know more than half of online grooming offences in the UK are committed on Facebook-owned apps?

And schools are an important place for young people with, on average, 35,000 photos taken on school grounds every year. These photos can then be shared or published publicly online, many times over where there are no restrictions on re-sharing or re-purposing, and sometimes done without parental consent or knowledge. If there is one question right now a parent should ask their school, it should be: “What steps are you taking to protect the digital images of my child?”.

How to protect a child’s image online

In my eight years mainly working with schools across Australia (and now overseas) in digital photo management, there is one area that can easily deliver the most protection to a child’s digital footprint, yet it is often poorly managed or there is a general lack of general understanding around its process – that is CONSENT.

Schools must think twice before disclosing & publishing photos publicly online, ensure they strip any identifiable data and get the appropriate level of parent consent. Every student photo published on, say a Facebook or Instagram School Page for example, is giving away that child’s identity to another company (Facebook and its subsidiaries) and exposes that child to even greater harm on a global scale. Every student and parent of a school has the right to know how their photos (and subsequent personal information) are being handled, and what steps are being taken to help minimise image abuse, cyber bullying, and any other form of online emotional trauma caused by publishing a child’s photo online.

The hallmarks of true consent are it must be: voluntaryinformedcurrent and specific (VICS). For example:

  • For consent to be voluntary the person must be free to exercise genuine choice to provide or withhold consent. They must be free to say ‘no,’ and still receive the primary service being sought. They must also be free to say ‘yes,’ but be able to at some time later change their mind and revoke their consent for future disclosure or use
  • When designing a consent form, each request for a secondary use or disclosure should have its own box to tick. Majority of school manual forms and online forms that leverage student management systems that I’ve seen over the last 8 years do not provide this level of specificity or ability to opt out.

In the context of student photos alone, imagine the challenges for a school to manually map a parent’s paper-based consent for use and publication of their child’s photos (taken on campus, on field trips, at sporting events over a period of days, weeks, months or years) back to each and every photo of that child (wherever the school may have stored it, including on staff personal electronic devices and the cloud network that they are connected to).

An online image featuring a person’s faces is the one piece of data that easily shares a mountain of information. It shares identity, sex, age, race, sexual preferences (potentially), interests, location, friends, mood, etc. For a student, it also tells strangers the school they attend, potentially where they live and when they are not at home, who their friends are, their family name (whether or not the school tags their name on Facebook, if a parent likes a photo strangers can easily determine a surname) and even their faith (sensitive private information). These images, and their identifying details, can be used for numerous activities that put children at risk: from online grooming and stalking, cyber bullying, identity theft, self-harm, digital or physical kidnapping and other unspeakable crimes.

When is consent required?

Of course, schools have the ability to collect, use and disclose personal information for a wide variety of legitimate school purposes (and these purposes are usually spelled out clearly in a school’s Privacy Policy) – but there are always times when they should ask permission first including:

  • Sharing personal information (for example, photos or details of achievements) on a public school website or newsletter
  • Uploading student personal information, including by way of “tagging” their image, to a social media site or feed
  • Using a person’s photos or video images to create, then publish, organisational marketing materials.

The above circumstances also have several privacy risks in common, including:

  • Departure from primary purpose: the proposed use or disclosure of personal information is not the original purpose for which all of the information was collected
  • Perceived sensitivity: there may be a sensitivity for a particular person or child in relation to the proposed activity – for instance, a history of bullying or family violence
  • A “Collection Notice” does not equal consent: a one-way communication medium. A collection notice is required by privacy law to ensure that a person understands (and can establish a reasonable expectation about) what will happen to their personal information. A collection notice does not, however, ask a person if they agree to the collection, use of disclosure of their personal information.

How can my school do a better job with photo consent?

Traditional procedures schools have used to collect photo permissions are unreliable when it comes to control and ability to execute upon a parent’s wishes. Existing online tools used, like student information systems (SIS), do not provide parents with enough choice or specificity (i.e. tick only 3 boxes) making such approaches inept in meeting the VICS test.

The only way to manage consent on photos is to build a system that applies specific parental permission tags automatically to each photo in real-time. Beyond such a system, both schools and parents need to check whether the school has the right daily procedures in place to protect student images.

Key questions to ask:

Schools: Is there an embedded culture of privacy across the entire school from the Principal down? | Parents: Does your school talk about safe photo practices, is it part of their daily culture?

Schools: Does your school ensure its Privacy Policy and collection notices are available for the wider school community to access and read? Are they up to date (revised in the last 12 months)? | Parents: Did you know these documents existed? Have you seen them? (and I am not talking about a website privacy policy!)

Schools: Do you educate staff, parents, and students on the topic of privacy and photos? | Parents: Have you ever received information about managing photo privacy in your school newsletter or has your child ever attended a cyber safe session that touched on photos?

Schools: Do you request parent consent for photo use at least once a year? | Parents: When was the last time your school asked your consent to use photos for a particular purpose or sent your child home with a photo use permission form? (this should not happen just at enrolment time!)

Schools: Do you have an appointed a person to handle privacy queries? | Parents: Do you know if your school has a Privacy Officer or someone responsible for handling privacy issues? Do you know their name and contact details?

The influx of online child abuse cases can also be viewed as a kind of pandemic – a worldwide insidious disease that needs total eradication. One small preventative step may potentially produce a lifetime of safety for a child. I do hope this article has shed further light on this very important topic and illustrated what good can be done if parents and schools work together to better protect children’s images online.[/vc_column_text][/vc_column][/vc_row]

Save with pixevety

School administrators save on average 25hrs per month.

Recieve the latest news from pixevety directly in your inbox!

More news

Related posts

Make Photos Part of your School’s Cyber Safety Strategy in 2025

Make Photos Part of your School’s Cyber Safety Strategy in 2025

In the UK alone, 52 percent of primary schools, and 71 percent of secondary schools, identified a breach or attack in the past year. In Australia, private wealthy schools in particular are increasingly becoming targets by cyber criminals using ransomware. It is not surprising with the amount of personal data schools hold, including photos.

read more
pixevety Safest School Media Management System

pixevety Safest School Media Management System

OCTOBER 16th, 2024:  Media Management specialists pixevety are proud to announce their global ISO 27001:22 certification, the only dedicated school media management system to offer this level of assurance. ISO 27001:22 certification is the internationally recognised...

read more

FAQ's

For schools

For parents

News