Colin Anson, CEO of consent-driven photo management platform, Pixevety, looks at the implications of sharing student photos online and discusses what schools can do to ensure they aren’t breaching privacy laws when it comes to the digital identities of their students.
In my line of work, I am often approached by parents concerned about cyber-bullying, image-based abuse, child photo harvesting and identity theft. Posting photos online without permission is increasingly becoming ‘the norm’ these days and it’s probably why my recent blog on consent management at schools received quite a lot of attention.
During my business travels, I am still hearing a common question from organisations catering to children, “But what’s the real harm in sharing photos?” I find hearing this question, especially after all the press surrounding Facebook and Google’s use of personal data, quite puzzling.
Images of a person are considered personal data by Australian and global privacy laws, which means there are rules organisations must follow when sharing them. Where those images are of children, there is an additional moral argument to act with caution.
The harm caused via image-based abuse may not be physical (at the time), but the mental and emotional effects can be enduring. When a child gets hurt at school because of inappropriate sharing of their image(s), they are likely too embarrassed to share their story, leaving a school’s reputation unscathed. The victim, however, may have the abuse follow them beyond school, and possibly be emotionally scarred for the rest of their life.
FBI warning
In the United States, the FBI recently sent out a warning to schools and parents to be more vigilant over cyber-threat concerns and how students’ personal data is collected and shared.
In a public service announcement, the FBI stated, “Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft or other means of targeting children.”
An example given was a late 2017 attack where ‘cyber actors’ exploited school IT systems by hacking into multiple school district servers across the United States.
These actors sent text messages to parents and law enforcement published personal information of students (which I’m pretty sure included photos) on social media stating how the release of such information could help child predators identify new targets. The harm caused can be limitless .
Are our schools unknowingly breaking the law?
The evolving nature of online technologies and the ways they are used can put children’s safety and wellbeing at risk.
The increased use of technology and the widespread collection of personal sensitive data of students across Australian schools should be ringing loud alarm bells for parents.
If schools are using student images as marketing tools without first seeking informed and specific parent consent, they may be using personal data of children to sell their services.
How different is that to what Facebook (also via Instagram and WhatsApp) and Google are doing?
If schools are collecting parent consent using a bundled ‘all-or-nothing’ approach, are they unknowingly breaking the law?
I note that privacy regulators and industry experts generally advise against bundled consent because it will rarely ever meet the test of a proper consent; that is, that consent is voluntary, informed, current and specific.
Let me be clear by saying a handful of schools are starting to get it, and I do applaud those schools for caring enough to make an investment in this area. They understand how important it is to start protecting student photos. But a handful is not enough.
I hope that the Royal Commission investigation – where stories were shared like the incident of male students digitally altering female student photos to create sexually explicit images, sending them around different school year groups until the school and authorities intervened – and its key recommendation for schools to follow 10 National Child Safe Standards will make a difference.
These standards include minimising the opportunity for children and young people being harmed in online environments.
What can parents do to make this a priority at their school?
Beyond the annual photo day, schools take photos of students throughout the year.
The average school collects around 10,000 photos per year. Some of these photos are then posted online for global audience exposure.
Beyond sharing the actual photo, tagging can expose the person in the photo to a worldwide audience.
Not only is their image out there, but so to is their name, location, information about their interests, their peers and so on. It mystifies me how the causal baby step from ‘sharing photos’ to ‘harm’ is so often not considered, especially when the organisations doing the sharing are in such a position of trust.
Every child has the right to privacy and parents have a right to tell their school, “Please ask before sharing”.
Here is a quick checklist schools can use to assess how well they are protecting student images:
• Does the school have a student photo policy, and does it comply with Australian Privacy law? Is the consent being asked Voluntary, Informed, Current and Specific (VICS)? Have you been made aware of all possible ways your child’s photo could be used so you can make an informed choice about whether to grant or refuse permission?
• Has all staff been made aware of and can they execute the policy?
• Does the school ask parents at least once a year for consent to use and publish a students’ photos for school (or related) purposes?
• Do parents receive an unbundled clear consent form that describes the probable ways a school will use your child’s photos across various channels (internal and external, online or print)?
I do understand schools have a difficult obligation when it comes to student photos.
They must monitor all photos taken and decide which photos can be shared and used online; they must decide what to do when parents don’t return photo permission slips; they need to cover rare but important cases where students require further protection because of family circumstances (e.g. foster care or domestic violence cases). But the challenges of managing student photos are an opportunity to improve, not a reason to pull out the too hard basket, cut corners and increase risks.
As the saying goes, a technological problem requires a technological solution.
Finding a solution that can streamline important decision-making processes for photos within a school is critical.
Then the challenge for schools is to balance the growing desire to share all the wonderful moments occurring at school each day with a duty of care to protect children and provide parents with the comfort that student privacy and safety is a priority for the school.
When it comes to image privacy, photos should be able to be safely shared with people you know, trust and respect. Beyond that circle of trust, be very, very careful.
Is your school making student photo-protection a priority? If not, ask why this is the case?