Many childcare centres and schools will take a photo of your child playing or learning and send it to you during the day. Here's what you need to know to protect your kid.
Want to know how your child is faring in pre-school? And what about your child’s activities at school?
Many childcare centres and schools will take a photo of your child playing or learning and send it to you during the day. It gives you peace of mind, knowing your child is being cared for, eating well and having fun while you’re at work. This process of capturing and sharing photos of children must however be managed and monitored well to ensure these images don’t end up in the wrong hands.
Child-safe institutions such as schools and childcare centres must understand the importance of the digital footprint they control, and have the skills and knowledge to ensure the privacy of the children in their care. As a parent, you should know what these processes and procedures are and have the capacity to provide or withhold consent according to your wishes.
All educational institutions have a legal duty of care to ensure that any personal information shared by students and their caregivers is always kept secure, well-protected and private. Photographs and recordings are personal information that are included in this duty of care.
However, in a world where sharing images is a big part of an institution’s activities—from the daily photo at childcare, establishing student identity at high school, school newsletters about students’ achievements to institutional marketing material—they need to be able to manage security and privacy at the same time. The first step is to obtain consent from parents.
The traits of true consent
It is becoming more common for educational institutions to issue a permission slip during the enrolment process, asking parents if it is okay for them to photograph their child.
Please be aware that not all permission slips are made equal!
Consent needs to be:
The institution must be able to provide details on
- Who is permitted to take photographs: is it all staff or just certain staff members? Can other students—for example, those working on a student newsletter—take photographs as well?
- What kind of photographs are allowed: will you allow your child’s full face to be visible? Are there details or attire you wish for the photographer to avoid, for example, religious iconography or your child in swimwear at the swimming carnival?
- Where the photographs can be published: is the school newsletter okay? What about the childcare Instagram feed? How about the school website?
2. Active and voluntary
The institution should not automatically assume that you consent to these conditions unless it is otherwise informed that you withhold permission. That is to say, consent needs to be "opt in" rather than "opt out".
If a school or childcare facility intends to capture an image or recording of your child, it must first ensure that it has established clear protocols around obtaining consent to do so and only use that image in accordance with the relevant privacy principles.
The consent process should not be coercive or conditional. We have seen some institutions demand that if consent isn’t provided, the student cannot enrol in the school. That is a condition of entry and discriminates against children who might have a very good reason why they cannot be photographed, for example, children in foster care, domestic violence situations or those involved in custody cases.
Each consent item should be distinct from each other and not bundled into an "all or nothing" mass of permissions—often referred to as "blanket consent". You should be able to consent to your child’s image being used for student identification and medical purposes but be able to opt out of marketing uses, for example.
Asking for consent is one thing, but being able to implement different permission levels for different students is another.
Schools and childcare centres specialise in care and education, not data privacy. However, the bottom line is they need to be able to comply with their duty of care and that includes securing personal information, images and recordings.
There are special cases where parents or a court order have requested no photos of their children are ever to be taken, shown or shared, but schools still struggle with adhering to these restrictions. This may be because they have not kept an adequate record of these students and permissions, the admin team are too time-poor to manage the images or there are various people taking pictures (and storing them on their own devices) and not all of them know the consent boundaries for each child.
As a parent, you have the right to question an organisation about how they can ensure a duty of care when it comes to managing and sharing your child’s images taken at school. Many institutions are not set up for complex image management because there are few technical solutions available in the market today that are fit for this purpose, so make sure your childcare facility or school knows what it’s doing or is willing to look at solutions now available.
If they are regularly sharing photos using products like Google or Facebook, these could be tell-tale signs that image privacy is not yet a priority in that organisation. Consider asking the following questions:
1. Where will the information be stored?
Who is taking photos of your child at school or day care? Is it on a device owned, managed and secured by the organisation or one owned by a staff member?
Many schools do not have a central repository to store and retrieve images, which means images might be scattered across multiple servers, hard drives and devices. This means it’s easy to lose track of what has been captured, who has it and where they’ve stored it. This isn't just an issue of storage and accessibility, but exposes the images to potential security breach and misuse.
And then, when it is published by the school or day care using different channels, who now has ownership of those photos, what are they being used for beyond that publishing instance and where are they stored?
2. Who has access to the data?
Photo management is a time-consuming and laborious task for teachers and school administration staff and it is common for the task to fall to one or a small handful of people. However, if permission to access this data is broad and unmonitored—for example, all staff—then this increases the risk of data breach.
Secondary to this, you as the parent should be able to request what information, images and recordings the institution has of your child. This means the files need to be properly tagged with the student’s name, organised by consent and permissions, and then stored somewhere safe and secure where they can only be accessed by those authorised to use them.
3. How secure is the data?
Australian privacy laws state that collecting agencies such as educational institutions are obliged to ensure personal information is kept secure, including taking reasonable steps to prevent unauthorised access, use or misuse, disclosure, destruction or loss of personal information, dependent on the type of personal information you hold, the format it is kept in, and the degree of sensitivity it has to the individual.
Unfortunately, according to the Deloitte Australian Privacy Index, the education sector is considered one of the weakest sectors on privacy. Institutions that use reputable local providers are more likely to be privacy compliant, so don’t be afraid to ask who their provider is.
Every child has a right to privacy, especially in an era where the pressure to share identifying details is extremely high. Schools and childcare centres should have processes in place to ensure your child’s details and image are kept private and secure by default. By being a vigilant parent, you can help these organisations meet the challenge of protecting their privacy and their childhood.