The Federal Trade Commission (FTC) has offered guidance through its series of Children’s Online Privacy Protection (COPPA) FAQ’s on this point. In particular, FAQ E.2 – and FAQ E.3 as printed below for reference. Consistent with the FTC guidance in these FAQ’s, Artsonia requires teachers to pre-screen all student uploaded artwork, titles and statements to remove, delete or mask any child’s personal information contained in the artwork and/or digital image of the artwork, title and statement prior to submitting these to the Artsonia Website for public posting. We also require the teacher to affirmatively represent to us that this has been done. Artsonia deletes from our servers any original (unmodified) artwork and associated title and statement that may have contained personal information. Additionally, we ensure that any geolocation metadata that may be contained in the photos is removed prior to posting the files on the Artsonia Website. Artsonia also obtains parental consent under COPPA prior to any child uploading artwork to our service.
FTC COPPA FAQ: E.2
I want to offer a child-directed app. The app would allow children to upload pictures of their favorite pets or places. I do not ask children to provide their email addresses or their names, or really any personal information for that matter. How does COPPA apply to me?
COPPA applies to photos, videos, and audio files that contain children’s images or voices. It also applies to geolocation data contained in these files sufficient to identify street name and name of city or town. Finally, it applies to any persistent identifiers collected via the children’s upload of their photos. Therefore, in order to offer an app without parental notice and consent, the operator must take the following steps:
- Pre-screen the children’s photos in order to delete any that depict images of children or to delete the applicable portion of the photo, if possible. The operator must also remove any other personal information, for example, geolocation metadata, contained in the photos prior to posting them through the app. Note that if an operator does not pre-screen, then it may be subject to civil penalties under COPPA if any personal information is collected from children without the operator first notifying parents and obtaining their consent; and
- Ensure that any persistent identifiers are used only to support the internal operations of the app (as that term is defined in the Rule) and are not used or disclosed to contact a specific individual or for any other purpose.
FTC COPPA FAQ: E.3
Do I have to get parental consent if first I blur images in the children’s photos so that you cannot see any facial features when the pictures go live on my site?
An operator of a site directed to children does not need to notify parents or obtain their consent if it blurs the facial features of children in photos before posting them on its website. See 2012 Statement of Basis and Purpose, 78 Fed. Reg. 3972, 3982 n.123. The same goes for a site that has actual knowledge it has collected the photos from children. Before posting such photos, however, the operator must also remove any other personal information they contain, such as geolocation metadata, and ensure that it is not using or disclosing persistent identifiers collected from children in a manner that violates the amended Rule.