Educational institutions increasingly use children’s images for advertising, raising questions about proper consent requirements under data protection laws.
Schools Using Children’s Images in Advertising
Due to demographic decline, educational institutions must compete for students, often advertising online using children’s images. According to a report by Aleksandra Rodziewicz, “The Face of Polish Education,” prepared with the Institute for Digital Citizenship and the Ombudsperson for Student Rights in Poznań, 91% of preschools, 97% of primary schools, and 99% of secondary schools have websites. Among these, 65% of preschools, 88% of primary schools, and 86% of secondary schools publish children’s images on their websites.
Consent Requirements for Image Processing
Adwokat Karolina Marszałek from the Codification Commission for Family Law at the Ministry of Justice clarifies that parental consent for a school to process a child’s image cannot be treated as a general, unlimited authorization for any use. Under RODO, consent must be voluntary, specific, informed, and unambiguous, particularly regarding the purpose of data processing. If the consent document doesn’t explicitly mention promotional or marketing activities, publishing the child’s image in advertisements, recruitment materials, or social media may exceed the scope of consent.
Proper Consent Structure
Educational institutions should separate two issues: consent for image distribution under copyright law and consent for personal data processing under RODO. The latter must clearly specify the basis for processing, purpose, scope, and method of image use. General consent statements covering “informational and marketing purposes, website, social media, and closed parent groups” are not acceptable. Each distinct purpose requires separate consent, as a parent may approve photo publication in a closed parent system but not for advertising purposes.
Using Private Devices to Capture Images
When asked if teachers can record and photograph children using their private phones, legal experts note that the school or preschool is the data controller, not the teacher as a private individual. The institution bears the responsibility for ensuring appropriate technical and organizational measures to guarantee data security. Using private phones to capture children’s images poses significant risks: lack of controller oversight over the data carrier, potential automatic cloud backup of photos, and difficulties in enforcing data deletion policies.
Role of the Codification Commission
The Codification Commission for Family Law established a Problem Team on December 15, 2025, to protect children’s rights in cyberspace, chaired by Dr. hab. Kinga Flaga-Gieruszyńska, a professor at the University of Szczecin. The team’s task is to analyze standards for protecting children’s personal dignity in the digital world, particularly regarding sharenting and other behaviors that may violate children’s right to privacy, including in the context of parental authority.
Legal Framework
Issues related to the technical processing of data by schools and preschools primarily fall under data protection regulations. These matters generally do not directly fall within the scope of the Codification Commission for Family Law, as the processing of children’s images is mainly regulated by RODO and the Personal Data Protection Act, while image distribution is governed by copyright law, and organizational issues stem from education law and institutional regulations.
