COPPA 2.0 FAQs: Photos Videos & Audio Recordings

Sean Bryant

COPPA 2.0 compliance is here. Whether your site is ready or not, you need to be asking, enquiring, and doing whatever you can to come up to par with the current regulations. There is a laundry list of provision’s the FTC has put in to place and it's time to comply.

Inversoft has provided a  shortened version of the ‘Business and Parents and Small Entity Compliance Guide’.

Please remember, this is merely a simplified reference. For more detailed information refer to the link at the bottom of this page.


Photos, Videos, and Audio Recordings

1. I run a moderated Web site that is directed to children and I prescreen all children’s submissions in order to delete personal information before postings go live. Do I have to get parental consent if I allow children to post photos of themselves but no other personal information?

Yes. Photos, videos, and audio recordings that contain a child’s image or voice are considered personal information.


1) Prescreen children's submissions and delete any 'personal information'

2) Provide parents notice and obtain consent prior to children's  uploading content

2. I want to offer a child-directed app. The app would allow children to upload pictures of their favorite pets or places. I do not ask children to provide their email addresses or their names, or really any personal information for that matter. How does COPPA apply to me?

Under COPPA, 'personal information' applies to photos, videos, audio files, geolocation data (street name, city, town), including persistent identifiers collected via the children's upload.

To offer an app without parental consent the following steps must take place

  1. Pre-screen and delete any content revealing 'personal information', or alter the portion of content that does so if possible (including geolocation metadata)
  2. Persistent identifiers are solely to be used for internal operations of the app (cannot use for disclosing or contacting the user)

3. Do I have to get parental consent if first I blur images in the children’s photos so that you cannot see any facial features when the pictures go live on my site?

You do not need to notify parents/obtain consent if facial features are blurred prior to posting on the site; and all 'personal information' is removed from the file (geolocation).

4. Does the amended Rule prohibit adults, such as parents, grandparents, teachers, or coaches from uploading photos of children?

COPPA is not triggered by an adult uploading photos of children on a general audience site or in the non-child directed portion of a mixed-audience Web site.

If the site/service is child directed the operator(s) must assume it is a child uploading the content and take the necessary steps to comply to the Rule:

  1. Give notice and obtain prior parental consent
  2. Remove any child images and metadata prior to posting
  3. Create special area for posting by adults

5. My app is directed to children. A child can upload photos into the app and manipulate and decorate the photos in different ways, but the app does not transmit any personal information (photos or otherwise) from the child’s device. Am I “collecting” personal information because the child is interacting with a photo stored on the device?

No. You are not collecting personal information simply because your app interacts with personal information that is stored on the device and is never transmitted.


For more detailed information on Photos, Videos & Audio Recordings click here.