COPPA and a Child's Image: Why Photos and Video Count as "Personal Information"

Łukasz Bonczol
Published: 6/30/2026

A child’s face in a photo or video can be personal information under the Children’s Online Privacy Protection Act, usually called COPPA, when it is collected online by an operator covered by the rule. For publishing teams, this means that a school event gallery, an EdTech promotional video, a summer camp reel, or user-uploaded classroom footage can trigger privacy obligations before the image is displayed, shared, stored, or reused.

This article focuses only on photos and videos. It does not discuss documents, ID numbers, student records, or non-visual data. The practical question is narrower: when a child appears in visual material, what does COPPA treat as personal information, and how can visual data anonymization reduce exposure before publication?

Key terms should be used precisely. Visual data anonymization means modifying visual material so that people or objects are no longer identifiable, or are less readily identifiable, depending on the context. Face blurring means obscuring a visible face in a photo or video. License plate blurring means obscuring vehicle plates visible in the frame. On-premise software means software deployed and used in an organisation’s own environment rather than requiring uploaded media to be processed on an external cloud service.

What COPPA is and who it covers?

COPPA is a U.S. federal children’s privacy law. It applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, and to operators of general-audience websites or online services that have actual knowledge that they collect personal information online from children under 13 [1]. The COPPA Rule, issued by the Federal Trade Commission, sets out operational requirements such as notice, verifiable parental consent, limits on data retention, confidentiality and security duties, and parental rights [2].

For publishing workflows, the word “operator” is important. COPPA is not limited to classic children’s apps. It can be relevant to websites, online services, mobile apps, connected services, educational platforms, community portals, contest platforms, media upload tools, and other services that collect children’s personal information online.

The 2025 COPPA Rule amendments are current compliance context. The FTC issued final amendments that include changes to parental consent, data retention, safe harbor programs, and the definition of personal information. The compliance deadline for many amended provisions was April 22, 2026 [3]. Organisations publishing children’s images should treat this as a reason to keep reviewing visual media workflows, consent records, deletion practices, vendor arrangements, and approval steps before publication.

This is not legal advice. It is a business and technical compliance overview for teams that publish children’s photos or videos in U.S.-focused contexts.

Why a child’s image in a photo or video is personal information under COPPA?

The COPPA Rule defines “personal information” to include “a photograph, video, or audio file where such file contains a child’s image or voice” [2]. This is the central point for marketing, PR, public sector communications, K-12, and EdTech teams: a child’s visible image is not a neutral media asset simply because it is a photo or video. Under COPPA, it can be personal information.

This rule matters even when the child’s name is not displayed. A face can identify a child directly, especially in a school, local community, sports team, camp, medical, religious, or extracurricular setting. A short video can also reveal context: school uniforms, classrooms, playgrounds, badges, locations, friends, teachers, activity patterns, and other details visible in the frame.

The 2025 amendments also add biometric identifiers to the definition of personal information, including data derived from facial data, where used for automated or semi-automated recognition of an individual [3]. That does not mean every ordinary photo is automatically biometric data in every business context. The classification can depend on how the image is processed. But it reinforces a practical point: child imagery should be handled as sensitive publishing material, not as routine creative content.

A person holding a DSLR camera and focused on the screen, with a cloudy sky in the background. Black-and-white photo.

What this means before publishing or sharing children’s footage?

When an organisation covered by COPPA collects a child’s photo or video online, several questions should be answered before publication. First, why is the image needed? Second, what exactly will be published? Third, who can access it? Fourth, how long will it remain online? Fifth, what consent or authorisation process applies? Sixth, can the same communication goal be achieved with face blurring or a different image?

For many teams, the risk is not only collection. It is reuse. A photo collected for a private classroom activity may later appear in a newsletter, website banner, social media clip, fundraising campaign, product demo, annual report, or training material. Each new use can change the privacy analysis. A common compliance approach is to separate internal educational use, parent-facing communication, public marketing use, and third-party distribution into different approval tracks.

COPPA also intersects with platform behavior. Publishing children’s footage to a public website, video platform, or social media channel can make the image easier to copy, index, scrape, remix, or redistribute. Once a child’s image is public, practical control decreases. For this reason, many organisations adopt a “blur before public release” rule for children who are not central to the communication, whose consent status is unclear, or whose appearance is incidental.

Visual data anonymization in photos and videos

Visual data anonymization is a practical control that reduces the amount of identifiable visual information before a file is shared. It is not a universal substitute for COPPA compliance. It does not remove the need to assess whether COPPA applies, whether consent is required, or whether a publication is appropriate. It is, however, a concrete step that can lower exposure when publishing children’s images.

Face blurring is the most relevant technique for COPPA-focused publishing because the child’s face is often the identifying element. If the face is effectively obscured, the public version of the image may no longer reveal the child’s identity to the same degree. The result depends on context. A child may still be identifiable from clothing, location, body posture, voice, name tags, team numbers, a small group setting, or surrounding information.

License plate blurring is also relevant in visual publishing workflows, especially where school parking lots, buses, parent pick-up lines, home driveways, or neighborhood streets appear in footage. Although COPPA’s child-image rule is the main focus here, vehicle plates can still expose families, locations, or routines when combined with other visual details.

For teams that process photo and video files before publication, Gallio PRO supports visual data anonymization by automatically blurring faces and license plates in recorded media. The scope is important: automatic detection covers faces and license plates only. It does not automatically detect company logos, tattoos, name tags, documents, or content shown on screens. Those elements can be blurred manually using the built-in editor.

Gallio PRO is not real-time anonymization software and does not anonymize live video streams. It is designed for recorded photos and videos that can be reviewed and prepared before release. It is also designed not to store logs containing detection data or personal data, which is relevant for teams that want to limit secondary traces created during the anonymization workflow.

A smartphone displaying photos rests on a notebook, next to a cup of coffee with latte art, casting a shadow on a textured surface. Black-and-white image.

Publishing scenarios where a child’s image creates COPPA risk

The following table shows common publishing situations and the practical role of face blurring. The table is not a legal classification tool. It is a workflow aid for teams deciding whether a file should be published as-is, blurred, restricted, or withheld.

Publishing scenario

Why COPPA may matter

Practical visual data anonymization step

 

EdTech platform displays student-uploaded classroom videos

The service may collect online video files containing children’s images.

Blur faces before wider sharing, especially for demos, support tickets, or training examples.

School or district posts event photos on a public website

COPPA may matter if a covered website, vendor, or upload workflow collects children’s images online; other privacy laws and school policies may also apply.

Use face blurring for incidental children, unclear consent status, or broad crowd scenes.

Camp or youth organisation posts social media recap videos

If a covered online service collects the files, videos may reveal children’s faces, activities, locations, and group membership.

Blur faces of children who should not be publicly identified and review background frames.

Marketing team reuses product footage containing children

A file collected for one purpose may be reused for public promotion.

Create a blurred publication copy and keep access to the original restricted.

Public sector team publishes footage from a youth program

COPPA may not apply directly to every public-sector publisher, but covered vendors or upload services may be involved, and public release can make children’s images searchable and reusable outside the original context.

Blur faces before release unless a documented publishing basis exists and exposure is justified.

How face blurring reduces exposure, and where it has limits?

Face blurring reduces the most direct visual identifier in a photo or video. It is especially useful when the child is not the subject of the publication, appears in the background, or appears in footage intended for a broad audience. It can also help standardise review practices: instead of debating each incidental appearance, teams can apply a consistent rule to blur children’s faces in public materials.

The limits should be clear. Face blurring does not erase all context. A child may remain identifiable if the setting is small, the uniform is unique, the event is well known, or the footage includes names, voices, signs, badges, or screen content. Automated face blurring also should not be described as detecting all personal data. In a practical workflow, automatic detection should be followed by human review, especially before publishing children’s footage externally.

A reliable pre-publication process usually has three stages. First, identify whether children appear in the material. Second, apply face blurring and license plate blurring where needed. Third, review the output manually for missed faces, partial faces, reflections, posters, name tags, logos, tattoos, screen content, and other visible clues. Where additional objects must be obscured, a manual editor can be used.

After a team defines this workflow, it can try the demo on representative photo and video files before adopting it as a standard publication step.

On-premise software and child image workflows

Some organisations prefer on-premise software for children’s media because it avoids sending original files to an external processing environment. This can be relevant for schools, EdTech vendors, public bodies, healthcare-adjacent youth programs, and enterprises with strict vendor or data handling rules.

On-premise deployment is not automatically required by COPPA. The right setup is context-dependent. Relevant factors include file sensitivity, volume, internal IT controls, vendor review requirements, retention policy, and whether original media can leave the organisation’s environment. For enterprise deployment, on-premise setup, or a specific compliance case, organisations can get in touch to discuss implementation requirements.

A close-up of a motherboard featuring a cloud symbol on the central integrated circuit, highlighting cloud computing technology. Black-and-white image.

Practical checklist before publishing a child’s photo or video

  1. Confirm whether the service or publishing workflow is covered by COPPA. Check whether the organisation operates a child-directed website or online service, or has actual knowledge of collecting personal information from children under 13.
  2. Treat a photo or video containing a child’s image as potential COPPA personal information. Do not assume that the absence of a name removes the issue.
  3. Separate original files from publication copies. Keep originals access-controlled and create blurred copies for public or broad internal distribution.
  4. Use face blurring for children who are incidental, not the focus of the communication, or whose publication status is unclear.
  5. Use license plate blurring when vehicles appear near children’s locations, schools, homes, or event venues.
  6. Manually review the final file. Check for missed faces, side profiles, reflections, name tags, screens, tattoos, logos, signs, and other identifying context.
  7. Document the publication decision. Record the purpose, audience, retention period, consent or approval status, and whether a blurred version was used.
  8. Reassess reuse. A file approved for one audience should not automatically be reused for marketing, social media, investor materials, or public archives.

Key takeaway for business and technical teams

Under COPPA, a child’s image in a photo or video can be personal information. This rule is operational, not theoretical. It affects how teams collect, review, publish, reuse, and retain children’s visual material.

Visual data anonymization, especially face blurring, is a practical safeguard for publishing workflows. It should be combined with consent management, limited access to originals, retention controls, and manual review. The 2025 COPPA Rule amendments and the now-passed April 22, 2026 compliance deadline mean teams should have a standardised process for preparing children’s photos and videos before public release.

A three-dimensional, fluffy question mark on a textured gray surface, casting a soft shadow.

FAQ: COPPA and a Child's Image

Does COPPA treat a child’s photo as personal information?

Yes. The COPPA Rule includes a photograph, video, or audio file containing a child’s image or voice in the definition of personal information [2]. This means that a child’s visible face in an online collection or publishing workflow should be handled as privacy-relevant material.

Is a child’s video still personal information if the child’s name is not shown?

Yes, it can be. COPPA’s definition does not require the child’s name to appear in the file. A video containing the child’s image can fall within the personal information definition [2]. Context can also make identification easier, such as a school uniform, classroom, sports team, or location.

Does face blurring make COPPA irrelevant?

No. Face blurring is a risk-reduction measure, not a complete legal answer. Organisations still need to assess whether COPPA applies, whether parental consent is required, how the file was collected, and how it will be used. Blurring is most useful as part of a documented pre-publication workflow.

Can automated tools detect every visual privacy risk in children’s videos?

No. Automatic detection should not be described as detecting all personal data. In Gallio PRO, automatic blurring covers faces and license plates only. Logos, tattoos, name tags, documents, and screen content are not detected automatically and require manual review and manual blurring where needed.

Does COPPA apply to photos posted by schools?

It depends on the facts. COPPA is focused on covered operators of websites and online services, not every offline photo decision or every public school communication. Schools and vendors should examine the specific service, collection method, audience, consent process, publication purpose, and whether a covered operator is collecting personal information online from children under 13 [1].

What changed in 2025 for children’s visual data?

The 2025 COPPA Rule amendments updated several parts of the rule and added biometric identifiers, including data derived from facial data when used for automated or semi-automated recognition, to the definition of personal information [3]. Photos and videos containing a child’s image were already included in the COPPA Rule’s personal information definition, but the amendments strengthen the need to review image-based workflows after the April 22, 2026 compliance deadline.

References list

  1. Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506, available via the Federal Trade Commission and U.S. legal sources.
  2. Federal Trade Commission, Children’s Online Privacy Protection Rule, 16 C.F.R. Part 312, including 16 C.F.R. § 312.2 definition of “personal information”.
  3. Federal Trade Commission, Children’s Online Privacy Protection Rule Amendments, Final Rule, 90 Fed. Reg. 1698, January 10, 2025, with compliance deadline information published by the FTC.
  4. Federal Trade Commission, Complying with COPPA: Frequently Asked Questions, business guidance on COPPA compliance.