• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

Best Practice Update

hand holding a mobile phone with social media icons on it. Litus Digital logo and Data Protection Education logo. Guardians of Privacy: Navigating social media in educational settings in blue text.  A series of articles about social media, privacy and schools in black text.  Coloured pencils at the bottom

Guardians of Privacy: 1. Social media, privacy and children

This article is one of a series written by Data Protection Education in collaboration with Litus Digital, a social media management company.  The articles came about from questions asked by Data Protection Education's customers, our own experience of working in education,  as school governors, parents and data protection professionals.  The articles raise questions about how social media can be used as safely as possible in a school environment,  security considerations, the law and protecting children.  It is not possible to cover every aspect of social media, but the articles aim to provide guidance, raise privacy questions and provide some support for safe posting.

The first article is general information about social media, privacy and children as an introduction.  Further articles will discuss privacy, data retention, considerations when posting on behalf of an organisation and any consent that may be required.

Before posting, a school should consider if they have a legitimate reason for doing so and remember that the risks can be high for doing so as a post cannot be completely removed from the internet even when deleted from the social media channel or school website.

Social Media, privacy and  children.

As a DPO we are often asked questions about how to post safely to social media, especially as a lot of our customers’ data subjects are children.  Social media does not fall within the school’s public task, so consent is required from parents, carers or pupils before publishing any personal data. It isn’t always as simple as posting or not posting, or posting in a particular way.  It’s about considering what the risks might be in relation to:

  • An organisation’s social media pages
  • Consent
  • Data retention
  • Identity
  • Photo/video consent: Photo & Video Best Practice Library
  • Post comments
  • Privacy Settings of the social media platform
  • Safeguarding of children
  • Staff social media
  • The Law – Children’s Code

This series of articles discuss all the things to consider when posting to social media channels when the data subjects are children so that organisations can make a risk-assessed decision on whether/what to post while putting in some control measures.  We focus quite strongly on the data subjects being children and what that might mean for them going forward later in life.

Specific risks are: 

  • The information is publicly available so there is no access restriction to the content.
  • An image or video can easily be downloaded to a device and then used on another website.
  • Mistakes can easily be made, such as posting photos of children that are not allowed to be photographed. This can often happen via a group photo or video, such as a whole school assembly. Mistakes are not always able to be undone once published to the internet.
  • Schools are constantly under cyber attacks for account credentials, including social media channels. There is the risk of hackers accessing the accounts if appropriate security is not used or there is not enough access control in place.

Guardians of Privacy: Social Media Articles

Other Articles about Social Media: