Parents often post photos of their children on social platforms just to record good moments. Now in the AI era, generative video tools like Sora make it easier to imagine and believe that “synthesizing a realistic person“.
Deutsche Telekom’s ShareWithCare campaign in 2023 directly showed this issue. A daily photo of Ella, a 9-year-old girl, was “predicted” by AI deep deepfake technology to produce an adult image. This reminds people that the photos that have been sent to the Internet will enter the uncontrolled digital circulation chain and become permanent data that will be retrieved, copied and abused.
This is also the real trouble of “sharenting” (sharing and parenting). Adults are building a digital identity for their children and this practice is very common. A 2024 study found that 75% of parents who use social media have posted content related to their children (Conti et al., 2024). These all link digital identity, the loss of privacy, and the risk of future misuse of children’s images.
Why does a seemingly lovely sharing behavior end up becoming a long-term risk to the child’s privacy and security?
Because what parents upload is never just memories. That’s also data. After entering the platform, it will continue to flow and be redefined by others.
What Privacy Is Protecting
When it comes to privacy, many people think of “don’t let others see it”. Obviously, this is a part of it. But it’s not enough.
Privacy can be understood from two meanings. One is access. It means who can see you, who can reach you, and who can get information about you. The other is control. This is about Who decides how to collect and use information, and where it will be passed on.
The reason why children’s photos are dangerous is also because they will continue to flow. On this basis, the theory of contextual integrity (Nissenbaum, 2009) points out that the essence of privacy is the flow of information in the appropriate context. Once it exceeds If the original scene is used for unexpected purposes, the privacy will be destroyed. Photos in family sharing are a kind of context. After entering the recommendation system, face search, AI generation, fraudulent content and campus bullying, it is another context. The image itself has not changed, but the audience, use and power relationship have changed. When the flow of information is no longer in line with the original social context, the problem of privacy arises.
At the same time, privacy and security are also related. The loss of privacy will directly threaten personal safety, psychological security and human dignity. For children, once the face, voice, address, school and other information are leaked, it will bring real safety hazards such as harassment, fraud, identity fraud, bullying and so on. Children are more passive because their digital traces are established very early, but they have little ability to understand, let alone resist. Therefore, the most basic personal security of children’s online privacy is the bottom line to ensure the safety and dignity of childhood.
How The Risk Builds
But the bigger problem of children’s privacy is where this photo will go later. This will form a complete and dangerous risk chain.
It may be sent by parents with a face, or it may be sent with the location clues and daily life. These contents will form a long-term digital footprint, and will also make children face the problems of identity misuse, reputation damage and privacy loss. Research by Berg et al. (2024) and others points out that children’s digital identity often begins to form early, and in many cases it is built through parents’ behavior on social platforms. This will affect the growth trend of children’s autonomy and long-term privacy.
Then it is handled by the platform. The platform will not just “put the photos there”. They will classify and associate other behavioral signals to make the content easier to circulate. The platform has a strong bargaining power, but users can’t see who will come into contact with this data, and they don’t know how the data will be reused. Online consent is often fragile because the terms are vague and legal. (Flew, 2021). Once family photos enter the system, they have entered a larger and more complex technology and business chain than parents see.
And AI will amplify the event. It makes image control faster and easier to scale. eSafety has clearly reminded that deepfake and nudify tools are being used in school scenes, and ordinary photos may also be made into humiliating or abusive synthetic content (Grant, 2024). The acquisition threshold of open source AI applications is low, and it can be used to produce harmful content, including image abuse. At first, the photo itself did not need to be explicit or humiliating, and it may still become harmful. An ordinary school photo is enough.
Why The Campaign Works
The #ShareWithCare public welfare campaign launched by Deutsche Telekom in 2023 is a case of warning about the privacy risks of children when using AI. This campaign is to raise the public’s awareness that children’s photos and data should be handled carefully. The short film “A Message from Ella | Without consent” uses the adult version of a nine-year-old girl’s deepfake to show the possible consequences of publicly publishing children’s photos. It also represents a whole generation of children. Their digital footprint has been established before they are able to participate in decisions (Deutsche Telekom Archiv, 2023).
This kind of way of speaking is very effective because it reverses the perspective. Parents usually regard the release as caring, commemorating and accompanying. This campaign requires them to look back at the same thing from the perspective of their children’s future. This change is very important. The focus of the discussion shifted from “whether the parents had good intentions at that time” to “what consequences the children bear later”. It forced out an uncomfortable problem.
In the context of the family, photos represent love, intimacy and growth records. When it comes to the platform system, the same picture will become machine-readable content. When it comes to face search, it will become a retrieval key. When it comes to the fraud or bullying network, it will become bait and material. The image itself has not changed. What has changed is the context, and the power attached to the image has also changed. This is also the most powerful part of Ella’s case. It is actually reminding people that once information flows across systems, children’s safety are often affected.
The Technical Risk More Visible
PimEyes, a face recognition search engine, further exposes the vulnerability of children’s privacy. When the user uploads a photo, the system will look for other pictures of this face that have appeared on the Internet. As long as the face can be retrieved, the photos scattered on different websites, blogs and social accounts may be reconnected. More broadly, recent face recognition research has linked such technologies with privacy, monitoring, accountability and loss of control over personal data.
PimEyes now said that it would not collect, search, and did not allow searching for data related to minors, and said that the system would automatically intercept searches related to children. This shows that the problem is serious enough that the platform has to respond. But it didn’t really solve the problem. It still depends on how the platform judges the age and how the platform implements its own rules.
More importantly, it cannot retract the replication, circulation and indexing that have already happened before. Once the child’s face enters the searchable system, post-remediation is always more difficult than the restrained release at the beginning (PIMEYES, 2024).
Governance Problem
The dilemma of children’s online privacy is obviously a governance issue.
The terms of service of the platform give great power to the platform operator. They look like rules, but in fact they are more like contracts written to protect the interests of the company (Suzor, 2019). In a platform environment, users cannot really know who obtains data, how it is used, and where it flows. The so-called “informed consent” is just a formality.
Parents think that they are just making a personal sharing decision, but in fact they are sending their children’s images into a platform environment controlled by opaque rules, weak rights and broad downstream permissions. Online privacy is deeply shaped by weak consent, information asymmetry and platform dependence. People will feel that they are “choosing”, but they almost never see how their data will flow. This is also why children’s privacy cannot rely only on personal prudence.
At this point, the most common response is usually “then send less”. Of course, this idea is right, but it can’t solve the root problem. Information asymmetry is also very serious. The platform knows how the content will be stored, indexed, recommended and disseminated, but ordinary users do not know. The situation of children is more complicated, because the people who make the decision are usually the parents, but the people who bear the long-term consequences are children. In this way, the problem of sharing is not only about the degree of caution of individual families, but also about how the platform designs default rules, whether third parties are allowed to crawl, whether the content is easy to be included by search engines, and whether the reporting and deletion mechanism is really effective.
The Children’s Online Privacy Code currently promoted in Australia is going in this direction. OAIC has explained that this code will cover online services that children face high privacy risks, including many apps, games and websites that they use on a daily basis (Oaic, 2026). The final version needs to be completed by December 10, 2026. OAIC’s explanation page for children also makes it clear that photos, videos, school information, locations and online activities are all personal information. Of course, this cannot solve all problems, but it at least shows that governance is slowly moving from “the platform itself guarantees to improve” to “must assume clear obligations”.
Conclusion
In the era of AI, risks have long been beyond our imagination. Children should have a digital future that is not easily defined by others. In the AI era, protecting children’s images has long been protecting not only their reputation. It also includes consent, identity and safety, and these things should be taken seriously before the injury occurs.
Therefore, the response should also take place at several levels at the same time. Parents need to reduce the public sharing of identifiable information and let their children participate in decision-making when conditions permit. The platform needs to give children stronger default protection and limit searchability and synthetic abuse. Regulators need truly enforceable rules. Schools also need to deal with AI-assisted humiliation content and deepfake bullying as real security issues.
Reference List
Berg, V., Arabiat, D., Morelius, E., Kervin, L., Zgambo, M., Robinson, S., Jenkins, M., & Whitehead, L. (2024). Young Children and the creation of a digital identity on social Networking Sites: Scoping review. JMIR Pediatrics and Parenting, 7, e54414. https://doi.org/10.2196/54414
Conti, M. G., Del Parco, F., Pulcinelli, F. M., Mancino, E., Petrarca, L., Nenna, R., Di Mattia, G., Matera, L., La Regina, D. P., Bonci, E., Caruso, C., & Midulla, F. (2024). Sharenting: characteristics and awareness of parents publishing sensitive content of their children on online platforms. ˜the œItalian Journal of Pediatrics/Italian Journal of Pediatrics, 50(1), 135. https://doi.org/10.1186/s13052-024-01704-y
Deutsche Telekom Archiv. (2023, July 3). A Message from Ella | Without Consent [Video]. YouTube. https://www.youtube.com/watch?v=F4WZ_k0vUDM
Flew, T. (2021). Regulating platforms. Cambridge: Polity, pp. 72-79.
Grant, J. I. (2024, July 24). Addressing deepfake image-based abuse. eSafety Commissioner. Retrieved April 9, 2026, from https://www.esafety.gov.au/newsroom/blogs/addressing-deepfake-image-based-abuse
Nissenbaum, H. (2009). Privacy in context: Technology, Policy, and the Integrity of Social Life. Stanford Law Books.
Oaic. (2026, March 30). OAIC releases Exposure Draft of the Children’s Online Privacy Code. OAIC. https://www.oaic.gov.au/news/media-centre/oaic-releases-exposure-draft-of-the-childrens-online-privacy-code
PIMEYES. (2024, January 22). Privacy Policy. Retrieved April 9, 2026, from https://pimeyes.com/en/privacy-policy
Suzor, N. P. (2019). ‘Who Makes the Rules?’. In Lawless: the secret rules that govern our lives. Cambridge, UK: Cambridge University Press. https://doi.org/10.1017/9781108666428
Be the first to comment