David Ash
Photos on Websites

It can be very difficult to protect images which we use online from being copied and used by a third party. A couple of immediate ways to protect people is avoid using hi-res images online. This means making web only versions of the photos we use, by using photo editing software. There are a variety of programs avialable both free and paid for. Most programs provide a quick way of reducing the file size and resolution. You'll want to make the images small in dimensions and also reduce the ppi to a max of 72. Not only will this reduce the file size (improving loading) but will also reduce the likelihood of people exploiting the images on your website...

In terms of permissions it is important to let people know that photographs may be taken during your meetings or events. You should produce a publicly accessible notice about this possiblity and we have done so on our website here: jubilee.org.uk/photos/

This let's people know that they can reasonably expect to have photos taken during any of our meetings or events. It also lets them know how they can avoid having photos taken if they'd prefer not to and also that we are happy for them to tell the person taking photos that they'd prefer not to be in them. 

In general photos which are taken are done so with the persons express or implied consent, we don't tend to take photos of people when they are not aware of it. We would also normally only take photos in group settings or activities. There is a general rule that we don't take photos of children / young people without expressed consent (we have a number of fostered / adopted children in our congregation and we want to do our best to protect their privacy). To make sure that we have permission as part of our children's registration process we ask parents to let us know if they are happy for their children to have photos taken. We wouldn't usually personally identify children or even adults online, even if we did have prior permission and would usually get specific permission if a situation arose where we'd want to do that. 

When we  do take photos of people, people who are regularly part of Jubilee will be aware that they are likely to be used online or on social media, we usually wouldn't personally identify people but may ask people to tag themselves should they want to. 

If you are concerned about the use of photos on your own website or on social media it is best that you draft up a similar page to our photo page on your own website so that people are aware that photographs may be taken during your meetings or events. It would also be sensible to draft a simple consent form for people to complete where you are taking specific photos, of specific people for a specific purpose. It would be helpful for this form to give people the option to tick there approval of the various ways their images may be used e.g. on web pages, blog posts, social media, print media etc. There are plenty of draft versions of such forms available online just search on google and adapt for your purposes. This means you don't have to go back to get further permission later if they've already expressed consent for the different mediums you are likely to use in the future. 

The following is some non-legal advice regarding photographs in various contexts relating to GDPR requirements (this information is based on a post by Togs In Business - last accessed 31/10/2019)

What about taking photographs in public places – do I need clear consent from anyone who might appear in my photographs?

No. This is still ok within reason. Using your common sense is essential here. If you’re going to capture and share controversial images or images that might cause offence to the people in them, you are leaving yourself open to hassle. Just be sensible. So at events which are hosted by your church in public places in general you should be able to use photographs you take. 

I want to take photographs at larger ticketed or members events / Sunday mornings – do I need consent from everyone who might appear in my photographs? 

When people attend an event like this do they reasonably expect a photographer to be present? Will the photographs have minimal privacy impact on the individuals at the event? If the answer to these questions is yes, then you should be able to use legitimate interests as a basis to go ahead without consent.

If you want to be extra cautious then simply put up some posters asking people to make themselves known to you if they do not want to be photographed. This may be a belts and braces approach but if you are particularly concerned this could be an option. It could be argued that your Sunday morning meetings are public gatherings rather than 'members only' gatherings and therefore there is a different level of GPDR control over what can and can't be taken.  

If you’re taking photographs of people looking happy and enjoying the event then the vast majority of people will have zero issue with these photographs being taken and shared. And if someone does get in touch with a concern and asks for a photograph to be removed. Just remove it. 

It is best to avoid taking and publishing photographs of people where they are 'likely' to complain. I think examples in a church service could be where people are being prayed for, unless you have consent beforehand.  

What about private events like weddings, members only events? Do I have to get consent from everyone who attends to be able to photograph them and use those photographs? 

In reality there is no way on earth that you can get consent from everyone who attends these sorts of events! When people attend a wedding or other private event, do they reasonably expect a photographer to be present? Will the photographs have minimal privacy impact on the guests at the event? If the answer is yes – then you can use legitimate interests as a basis to capture, store and use those images. 

In these situations a public notice and making your members aware that there may be photographs taken should provide you with ample cover in respect to GDPR especially where you are not using photographs to publicly identify individuals. It is important to be clear that it is ok to ask not to have your photo taken. If you are planning on having photographs taken at specific events and this is unusual then it may be worth making a notice that lets people know that there is someone taking pictures and to ask people just to let the photographer know if they'd prefer to not be in pictures. 

In reality, although we need to take GDPR very seriously, especially in the area of photographs, churches are unlikely to be major targets for incorrect use of photographic data if we are trying to uphold the spirit of the law. If we are taking pictures of our members and guests enjoying themselves at events we host whether in public or private then for the most part people will not have a major issue with this. Obviously we do need to be careful to honour the privacy of children and young people or families where there are children who are fostered or adopted but for other families and members the likelihood is that people will be happy to be included in our photos and may even want copies of them!

Although we have a lot of personal photos on our website we also make use of a lot of stock photos in the main branding so as to avoid a sitauation where someone no longer wants us to make use of a prominent photograph and we have to change all sorts of things to make this possible. This means if we do need to remove a photo it won't be part of our main content but only additional content which is totally customisable or removable anyway. As advised earlier these images are also web-only versions of the images and so are not high resolution and so therefore more difficult / less likely to be altered negatively or cause a GDPR problem by being taken / used by a third party.

Another important way to protect your online content (whether this be photographs or any other content) is to display a copyright notice on your website. A belts and braces approach would be to put copyright information into the metadata of the photos your produce and or a watermark or signature of some sort on them so that if an image is used elsewhere without your consent you do have some legal rights and can prove that it is your image rather than someone else's. Without taking these steps in practice it can be very hard to prove a photograph is yours and to get someone to remove it if they are using it without your consent or in a way which may bring you reputational harm.

Having said all this a lot can be done with decent stock photos from places such as pixabay or pexels both of which provide photos which are free to use and royalty free. These sites also don't necessarily require you to credit the photographer but it may be worthwhile doing this anyway if appropritate. Some sites have a particular page where they list the names of the photos and photographers that are in use on their website to give proper attributation to the images that they have used. 

Disclaimer: the contents of this post are the writers own opinions, do not represent legal advice and do not necessarily reflect the position of Jubilee Church Derby, ChristCentral or Newfrontiers