Event Photography Release Form: What to Include
TIME&SPACE · Organiser's Playbook
A complete guide to event photography release forms: what clauses to include, when signed consent is required, and how to collect consent at scale.
Event Photography Release Form: What Every Organiser Needs to Know
An event photography release form is a legal document that gives an organiser permission to photograph attendees and use those images for defined purposes. Getting consent right protects you legally, keeps you GDPR-compliant, and tells guests exactly what to expect from their photos.
What an Event Photography Release Form Is
An event photography release form is a written consent document that authorises you to photograph, record, and publish images of the people who sign it. Without one, you rely on implied consent, which has real legal limits.
Under GDPR Article 6, photographs of identifiable people can be processed only if you have a lawful basis. For most commercial event photography, that basis is either legitimate interest or explicit consent. When face recognition or biometric matching is in use, GDPR Article 9 applies and explicit written consent becomes mandatory before any biometric processing begins.
A release form creates a paper trail. It defines what you will photograph, how you will use the images, and how long you will keep them.
When Do You Need Individual Signed Releases?
Not every event requires individual signed releases. The table below shows where each approach applies.
| Situation | Implied consent acceptable | Written release required | |---|---|---| | Public outdoor festival (ticketed) | Often yes, for general documentation | Required for advertising use | | Private corporate conference | No | Required for external marketing | | Award ceremony with broadcast | No | Always required | | Children present in photos | Never | Always required, guardian must sign | | Biometric or face recognition in use | Never | Required under GDPR Article 9 | | Photos used in paid advertising | Never | Required |
A ticket purchase counts as notice of photography, not consent to it. If your post-event marketing will feature individual attendees prominently, you need a formal release. The same applies if you use face recognition to match photos to guests.
The UK ICO's guidance on consent confirms that bundling photography consent inside general event terms without a separate, specific action from the attendee does not constitute valid consent under UK GDPR. The same principle applies across the EU under the original Regulation.
What to Include in Your Event Photography Release Form
A complete event photography release form has seven sections. Each one closes a specific legal gap.
1. Identity of the parties. Your organisation's name, registered address, and contact details. The attendee's full name and contact email.
2. Scope of photography. What will be photographed: the event name, date, and venue. Specify whether video and audio are included alongside stills.
3. Permitted uses. Be specific. List every intended use: event recap, social media, press coverage, internal communications, future marketing. Courts interpret ambiguous releases narrowly, so vague language like "promotional purposes" is risky.
4. Duration. State how long you will use and retain the images. Under GDPR, retaining images indefinitely without a lawful basis is a compliance failure. A defined retention period, for example 24 months after the event, signals good practice.
5. Geographic scope. "Worldwide" is standard for digital channels but worth stating explicitly.
6. Compensation clause. Most attendee releases are non-compensatory. State this clearly: "in consideration of attending the event, and for no additional compensation."
7. Right of withdrawal. Under GDPR, consent must be as easy to withdraw as to give. Include a contact email and a clear process: "You may withdraw consent at any time by emailing the address below. We will remove your photos from future use within 30 days."
Consult a qualified legal adviser before using any template in a high-stakes context. Requirements vary by jurisdiction.
How to Collect Consent at Scale
Collecting individual signed releases from 500 attendees on paper is slow, error-prone, and hard to audit. Digital consent collection is now standard at professional events.
Three methods work well at scale.
Online registration. Add a consent checkbox to your ticketing form before purchase. Timestamp the consent, record the IP address, and store it against the attendee record. This is the most efficient method for pre-event consent.
On-site kiosk. For walk-in attendees or trade shows without advance registration, a tablet kiosk at the entrance captures digital consent before photography begins.
QR code at photo delivery. When guests scan a QR code to collect their photos, the consent screen appears before they access any images. TIME&SPACE presents a GDPR-compliant consent step at every selfie scan, which means consent is captured at the exact moment the biometric process starts. This is the format required under GDPR Article 9 for facial recognition workflows.
TIME&SPACE data shows that 40-70% of event attendees adopt browser-based photo delivery platforms, compared to below 15% for platforms that require an app download. A seamless in-browser consent flow keeps those adoption rates high. Read how face recognition photo delivery works to understand the full technical flow.
For events that use AI photo matching, the GDPR guide for event organisers covers every consent requirement in detail, including Article 9 wording, opt-out handling, and data subject access requests.
Common Mistakes Organisers Make
Not updating the form for video. Many organisers adapt a stills-only release without adding video. If your event uses drones, live streams, or aftermovie production, make sure the release explicitly covers moving images and audio.
Relying on the venue's blanket release. A venue's photography policy covers the venue's use of images, not yours. Get your own release signed separately.
Forgetting minors. A child cannot give their own consent. A parent or legal guardian must sign and must confirm their relationship to the child. Flag this at registration rather than during the event, when it is far harder to manage.
No audit trail. If you cannot prove someone consented, the consent did not happen for compliance purposes. Store consent records for at least as long as you hold the images.
Indefinite image retention. Retaining photos and biometric data without a deletion date is a breach under GDPR. Set a defined deletion date and automate it where possible.
TIME&SPACE automatically deletes facial embeddings within 30 days of event close. Images follow the retention window tied to the organiser's plan tier. The complete guide to AI-powered event photo delivery explains how the consent and deletion cycle works end-to-end.
For events where photo delivery is part of the attendee experience, set up your event on TIME&SPACE and the consent workflow is built in from the first guest scan.
Frequently Asked Questions
Q: Do I need a signed release form for every person photographed at my event? In most EU jurisdictions, a ticket purchase combined with clearly displayed photography notices satisfies the legitimate interest basis for general event documentation. However, written consent is required if you plan to use images in paid advertising, if children appear in the photos, or if you use face recognition to match photos to guests.
Q: What is the difference between a model release and an event photography release form? A model release is a commercial contract used in professional shoots where the subject is specifically posed or paid for their appearance. An event photography release form is broader and covers incidental photography of attendees at a live event. An event release typically uses simpler language, covers group scenarios, and is rarely compensatory.
Q: Can I use a checkbox on my ticket purchase form as valid photography consent? Yes, a pre-event checkbox at registration is valid consent under GDPR Article 6, provided it is a separate, unticked checkbox with plain-language wording that describes exactly what the photos will be used for. Bundling photography consent inside general terms and conditions without a separate tick is not valid consent under GDPR.
Q: How long should I keep event photography consent records? Keep consent records for at least as long as you hold the images, plus a reasonable buffer to respond to any dispute or data subject access request. In practice, most organisers align consent record retention with their image retention period and add one year. If your images expire after 24 months, keep consent records for 25 months minimum.
Related Reading
- Event Photo Consent: A GDPR Guide for Organisers: the full compliance playbook for biometric consent and GDPR Article 9 at events
- How Face Recognition Finds Your Event Photos: how AI photo matching works and what it means for your consent obligations
- Corporate Event Photo Gallery: Best Practices: how to structure gallery access and usage rights after a corporate event
Founder, TIME&SPACE