diff --git a/common/djangoapps/student/models/user.py b/common/djangoapps/student/models/user.py
index ad47c942f3..94cb99d0ce 100644
--- a/common/djangoapps/student/models/user.py
+++ b/common/djangoapps/student/models/user.py
@@ -696,10 +696,6 @@ def user_profile_pre_save_callback(sender, **kwargs):
     """
     user_profile = kwargs['instance']
 
-    # Remove profile images for users who require parental consent
-    if user_profile.requires_parental_consent() and user_profile.has_profile_image:
-        user_profile.profile_image_uploaded_at = None
-
     # Cache "old" field values on the model instance so that they can be
     # retrieved in the post_save callback when we emit an event with new and
     # old field values.
diff --git a/common/djangoapps/student/tests/test_parental_controls.py b/common/djangoapps/student/tests/test_parental_controls.py
index 62cd30707d..a8ae471c61 100644
--- a/common/djangoapps/student/tests/test_parental_controls.py
+++ b/common/djangoapps/student/tests/test_parental_controls.py
@@ -65,23 +65,3 @@ class ProfileParentalControlsTest(TestCase):
         self.set_year_of_birth(current_year - 14)
         assert not self.profile.requires_parental_consent()
         assert not self.profile.requires_parental_consent(year=current_year)
-
-    def test_profile_image(self):
-        """Verify that a profile's image obeys parental controls."""
-
-        # Verify that an image cannot be set for a user with no year of birth set
-        self.profile.profile_image_uploaded_at = now()
-        self.profile.save()
-        assert not self.profile.has_profile_image
-
-        # Verify that an image can be set for an adult user
-        current_year = now().year
-        self.set_year_of_birth(current_year - 20)
-        self.profile.profile_image_uploaded_at = now()
-        self.profile.save()
-        assert self.profile.has_profile_image
-
-        # verify that a user's profile image is removed when they switch to requiring parental controls
-        self.set_year_of_birth(current_year - 10)
-        self.profile.save()
-        assert not self.profile.has_profile_image
diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
index 1c92aa22c7..466e1e278a 100644
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
@@ -403,17 +403,18 @@ class TestAccountsAPI(FilteredQueryCountMixin, CacheIsolationTestCase, UserAPITe
         assert data['social_links'] is not None
         assert data['time_zone'] is None
 
-    def _verify_private_account_response(self, response, requires_parental_consent=False):
+    def _verify_private_account_response(self, response, requires_parental_consent=False, has_profile_image=True):
         """
         Verify that only the public fields are returned if a user does not want to share account fields
         """
         data = response.data
         assert 3 == len(data)
         assert PRIVATE_VISIBILITY == data['account_privacy']
-        self._verify_profile_image_data(data, not requires_parental_consent)
+        self._verify_profile_image_data(data, has_profile_image)
         assert self.user.username == data['username']
 
-    def _verify_full_account_response(self, response, requires_parental_consent=False, year_of_birth=2000):
+    def _verify_full_account_response(self, response, requires_parental_consent=False,
+                                      has_profile_image=True, year_of_birth=2000):
         """
         Verify that all account fields are returned (even those that are not shareable).
         """
@@ -426,7 +427,7 @@ class TestAccountsAPI(FilteredQueryCountMixin, CacheIsolationTestCase, UserAPITe
             UserPreference.get_value(self.user, 'account_privacy')
         )
         assert expected_account_privacy == data['account_privacy']
-        self._verify_profile_image_data(data, not requires_parental_consent)
+        self._verify_profile_image_data(data, has_profile_image)
         assert self.user.username == data['username']
 
         # additional shareable fields (8)
@@ -1271,11 +1272,11 @@ class TestAccountsAPI(FilteredQueryCountMixin, CacheIsolationTestCase, UserAPITe
             assert data['requires_parental_consent']
             assert PRIVATE_VISIBILITY == data['account_privacy']
         else:
-            self._verify_private_account_response(response, requires_parental_consent=True)
+            self._verify_private_account_response(response, requires_parental_consent=True, has_profile_image=False)
 
         # Verify that the shared view is still private
         response = self.send_get(client, query_parameters='view=shared')
-        self._verify_private_account_response(response, requires_parental_consent=True)
+        self._verify_private_account_response(response, requires_parental_consent=True, has_profile_image=False)
 
 
 @skip_unless_lms
diff --git a/openedx/core/djangoapps/user_authn/tests/test_cookies.py b/openedx/core/djangoapps/user_authn/tests/test_cookies.py
index d4d9a59fc9..aa2e687102 100644
--- a/openedx/core/djangoapps/user_authn/tests/test_cookies.py
+++ b/openedx/core/djangoapps/user_authn/tests/test_cookies.py
@@ -1,8 +1,9 @@
 # pylint: disable=missing-docstring
 
 
-from datetime import date
+from datetime import date, datetime
 import json
+from pytz import UTC
 from unittest.mock import MagicMock, patch
 from urllib.parse import urljoin
 from django.conf import settings
@@ -20,6 +21,10 @@ from common.djangoapps.student.tests.factories import AnonymousUserFactory, User
 from openedx.core.djangoapps.profile_images.tests.helpers import make_image_file
 from openedx.core.djangoapps.profile_images.images import create_profile_images
 from openedx.core.djangoapps.user_api.accounts.image_helpers import get_profile_image_names
+from openedx.core.djangoapps.user_api.accounts.image_helpers import get_profile_image_urls_for_user
+
+
+TEST_PROFILE_IMAGE_UPLOAD_DT = datetime(2002, 1, 9, 15, 43, 1, tzinfo=UTC)
 
 
 class CookieTests(TestCase):
@@ -27,6 +32,8 @@ class CookieTests(TestCase):
         super().setUp()
         self.user = UserFactory.create()
         self.user.profile = UserProfileFactory.create(user=self.user)
+        self.user.profile.profile_image_uploaded_at = TEST_PROFILE_IMAGE_UPLOAD_DT
+        self.user.profile.save()  # lint-amnesty, pylint: disable=no-member
         self.request = RequestFactory().get('/')
         self.request.user = self.user
         self.request.session = self._get_stub_session()
@@ -43,18 +50,6 @@ class CookieTests(TestCase):
 
         return urls_obj
 
-    def _get_expected_image_urls(self):
-        expected_image_urls = {
-            'full': '/static/default_500.png',
-            'large': '/static/default_120.png',
-            'medium': '/static/default_50.png',
-            'small': '/static/default_30.png'
-        }
-
-        expected_image_urls = self._convert_to_absolute_uris(self.request, expected_image_urls)
-
-        return expected_image_urls
-
     def _get_expected_header_urls(self):
         expected_header_urls = {
             'logout': reverse('logout'),
@@ -112,7 +107,7 @@ class CookieTests(TestCase):
             'username': self.user.username,
             'email': self.user.email,
             'header_urls': self._get_expected_header_urls(),
-            'user_image_urls': self._get_expected_image_urls(),
+            'user_image_urls': get_profile_image_urls_for_user(self.user),
         }
 
         self.assertDictEqual(actual, expected)