Visual data anonymization means transforming photos and videos so that natural persons are no longer identifiable. In practice this often involves face blurring and license plate blurring, combined with removal of metadata and safeguards against re-identification. For AI model training, anonymization can enable the use of rich datasets while reducing personal data risk and supporting data protection by design and by default requirements.
Under the GDPR and the UK GDPR, a photo or video is personal data if a person can be identified directly or indirectly, including by combining elements such as setting, clothing or unique objects [1][2]. If individuals are identifiable, model training requires a lawful basis and must follow the principles of purpose limitation, data minimization and storage limitation [1]. Anonymized data falls outside the scope of the GDPR only if identification of a person is no longer possible by any means reasonably likely to be used, taking account of available technology and costs (Recital 26) [1].
The EU AI Act introduces governance across the AI lifecycle. It includes requirements on risk management, data governance and technical documentation for certain AI systems, and it interacts with existing EU data protection law rather than replacing it. Anonymization and robust redaction can support data minimization and reduce risks such as unintended memorization and model inversion, but they do not automatically make a use-case compliant if individuals remain identifiable [5].
Supervisory authorities highlight special considerations for images from CCTV or public spaces, especially when used beyond security purposes, for analytics or publication [2][3]. Organisations often carry out a Data Protection Impact Assessment (DPIA) before large-scale or systematic monitoring of publicly accessible areas, or when new technology could heighten risks [1][3].
While many publishing and training scenarios require a lawful basis or anonymization, there are three well-known exceptions often cited in image rights practice. These are context-dependent and vary by jurisdiction. The three exceptions are:
These exceptions do not switch off data protection duties when individuals remain identifiable. They are often considered in parallel with legitimate interests tests, freedom of expression exemptions and local image rights. For AI training, reliance on such exceptions is less predictable than anonymization, because model training is often a repurposing beyond the original context of capture.
Re-identification risk. Even when faces are blurred, a combination of distinctive clothing, tattoos, location landmarks or timestamps may make a person identifiable. Organisations often treat blurring as one layer within a broader strategy that can include cropping, masking or background redaction for high-risk scenes, guided by Recital 26’s standard of reasonable means [1].
Background identifiers. Whiteboards, screens, documents in the frame and building signage can expose names, emails or addresses. License plates in the background are easy to miss without multi-scale detection.
Metadata. EXIF data can include GPS coordinates, device identifiers and capture dates. Removing or minimizing metadata before sharing or publishing can significantly reduce linkage risk [2].
Detection errors. Face and plate detectors generate false negatives and false positives. Missed detections expose identities. Over-blurring can degrade dataset utility. Accuracy is highly context-dependent and varies by lighting, angle, occlusion and camera type. Human-in-the-loop review remains a common practice for sensitive releases.
On-premise software can reduce transfers of personal data to external processors and can help manage exposure to third-country access depending on the organisation’s architecture and vendors. It also can facilitate auditability, supporting GDPR accountability and aligning with the EU AI Act’s lifecycle governance expectations for in-scope systems [1][5]. Check out Gallio PRO for on-premise processing options that fit this workflow.
The following table highlights common practice points. It does not replace legal analysis and should be read as high-level, context-dependent guidance derived from publicly available materials.
Topic | GDPR (EU) | UK GDPR + Data Protection Act 2018
|
|---|---|---|
Images as personal data | Photos and videos are personal data if a person is identifiable, directly or indirectly [1]. | Same approach. ICO guidance provides practical examples for photos and CCTV [2][3]. |
Lawful basis for publishing | Often legitimate interests for some operational publishing, subject to a balancing test and context. Consent is commonly used in some scenarios such as close-up marketing portraits. Context-dependent. | Same. ICO stresses transparency, reasonable expectations and the right to object where appropriate [2]. |
DPIA signals | Systematic monitoring of publicly accessible areas on a large scale, or new tech raising risk, is a common trigger for a DPIA [1]. | ICO guidance indicates that systematic monitoring and use of new technology are likely to require a DPIA depending on scale and risk [3]. |
Anonymization standard | Anonymized if identification is no longer reasonably likely given means and costs (Recital 26) [1]. | Same standard in UK GDPR. ICO guidance discusses robust anonymisation and managing residual risk [2]. |
Freedom of expression carve-outs | Member State rules apply for journalistic and academic/artistic/literary expression purposes. Highly contextual. | DPA 2018 provides exemptions, including for journalism and for research/statistics in specific conditions. Highly contextual [4]. |
Teams planning regular publishing or dataset sharing can operationalize these points in template DPIA checklists, redaction profiles and release procedures. Download a demo to test how this looks in an on-premise environment.
Quality assurance should focus on measurable coverage and error rates. Create ground-truth samples with manual annotations. Compare automated face blurring and license plate blurring against ground truth to estimate false negatives and false positives. Track performance by scenario, such as night footage, helmets, masks, and fisheye cameras. Report results as context-dependent metrics rather than universal accuracy claims. For publishing, apply stricter thresholds and manual checks. For model training, balance anonymization strength with utility by suppressing high-risk attributes while retaining non-identifying features relevant to the model task.
Organisations aiming to operationalize this workflow can align it with internal policy and supplier due diligence. Contact us to discuss on-premise processing controls, role-based access and audit logging.
Not always. If a person remains identifiable by reasonably likely means, such as distinctive clothing or location cues, the dataset still contains personal data. A combination of face blurring, license plate blurring, background redaction and metadata removal may be required depending on context and risk [1][2].
Apply it whenever vehicles appear in a way that could identify a driver, owner, or be linkable to an individual (for example when plates are readable and can be connected to a person in context). This is common in street scenes, parking lots and building entrances. In model training, enable plate detection at multiple scales to handle distant vehicles.
It depends on risk, architecture and contracts. On-premise software can reduce external transfers and support stronger control over access and retention. If cloud is used, implement appropriate security measures and ensure a compliant controller-processor arrangement, including any requirements for international transfers under GDPR/UK GDPR.
Remove GPS coordinates and device identifiers from publishing copies. For internal compliance, keep only the minimum technical logs needed for accountability and troubleshooting, and avoid storing unnecessary metadata that would enable re-identification. ICO guidance discusses careful handling of images and associated information [2].
There is no universal level. Choose pixelation or Gaussian blur that prevents practical identification and is robust against reasonably likely enhancement. Test across lighting, angles and motion. Strength should typically be higher for public release than for internal analytics.
It strengthens lifecycle governance expectations (for in-scope systems), including risk management and data governance requirements, and it operates alongside existing data protection law. Anonymization and minimization can help reduce personal data risks, but they do not remove GDPR obligations if people remain identifiable [5].
They are context-dependent and typically relate to image publication/image rights, not broad repurposing for training. For training datasets, anonymization (or another clearly applicable lawful basis with appropriate safeguards) usually offers more predictable compliance outcomes.
