Indoor Mapping and Virtual Tours: Balancing Privacy and Technology

Jakub Tazbir

 I. Introduction

In the modern digital world, the development of interior mapping and virtual tours has become popular in various industries. This feature has not only enhanced the user experience but has also become a valuable tool for businesses. By allowing potential customers to explore their space online, businesses can create a more transparent and engaging customer experience.

The EU General Data Protection Regulation (GDPR) and UK GDPR which is a twin version of GDPR for the UK has brought significant changes in the way organizations handle personal data. This also applies to Indoor Mapping and Virtual Tours - something we will explore in this article.

We encourage you to learn more about other privacy matters on our website – Blog | Gallio.


II. Face Blurring in Indoor Mapping and Virtual Tours

Indoor Mapping and Virtual Tours can be used, for example, in:

•      Hotels: travellers can view their accommodations, taking a look at rooms, lobbies and facilities.

•      Museums and galleries: art enthusiasts from around the world can view exhibitions and artworks, even if they can't visit in person.

•      Restaurants and cafes: potential guests can check out the atmosphere and seating arrangements, helping them decide if it's the right place for their next meal.

•      Stores: before making a purchase, customers can take a virtual tour of the store, familiarizing themselves with the products offered and the store layout.

•      Schools/Universities: students and parents can visit schools and universities, viewing classrooms, libraries and other facilities.

•      Public institutions: visitors can easily locate a right room.

•      Fitness centres: people interested in joining a gym can check out the equipment and space before signing up.

Usually, the mapped places are publicly accessible and visited by many people, which is why during the mapping process people who are in the place are also recorded (it is not always possible to close the object for mapping and sometimes it is not desirable for various reasons).

As these technologies are used, privacy and data protection issues arise. One of the key methods of protecting the privacy of individuals is face blurring, a sophisticated technique designed to balance the benefits of interior mapping and virtual tours with the need to protect privacy. Facial blurring is a visual editing technique that involves concealing facial and other features which are intentionally hidden or changed making impossible to recognize a person. Effective facial blurring involves using advanced algorithms to detect and hide facial features in a footage. The blurring process should be accurate and consistent, ensuring that faces are obscured throughout the footage. Once a face is detected AI-powered algorithms automatically blur them.


III. The GDPR and Indoor Mapping: Navigating Privacy Regulations

The General Data Protection Regulation (GDPR) provides a comprehensive framework governing data protection in the European Union (and of course UK GDPR in UK). It has a significant impact on entities engaged in interior mapping activities. Organizations must align their practices with the strict requirements of the GDPR and UK GDPR, ensuring that the processing of personal data for interior mapping and virtual tours is conducted in accordance with the law. Failure to comply with these requirements can result in severe penalties and the possibility of compensation for data subjects (i.e., individuals whose personal data, or in other words, images that allow their identification, are processed).

Personal Data in GDPR/UK GDPR is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The definition is open-ended, our face is the most fundamental and highly visible element of our identity therefore if a face is captured it is considered a personal data.

There are 6 legal bases in GDPR/UK GDPR which are the foundation of data processing (without fulfilment of at least one of them the processing of personal data is not allowed). When it comes to processing of random people's faces for Indoor Mapping and Virtual Tours, it is difficult to rely on anything other than consent (legitimate interest is unlikely to be possible, as it must be verified whether the interests and fundamental rights and freedoms of the person in question have priority over the identified legitimate interests). In this case you would need the data subject's consent to use his or her face image, but consent under the GDPR has many conditions. Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. It is therefore impossible to effectively collect consent from people who have been recorded and their faces are used in Indoor Mapping and Virtual Tours. Consequently, since the face is personal data, we can either apply all the laws regarding personal data or try to change the material so that it does not contain personal data.


IV. Identity Protection: Anonymization Techniques for Indoor Mapping and Virtual Tours

In the interior mapping field, where the details of physical spaces are recorded in case random individuals are spotted, privacy concerns need to be addressed. Face blurring emerges as an ideal solution in cases where random individuals have already been recorded and the recording needs to be used, regardless of the purpose for which it is to be used.

Recital 26 of the General Data Protection Regulation (GDPR) data protection principles should not apply to anonymized information, i.e., information that does not involve an identified or identifiable natural person, or to personal data anonymized in such a way that data subjects cannot be identified at all or are no longer identifiable. Fully ‘anonymised’ data does not meet the criteria to qualify as personal data and is therefore not subject to the same restrictions placed on the processing of personal data under the GDPR/UK GDPR. Data can be considered ‘anonymised’ when individuals are no longer identifiable. Anonymization techniques may go beyond just facial features and include various elements such as clothing, distinctive features or unique configurations.

Anonymization techniques in indoor mapping and virtual tours are used for comprehensive identity protection. Anonymization serves as a crucial process in data protection, ensuring that individuals' personal information is irreversibly transformed to prevent the identification of specific individuals.

Therefore, if you use a system that enables Indoor Mapping and Virtual Tours and you capture a person's face you must have the right tools to manage it. Anonymization measures enable you to comply with GDPR and UK GDPR in an easy way.


V. Balancing Privacy and Technology: Best Practices for Indoor Mapping and Virtual Tours

To achieve a balance between privacy and effective use of technology in interior mapping and virtual tours a complex approach that involves technological, legal and ethical issues is required. When creating Indoor Mapping and Virtual Tours, it is best to avoid recording other people, however due to a variety of factors this is not always possible. The simplest and clearest way to effectively utilize all the benefits of digitizing buildings is to anonymize personal data using face blurring.

Gallio provides you with a unique solution for privacy protection based on artificial intelligence. Algorithms blur faces making them virtually impossible to recognize while leaving image quality intact. Our professional tools meet the needs of transportation companies or those engaged in monitoring, allowing them to use an effective solution to ensure compliance with GDPR and best practices.

The free, demo version of is available for download HERE.