What Is a Face Template / Faceprint (Facial Template)?

Face Template / Faceprint (Facial Template) – Definition

A face template, also called a faceprint, is a digital representation of facial features calculated by a facial recognition algorithm from an image or video frame. It is not just a regular photograph. In practice, it is a feature vector, a map of facial landmarks, or another mathematical representation that makes it possible to compare one face with another. Such a template is created after face detection, image alignment, and feature extraction by a machine learning model, most often based on deep learning.

From a data protection perspective, a facial template has special significance. If it is processed for the purpose of uniquely identifying a natural person, it will generally fall within the scope of biometric data. This follows from Article 4(14) of the GDPR, which defines biometric data as personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of a natural person, allowing or confirming the unique identification of that person, such as facial images or dactyloscopic data. A facial image alone is not always biometric data, but a face template used for identification or verification will usually be treated as such.

For controllers of video recordings and photographs, this distinction is highly practical. A system that only detects a face in order to blur it does not necessarily need to create a persistent face template linked to an individual. However, if a solution builds and stores faceprints in order to track the same person across shots, compare them against a reference database, or enable face search, the level of legal and technical risk increases significantly.

How a Facial Template Is Created in Image and Video Processing

In image processing, a face template is not created at the stage of merely recording visual material. It is generated by an analytical pipeline. This is important because in systems used for photo and video anonymization, simple face detection can be separated from biometric identification.

A typical technical process includes the following steps:

• face detection in the frame – locating the area containing the face,
• landmark detection – identifying key points such as the eyes, nose, and corners of the mouth,
• alignment – normalizing facial position, scale, and rotation,
• feature extraction – calculating a feature vector using a neural network,
• matching – comparing one template with another using a similarity metric.

In modern systems, the feature vector usually has between 128 and 1024 dimensions, depending on the model architecture. Comparison is typically performed using cosine similarity or Euclidean distance. The smaller the distance or the higher the cosine similarity, the greater the probability that the same person is involved. However, this is not absolute identity, but a result dependent on the decision threshold and the characteristics of the model.

In practice, deep learning matters in image and video anonymization for another reason. Today, deep learning models are the standard for effective face detection under varying conditions – partial occlusion, changing lighting, viewing angle, or poor recording quality. Such a model may be used solely to detect a face and apply a blur mask, without creating a database of faceprints.

Legal Status of a Face Template Under the GDPR and in Compliance Practice

From a compliance perspective, the key question concerns the purpose of processing. The GDPR does not prohibit every technical operation performed on a facial image, but it applies particularly strict rules to biometric data used for unique identification. This matters for video systems, CCTV, media archiving, and the disclosure of recordings.

The main legal consequences are as follows:

• if a face template is used to identify a person, it may generally constitute a special category of personal data within the meaning of Article 9(1) GDPR,
• the controller must demonstrate a lawful basis under Article 6 GDPR and, where Article 9 applies, also an exception under Article 9(2) GDPR,
• an assessment of necessity, proportionality, and processing purpose is required,
• in many cases, a DPIA under Article 35 GDPR will be required, especially in cases of systematic large-scale monitoring or the use of new technologies,
• privacy by design and privacy by default must be implemented in accordance with Article 25 GDPR.

Guidelines from the European Data Protection Board indicate that biometric processing requires an assessment of the context, purpose, and impact on the data subject. Likewise, case law and the positions of supervisory authorities distinguish between the mere recording of a person’s likeness and the processing of that likeness for identification purposes. For controllers of video materials, this means that the mere presence of a face in the frame is not the same as creating a faceprint, but implementing facial recognition functionality materially changes the legal qualification of the processing operation.

Why Facial Templates Matter for Face Anonymization

In systems designed for anonymizing visual materials, the safest model is one that is limited to detecting objects that need to be concealed, rather than biometrically recognizing individuals. This distinction is also important from an organizational perspective because it affects data scope, retention, and breach risk.

In practice, three scenarios should be distinguished:

• face detection – the system detects where the face is located in the frame in order to blur it, but does not create a persistent identifier for the person,
• face tracking – the system tracks the same object across frames to ensure stable blurring; this does not necessarily mean biometric identification, but it does require careful technical assessment,
• face recognition – the system creates and compares faceprints to determine whether this is a specific person or whether the face has appeared before.

In solutions such as Gallio PRO, anonymization automation applies to faces and license plates in stored images and recordings, rather than live video stream anonymization. From a compliance perspective, it is important to limit processing to the purpose of blurring and to avoid generating unnecessary biometric data. In addition, the software should not collect logs containing personal data or special category data unless this is necessary and properly justified, which supports the data minimization principle under Article 5(1)(c) GDPR.

Key Face Template Parameters and Metrics

Evaluating a system that uses face templates cannot rely solely on the vendor’s claims. Measurable parameters are needed, ideally reported in line with recognized testing methodologies. In a regulatory environment, the relationship between effectiveness and the risk of false identification is especially important.

In biometric standards, the concepts of presentation attack detection and quality score are also important, because poor input quality reduces the reliability of comparisons. For video controllers, this matters for evidentiary and audit purposes. Model output depends on recording quality, compression, face angle, occlusion, and lighting conditions.

Normative References and Standards

When describing a face template, it is useful to refer to legal acts and technical standards that organize terminology and evaluation methods for such systems. Not all of them regulate anonymization directly, but they establish the framework for biometrics and the processing of facial images.

• GDPR – Regulation (EU) 2016/679, in particular Article 4(14), Article 5, Article 9, Article 25, and Article 35,
• ISO/IEC 2382-37:2022 – biometric vocabulary,
• ISO/IEC 19795-1:2021 – Biometric performance testing and reporting – Part 1: Principles and framework,
• ISO/IEC 30107-1:2023 and ISO/IEC 30107-3:2023 – framework and testing for resilience to presentation attacks,
• ISO/IEC 39794-5:2019 – biometric data interchange formats for face images,
• NIST Face Recognition Vendor Test – an ongoing testing program assessing the accuracy of face recognition algorithms in 1:1 and 1:N scenarios.

It is worth noting an interpretative divergence seen in practice. Some technical operations performed on a face may be classified as ordinary image processing if they do not lead to identifying a person. However, once a face template is created and used to distinguish or confirm identity, the prevailing regulatory approach leads to treating that dataset as biometric data.

Risks and Best Practices for Controllers of Video Materials

A face template is data with high operational sensitivity. Unlike a password, it cannot be effectively “changed” after a data breach. For that reason, any decision to create one should be preceded by an assessment of whether this element is truly necessary for the processing purpose.

In practice, the following steps are recommended:

• avoid creating and storing faceprints if the sole purpose is to blur a face in a photo or recording,
• limit the retention of intermediate data and delete temporary analytical artifacts,
• document the model architecture, matching thresholds, and scope of input data,
• test detection effectiveness and error rates on data close to the real operating environment,
• separate anonymization functions from identification functions if the organization uses both classes of tools,
• implement access controls, encryption, and accountability for administrative operations.

In the context of photos and videos that are published or disclosed to third parties, the purpose is usually to reduce the identifiability of individuals. From this perspective, a face template is a borderline concept. It can support face recognition, but it is not necessary for face blurring itself. To comply with the data minimization principle, a safer model is one in which the system detects the facial area and applies a mask without creating a persistent biometric template of the person.