Insurance recordings and GDPR refer to the rules governing the collection, analysis, sharing, and storage of photos and video materials used by insurance companies and entities acting on their behalf, in compliance with personal data protection laws. In practice, this includes materials documenting a loss, inspection, road incident, property condition, CCTV footage from the scene, or recordings provided by the customer, repair shop, loss adjuster, or claims handling provider.
If a natural person can be identified directly or indirectly from a photo or recording, the material contains personal data within the meaning of Article 4(1) GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. This applies in particular to a person’s facial image, vehicle registration number, distinctive personal features, and contextual elements that make identification possible. In the insurance sector, this means that recordings are not merely evidence; they are also a set of personal data that requires a valid legal basis for processing, purpose limitation, retention rules, access controls, and risk assessment.
In the context of photo and video anonymization, it is essential to distinguish between the source material, which may be needed for claims handling or the defence of legal claims, and material intended for further disclosure, training, auditing, presentation, or transfer to third parties. In the latter case, face blurring and license plate blurring are typically used to reduce the scope of personal data to the minimum necessary in line with Article 5(1)(c) GDPR.
Legal Bases for Processing Recordings by Insurance Companies
Image processing in the insurance sector is not based on a single legal ground. In practice, the legal basis depends on the purpose, the stage of the process, and the type of material involved. Simply possessing a recording does not remove the obligation to identify a specific legal basis under Article 6(1) GDPR.
The most commonly used legal bases are as follows:
- Article 6(1)(b) GDPR – processing necessary for the performance of a contract or to take steps prior to entering into a contract, e.g. handling a claim reported by the insured person or reviewing photos of damage;
- Article 6(1)(c) GDPR – compliance with a legal obligation, e.g. documentation duties arising from sector-specific, accounting, or anti-money laundering regulations;
- Article 6(1)(f) GDPR – the controller’s legitimate interests, e.g. establishing, pursuing, or defending legal claims, preventing fraud, or verifying the circumstances of an incident;
- Article 9(2)(f) GDPR – where the material reveals special category data and processing is necessary for the establishment, exercise, or defence of legal claims.
If a recording shows bodily injuries, rehabilitation, or a person’s health condition, it may contain special category data. In that case, a legal basis under Article 6 GDPR alone is not sufficient. An additional condition under Article 9(2) GDPR is also required. This is particularly important in personal injury claims and recordings from hospital cameras, facility surveillance systems, or medical documentation in visual form.
How to Understand the Anonymization of Insurance Recordings
In insurance use cases, video anonymization means altering footage in such a way that a natural person can no longer be identified using means reasonably likely to be used. In day-to-day operations, however, pseudonymization or visual masking for a specific disclosure purpose is more common, because the source material may still be retained by the insurer.
The following operations are most commonly used for photos and recordings:
- automatic face detection and blurring,
- automatic license plate detection and blurring,
- manual masking of other identifying elements in an editor if they appear in the frame.
Technical precision matters. A deep learning AI model is used to detect objects such as faces and license plates, and the system then applies a blur or blocking mask to the detected area. This does not always mean anonymization of the video stream or real-time processing. In the case of Gallio PRO, automation applies only to faces and license plates. Logos, tattoos, name badges, documents, or screen contents are not detected automatically and require manual editing.
Sharing Materials – The Need-to-Know and Data Minimization Principle
Insurance recordings are often shared with multiple recipients: loss adjusters, law firms, reinsurers, repair shops, external claims handlers, expert witnesses, and courts. Every such disclosure requires an assessment of whether the full material is genuinely necessary. The data minimization principle under Article 5(1)(c) GDPR means that the recipient should receive only the portion of the footage needed to achieve the specific purpose.
In practice, this means that before sharing the material, at least three questions should be answered:
- does the recipient need the source material, or is a version with blurred faces and license plates sufficient,
- does the purpose of disclosure involve identifying individuals, or only assessing the damage, sequence of events, or condition of the property,
- is the transfer based on a data processing agreement, a data disclosure arrangement, or a legal obligation.
In relationships with processors, Article 28 GDPR must be taken into account. If an external entity processes recordings on behalf of the insurer, a data processing agreement is required. If it acts as a separate controller, its independent legal basis and transparency obligations must be assessed.
Retention Period for Insurance Recordings
GDPR does not set one fixed storage period for recordings. Instead, the storage limitation principle under Article 5(1)(e) GDPR applies. The retention period should follow from the purpose of processing, sector-specific regulations, limitation periods for legal claims, and the actual evidentiary need.
A good practice is to divide retention by stages and categories of material:
Type of material | Purpose | Example retention approach
|
|---|---|---|
Working inspection material | Damage assessment | Until the claim is settled, then only the necessary files are included in the case file |
Evidence material | Defence of claims, dispute | Until the limitation period expires or the proceedings are finally concluded |
Training or audit material | Training, quality control | After prior anonymization and under a separate, shorter retention period |
If the material is to be reused, for example for training claims handlers or testing a system, visual identifiers should be restricted. For such secondary use, an anonymized version will generally be more proportionate than the full recording.
Technical and Control Parameters for Video Anonymization
A simple declaration that footage has been blurred is not enough. For DPOs and security teams, measurable process parameters are important. They make it possible to assess the risk of re-identification and the quality of the processed material.
Parameter | Meaning | Practical significance
|
|---|---|---|
Detection recall | Percentage of faces or license plates correctly detected | Low recall increases the risk of personal data disclosure |
Detection precision | Percentage of correct markings among all markings | Low precision increases the number of incorrect masks |
False negative rate | Percentage of undetected objects | A key privacy risk metric |
Inter-frame consistency | Mask stability across consecutive frames | Prevents temporary exposure of a face or license plate |
Process audit trail | Information on who performed the operation, when, and on which file | Supports accountability under Article 5(2) GDPR |
In higher-risk environments, on-premise software is generally preferred. This model limits file transfers outside the controller’s infrastructure and makes it easier to implement access policies, network segmentation, and local supervision over retention. This is especially important for personal injury claim footage and litigation-related materials.
Normative References and Compliance Practice
Compliance assessments should be based on primary legal and regulatory sources. The key references are the GDPR, EDPB guidelines on the concepts of controller and processor, and the privacy by design principle under Article 25 GDPR. In the area of information security, ISO/IEC 27001:2022 and ISO/IEC 27701:2019 can be helpful, although they do not in themselves create a legal basis for processing.
In Polish practice, it is also necessary to take into account positions issued by the UODO and domestic regulations affecting retention and the evidentiary use of materials. If recordings contain vehicle registration numbers, it is worth noting the interpretative divergence. On the one hand, guidance from data protection authorities and broader European practice often treat them as personal data where identification is possible. On the other hand, some domestic case law has indicated that a registration number alone does not always identify a natural person. In an insurer’s operational policy, a risk-based approach and masking license plates before further disclosure of the material is the safer option.