On-Premise Deployment - Definition
On-premise deployments refer to a software implementation model in which the entire solution is installed and operated within infrastructure controlled by the data administrator. In the context of image and video anonymization, this means that importing files, processing data, generating outputs, and logging events all take place within the organization’s internal network, without transferring materials to a vendor’s cloud.
This model supports compliance with the principles of integrity, confidentiality, and accountability under Article 5 of the GDPR, the security requirements of Article 32, and the privacy by design principle under Article 25 (source: Regulation (EU) 2016/679).
In practice, on-premise deployment of Gallio PRO involves batch processing of footage from cameras and photos, with automatic blurring limited exclusively to faces and license plates, and manual redaction of other objects using the built-in editor. The software does not provide real-time anonymization or live video stream anonymization, does not automatically detect logos, tattoos, or name badges, and system logs do not contain information about face or license plate detections or any other personal data.
The Role of On-Premise Deployment in Image and Video Anonymization
On-premise deployments reduce the risk of unauthorized disclosure of sensitive materials and facilitate compliance with GDPR requirements regarding transfers of personal data to third countries or international organizations (Articles 44-49 GDPR). They also enable organizations to align retention policies, access controls, and audit mechanisms with internal governance procedures while minimizing exposure of source data during model training and inference.
Deep learning plays a key role, as accurate blurring requires an AI model capable of detecting faces and license plates in images and video frames. Such models are trained on annotated datasets and then used in inference processes within the on-premise environment to automate redaction. In Gallio PRO, automation applies only to these two categories, while other visual elements can be redacted manually.
On-Premise Technologies for Image and Video Anonymization
The training and inference layer relies on neural networks for object detection. To ensure security and regulatory compliance, an on-premise environment should provide computational isolation, data encryption, and strict access control. The table below summarizes typical deployment layers and the standards that support them.
On-Premise Deployment Layers and Related Standards
Layer | Mechanisms | Standards and References
|
|---|---|---|
Network | VLAN segmentation, no Internet access for processing nodes, TLS for the admin panel | RFC 5246 (TLS 1.2), RFC 8446 (TLS 1.3) |
Compute | Containerization, namespace isolation, GPU accelerators for inference | CIS Controls v8, NIST SP 800-53 Rev. 5 |
Storage | Encryption at rest, retention control, secure deletion of temporary files | NIST FIPS 197 (AES), NIST SP 800-38E (XTS-AES) |
Access | Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), administrative access logging | ISO/IEC 27001:2022, NIST SP 800-53 Rev. 5 |
Compliance | Retention policies, Data Protection Impact Assessment (DPIA), records of processing activities | GDPR 2016/679, EDPB Guidelines 3/2019 |
Key Parameters and Metrics for On-Premise Deployments
Performance indicators should assess both anonymization quality and operational security. Below are example metrics and measurement methods. Industry-standard object detection metrics are based on COCO/PASCAL methodologies and the IoU and mAP measures (source: Lin et al., ECCV 2014).
Quality and Security Metrics
Metric | Definition | Measurement Method | Reference
|
|---|---|---|---|
Face/License Plate Detection Recall | TP / (TP + FN) at a defined IoU threshold | Ground-truth annotations vs. model detections | COCO Evaluation, Lin et al. 2014 |
Detection Precision | TP / (TP + FP) | As above | COCO Evaluation, Lin et al. 2014 |
mAP | Mean Average Precision across IoU thresholds | Aggregation of AP for classes: face, license plate | COCO Evaluation, Lin et al. 2014 |
Anonymization Effectiveness | 1 - percentage of non-anonymized instances | QA sample review or active learning validation | EDPB Guidelines 3/2019 - video surveillance risks |
Processing Latency | Time to process a frame or file | End-to-end batch measurement | Engineering best practice |
Data at Rest Security | Encryption algorithm and mode | Verification of XTS-AES-256 configuration | NIST FIPS 197, SP 800-38E |
Data in Transit Security | TLS version and cipher suites | TLS configuration scans | RFC 8446, RFC 5246 |
Retention and Deletion Compliance | Alignment with retention policy | Temporary file deletion testing | ISO/IEC 27001:2022 |
For Gallio PRO specifically, it is important to note that the system does not mask entire silhouettes, does not operate in real-time mode, and does not maintain logs of detections containing personal data. Audit metrics therefore apply exclusively to administrative and operational events.
Challenges and Limitations of On-Premise Deployment
On-premise deployments require active lifecycle management of software, GPU drivers, and security patches. High-performance processing may require dedicated hardware accelerators. Proper key management, strict access control, and separation of test and production data must be ensured. Limitations include the absence of live video stream anonymization and the lack of automatic detection of objects other than faces and license plates, which necessitates manual redaction.
Use Cases
On-premise image and video anonymization is particularly suitable for preparing materials for public information bulletins, responding to freedom of information requests, sharing evidentiary materials in legal proceedings, staff training, and research and development projects where source materials must not leave the organization’s network. In public and regulated sectors, this approach simplifies DPIA processes and reduces transfer and contractual risks.
Normative References
The following sources define the legal and technical requirements relevant to on-premise deployments for visual data anonymization:
- GDPR 2016/679 - Articles 5, 25, 32, 44-49: https://eur-lex.europa.eu/eli/reg/2016/679/oj
- EDPB Guidelines 3/2019 on processing of personal data through video devices (final version 29.01.2020): https://edpb.europa.eu
- ISO/IEC 27001:2022 - Information Security Management Systems: https://www.iso.org/standard/82875.html
- NIST SP 800-53 Rev. 5 (2020) - Security and Privacy Controls: https://csrc.nist.gov/publications
- CIS Controls v8 (2021) - Center for Internet Security: https://www.cisecurity.org/controls/v8
- NIST FIPS 197 (2001) - Advanced Encryption Standard (AES): https://csrc.nist.gov/publications/detail/fips/197/final
- NIST SP 800-38E (2010) - Recommendation for XTS-AES: https://csrc.nist.gov/publications/detail/sp/800-38e/final
- RFC 8446 (2018) - The Transport Layer Security (TLS) Protocol Version 1.3: https://www.rfc-editor.org/rfc/rfc8446
- RFC 5246 (2008) - The TLS Protocol Version 1.2: https://www.rfc-editor.org/rfc/rfc5246
- Lin et al., 2014 - Microsoft COCO: Common Objects in Context (mAP/IoU definitions): https://arxiv.org/abs/1405.0312
In national practice, data protection authorities and the EDPB indicate that license plates may constitute personal data where they enable the identification of a natural person. However, certain court rulings have presented differing interpretations depending on the factual context. In cases of legal ambiguity, anonymizing license plates remains the safest operational approach.