Street View Privacy – Definition
Street View privacy refers to a set of organisational, legal, and technical requirements governing the publication of images and recordings used to create street maps and 360-degree panoramas. In practice, it means preparing visual material in a way that reduces the risk of identifying individuals, vehicles, and other elements that could link an image to a specific natural person or a private space before the content is made publicly available.
In the context of Street View anonymization, the main focus is on the automatic detection and blurring of faces and license plates. In some implementations, this also includes assessing whether visible parts of private properties, building windows, or interiors may infringe privacy rights. This is not document anonymization or text data anonymization. It is an image and video processing workflow in which the source material is analysed algorithmically and then modified before publication.
From a GDPR perspective, the starting point is that a person’s image may constitute personal data if it enables direct or indirect identification. Likewise, a vehicle registration plate may be treated as an identifier, although there is some interpretive inconsistency in Poland. The European Data Protection Board and the practice of many supervisory authorities adopt a precautionary approach. At the same time, part of Polish administrative case law holds that a license plate alone is not always personal data. For Street View use cases, however, the compliance standard is to blur both categories of objects before publication.
How Street View Anonymization Works in Practice
When creating street maps, visual material is usually captured by multi-lens cameras mounted on a vehicle. This produces high-resolution panoramas or image sequences. Object detection is then applied to the footage, followed by masking of selected object classes. In modern systems, detection is based on deep learning models.
Deep learning is essential here because traditional methods based solely on image features are not accurate enough under changing lighting conditions, varying viewing angles, partial face occlusion, or moving vehicles. First, an AI model is trained on labelled data, and then it is used to detect faces and license plates in new images. Once detected, the system applies blur, pixelation, or another form of irreversible masking.
A typical processing pipeline includes the following stages:
- capture of source material and metadata,
- initial image cleanup and geometric correction,
- AI-based face and license plate detection,
- verification of results against confidence thresholds,
- manual correction of missed or incorrectly marked objects,
- publication of the anonymized version only.
In practice, it is crucial that image anonymization is completed before the content is made available to end users. This applies both to panoramic images and to the source frames used to build them.
Legal Requirements for Street View Privacy
Compliance assessment requires combining data protection law, image rights, and privacy principles in public and semi-private spaces. There is no single legal act dedicated exclusively to street mapping, so compliance is based on a set of general legal rules and guidance issued by supervisory authorities.
The key legal reference points include:
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, applicable from 25 May 2018,
- the Charter of Fundamental Rights of the European Union – Articles 7 and 8,
- the European Convention on Human Rights – Article 8,
- the Polish Copyright and Related Rights Act of 4 February 1994 – rules on the dissemination of a person’s likeness,
- the Polish Civil Code – protection of personal rights, including image and privacy,
- EDPB guidance and positions of national supervisory authorities, including the Polish DPA (UODO).
For faces, the obligation to anonymize does not arise directly from a single provision. It usually follows from the need to limit the identification of individuals and reduce the risk of infringing their rights. In the area of image rights, three commonly cited exceptions to the requirement to obtain consent for publishing a person’s likeness are: when the person is publicly known and the image was captured in connection with the performance of public functions, when the image is only a detail of a larger whole such as a gathering, landscape, or public event, and when the person received agreed payment for posing. However, these exceptions do not automatically remove the GDPR requirements that apply to the mass publication of geospatial imagery.
For license plates, the situation is more complex. In many European countries, blurring them is standard practice and is expected from a regulatory standpoint. In Poland, there is a divergence of views: data protection guidance and part of EU practice support anonymization, while administrative court rulings can be more restrictive in treating registration plates as personal data in themselves. For Street View publication, the precautionary approach is safer.
Key Parameters and Metrics for Street View Anonymization
The performance of a system should not be assessed solely by the number of objects detected. What matters is the balance between detection quality, masking quality, and the cost of manual review. That is why Street View anonymization projects use metrics well known in computer vision.
Parameter | Meaning | Practical Use
|
|---|---|---|
Precision | The proportion of correct detections among all detections | Reduces excessive blurring |
Recall | The proportion of detected objects among all actual objects | Critical for privacy risk |
F1-score | The harmonic mean of precision and recall | Evaluates model balance |
mAP | Mean Average Precision for object detection | Compares detection models |
False Negative Rate | The share of undetected objects | Directly affects privacy breach risk |
Processing time per image | Offline latency, e.g. seconds per frame or panorama | Supports compute capacity planning |
In privacy-focused applications, high recall is usually more important than maximum precision, because a missed face or license plate creates a greater risk than excessive blurring of part of the background. This relationship can be expressed with a simple formula:
Recall = TP / (TP + FN)
where TP means correctly detected objects and FN means missed objects.
Technical Challenges in Street View Privacy Protection
Even a well-trained model does not deliver perfect performance under all conditions. Challenges include small distant objects, strong reflections, night shots, rain, partial face occlusion, and non-standard license plates. An additional issue is building windows through which private interiors may be visible, even though the system does not automatically classify all such cases.
That is why a process aligned with the privacy by design principle should include:
- selecting the detection threshold based on the type of material,
- quality control on a statistical sample of each data batch,
- a manual review path for edge cases,
- restricted access to non-anonymized material,
- retention of source data in line with the purpose of processing.
In this context, on-premise software matters because it allows images and recordings to be processed within infrastructure controlled by the data controller. This reduces the transfer of source material to third parties and simplifies risk assessment. Gallio PRO works exactly as on-premise software for processing images and video. It automatically detects and blurs faces and license plates. It does not perform video stream anonymization or real-time anonymization. It does not automatically detect logos, tattoos, name tags, documents, or content displayed on screens. Such elements can be corrected manually in the editor. The system should not store logs containing personal data without a clear legal basis and defined processing purpose.
Examples of Street View Privacy Use Cases
A typical use case for this concept involves projects where images captured in public spaces are published at scale. The aim is not visual analysis alone, but the safe publication of imagery to end users.
- creating city street maps and panoramas for online mapping platforms,
- documenting road infrastructure before publishing materials online,
- presenting tourist routes and commercial outdoor spaces,
- archiving street-level images for planning purposes while separating the source version from the published version.
Normative References and Sources
The following sources provide the basis for interpreting the concept and practice of Street View anonymization. They should be considered together with local guidance and a data protection impact assessment where the scale of the project is significant.
- Regulation (EU) 2016/679 – GDPR, OJ EU L 119 of 4.05.2016.
- Article 29 Working Party guidelines and EDPB materials on the concept of personal data and privacy by design.
- The Polish Copyright and Related Rights Act of 4 February 1994.
- The Polish Civil Code of 23 April 1964.
- ISO/IEC 23894:2023 – Information technology – Artificial intelligence – Guidance on risk management.
- ISO/IEC 27001:2022 – Information security management systems – Requirements.