Privacy by Design for Image Processing

Learn how to embrace privacy by design into your image capture and processing workflow to proactively comply with the GDPR and avoid fines and other risks.


23 July 2020, by Mario Sabatino Riontino


Photo by Ricardo Gomez Angel on Unsplash
Photo by Ricardo Gomez Angel on Unsplash

We are living in an era dominated by digital innovation. Data has proved to have immense potential, therefore it’s captured, stored, and shared at an unimaginable pace and size.

However, we’ve recently witnessed a lot of media revelations on data scandals, breaches, suits etc., involving some of the world’s biggest corporations. As a result, protecting privacy resulted more and more in the spotlight, affecting the citizens’ sentiment about data. For example, according to a survey conducted in 2016 by Deloitte, 81% of the respondents from the US had pointed out that they feel they have lost control over the way their personal data is being collected and used.

Consequently, the demand for privacy has grown at a rapid pace. Traditional approaches - which consider privacy as a separate implementation or a secondary feature - have proved to be unfeasible for companies and organizations due to the increasing costs and volume of data to deal with.

What is Privacy by Design?

Implement technical and organisational measures at the earliest stages of the product/service development.

Privacy by Design is among one of the most innovative approaches in data protection. It recommends that companies should implement technical and organisational measures at the earliest stages of the product/service development, to ensure privacy right from the start.

According to the framework developed by Dr. Ann Cavoukian, it is based on 7 fundamental principles:

privacy by design principles
Figure 2: Privacy by Design Principles
  • Proactive not reactive: Anticipate, identify, prevent and take action before the data breach, not afterward.
  • Privacy as the default setting: Ensure that personal data is automatically protected in all IT systems or business practices.
  • Privacy embedded into design: Privacy measures should not be add-ons, but fully-integrated part of the system.
  • Full functionality: Privacy by Design employs a “win-win” approach, since both privacy and product functionalities are preserved.
  • End-to-end security: All data should be securely retained as needed and destroyed when no longer needed.
  • Visibility and transparency: Be transparent on business practices and technologies that are operating according to the objectives, and subject to independent verification.
  • Respect for user privacy: Individual privacy must be user-friendly and supported by strong privacy standards.

Image and video data

Image and video data are no exception in regards to containing personal information. Faces and bodies are among the most fundamental and highly visible elements of our identity. Hence, they fall under the definition of personal data according to the art. 4 of the GDPR and need to be protected accordingly.

Applying Privacy by Design approaches should be considered by any industry that collects images and videos using cameras, CCTV, drones and sensors. Some of the use-cases we could list are:

Use-case #1: Mobile Mapping

In the specific case of Mobile Mapping, Privacy by Design principle can be embraced from the planning (which data to collect and how to collect them) to the processing phase (for example by using anonymization techniques).

Figure 3: Mobile Mapping Workflow
Figure 3: Mobile Mapping Workflow

Planning plays a crucial role. When it comes to data collection, the GDPR suggests to follow data minimization, meaning that you should limit data collection to what is necessary while ensuring full functionality.

Nevertheless, using data minimization is not enough to comply with GDPR. During the mapping phase, MMS collects data like location information, point clouds, as well as street-level and aerial imagery. Thus faces, bodies, license plates and coordinates are captured, requiring explicit consent or anonymization techniques.

An additional implication comes from data storage, i.e. choosing between cloud vs. on-premise solutions. GDPR-certified cloud providers might offer end-to-end security by default, while hosting your own data center requires additional effort to achieve similar standards.

If you are conducting mobile mapping, or selling or renting mobile mapping equipment, you can integrate Celantur’s anonymization solution to offer state-of-art privacy standards.

Use-case #2: Self-Driving Vehicles

A study from IBM showed that finding a software error in the design phase costs less than a sixth of the cost of finding it in the implementation phase, 15 times less than during the testing phase and 1/100th of the cost as in product maintenance.

Oftentimes, privacy is designed separately from the rest of the automobile or left as an integration task during manufacturing, instead of being addressed as early as possible.

Autonomous driving involves complex algorithms, trained using drivers’ information, location tracking and sensor data. Of all this data, a great quantity will be considered personal data, so that the General Data Protection Regulation (GDPR) will then apply to autonomous vehicles.

Privacy by Design could be embraced from idea definition (requirements, risk assessment, etc.) to the validation phase (field test and proof of safety).

Figure 4: Self-Driving Vehicle Workflow
Figure 4: Self-Driving Vehicle Workflow

Despite comprehensive simulation models across the entire design lifecycle are blooming, real-world data still matter. Data collection is essential to generating possible scenarios of everything that can happen on the road.

As for the previous use-case, not all data collected is actually necessary from a technical perspective to enable autonomous driving. This applies, for example, to license plate numbers for the purposes of recognising obstacles and yet, data minimisation comes again into consideration to reduce the amount of gathered data.

At the same time, the processing of all these data is not expected to be carried out by a single data controller who has to comply with the data protection requirements, but possibly shared with third-parties. Hence, data requires to be anonymized before being shared.

Final Questions to Consider

  1. What steps are you taking to address the growing requirements for privacy?
  2. How are you managing access, ownership, and protection of the data that is collected?
  3. How is your organization working across the entire workflow, in a way that privacy is implemented as early as possible?


About Celantur

Celantur offers a fully-automated anonymization solution to blur images and video for mobile mapping and automotive projects. Hence, we allow organizations to comply with GDPR and other privacy regulations.

mobile mappingdata protectiongdprautomotiveenglish
Contact Us

Latest Blog Posts

Einstieg in Mobile Mapping

Alles was Sie vor der Implementierung von Mobile Mapping Systemen in Ihrem Unternehmen wissen müssen.


Setting up and Running StyleGAN2

A short tutorial on setting up StyleGAN2 including troubleshooting.


Privacy by Design for Image Processing

Learn how to embrace privacy by design into your image capture and processing workflow to proactively comply with the GDPR and avoid fines and other risks.