Under GDPR, video footage that captures identifiable individuals is classified as personal data. The moment a face appears on a monitored screen — whether in a warehouse, a rail yard or a hospital corridor — the organisation processing that feed is handling personal data.
When considering CCTV livestream blurring, organisations should consider:
Relevant data protection laws — including GDPR, the UK Data Protection Act 2018, France's CNIL requirements, and Germany's BDSG — all treat live video as personal data when individuals are identifiable.
Employee union agreements — in many sectors, unions have negotiated explicit restrictions on how staff can be monitored, including live feeds visible to management.
Public trust and institutional accountability — particularly relevant for public-sector bodies, universities and healthcare providers, where being seen to surveil without safeguards carries reputational risk.
Data subject rights — individuals can request access to footage they appear in, or invoke their right to erasure for live feeds that are also recorded.
#Use cases for live video blurring across industries
Here are some examples that span logistics, public infrastructure, healthcare, municipal government and educational institutions:
#Oil rigs
Remote engineers carry out live machinery checks via CCTV. The equipment must be visible to the operator — but the workers on site have no reason to have their faces broadcast to a remote control room. Face blur keeps the operational view intact while protecting worker identity.
#Postal service
A fisheye camera installed in a sorting warehouse would have been flagged as non-compliant, but adding face blur to the camera resolved the compliance issue without requiring the camera to be repositioned or removed.
#Rail maintenance
Live-streamed track inspections run alongside public lines and capture members of the public. Anonymising people’s faces as they appear keeps the inspection feed usable without creating a data processing problem.
#Transportation depots
Headquarters teams monitor live feeds from dozens of depots. Live redaction with permission-based unblurring gives the team the oversight they need without breaching employees’ privacy.
#Local governments
Municipal control room operators manage live feeds from across the city. Access rights assigned to users depending on their role determine whether faces are blurred or visible — while redaction can be lifted when an incident requires it.
#Hospital control room
Patient confidentiality extends to live video. In healthcare environments, live blur ensures that individuals appearing in monitored feeds — patients, visitors, staff — are not identifiable to anyone without a clinical or operational need to know.
#Educational institutions
Guard stations at universities use live face blurring on public-facing monitors to ensure that students and visitors moving through campus are not exposed to unnecessary scrutiny.
#Solutions for live footage blurring
VMS solutions, such as AXIS and Verkada, offer built-in video redaction for live videos. Other VMS solutions have plug-ins that can enable live blurring, such as Identity Cloak LIVE plug-in for Milestone XProtect.
Alternatively, you can integrate live blurring with your video stream via API. Identity Cloak and other video redaction solutions like SecureRedact support this option.
Below, we’ll show how Identity Cloak can be used to blur personal data in live video feed, including faces, bodies, and licence plates.
#Identity Cloak for livestream anonymisation
Identity Cloak can be used for real-time redaction without affecting the recorded footage as a Milestone XProtect plug-in.
#Milestone XProtect LIVE plug-in
Facit's Milestone LIVE video redaction plug-in can be deployed in under 10 minutes on Milestone XProtect, enabling live face redaction without additional tools.
#Key identity Cloak capabilities for livestream redaction
The plug-in blurs faces, bodies and licence plates in real time. Redaction happens on the live view only — recorded footage remains un-blurred.
Identity Cloak plug-in supports these key capabilities for livestream monitoring in Milestone XProtect:
Real-time redaction across multiple streams — monitor several camera feeds at once with blur applied automatically.
Body, face and licence plate blur — covers the full range of personally identifiable information visible in live video.
Recorded footage stays unblurred — live masking settings do not affect the underlying recording, so incident investigation is never compromised.
Single-toggle user permissions management — administrators can control which users see redacted or unredacted feeds from a central interface.
User-level blurring settings — different operators can have different access levels, matching the permission structure already in place within the organisation.
Time limits for unredacted footage playback — authorised users who lift redaction for an incident review are subject to configurable time limits
Compatible with all Milestone camera streams — including body-worn, PTZ, 360°, and fixed dome cameras.
Blur removal during incidents – when alarm goes off, feed can be automatically unblurred for incident response.
Identity Cloak plug-in deployment for XProtect
The plug-in installs in under 10 minutes and works with existing Milestone XProtect Corporate infrastructure. It has been tested on XProtect Corporate versions 2023, 2024 and 2025.
Recommended hardware for running up to 16 live streams simultaneously:
Processor: Intel Core i9
GPU: NVIDIA RTX A4000
RAM: 16 GB
Storage: 255 GB SSD
OS: Windows 10 Pro or latest
Identity Cloak API for livestream blurring
For organisations that need redaction embedded directly into their own platforms or workflows, Identity Cloak is also available via a secure API.
Hosted in AWS or Azure cloud, the API allows development teams to integrate video redaction into existing applications — case management systems, evidence portals, control room software — without routing footage through a separate tool.
The API is designed for flexibility: organisations can tailor the integration to their specific infrastructure and compliance requirements.
This is particularly relevant for larger deployments where redaction needs to run as part of an automated pipeline rather than a manually triggered process. Contact Facit to discuss API access and configuration options.
