Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Facit Data Systems
Insights

A complete guide to face blurring software

In this article, we look why the need for fast, reliable CCTV face blurring software has increased.

Why face blurring software has become essential

Are you trying to blur individuals in a video now?

Background grid.

In this article, we look why the need for fast, reliable CCTV face blurring software has increased.

The data privacy sphere has become hectic in terms of how organisations are obliged to manage and report data privacy policy, and the number of data requests has grown as the general public has become steadily more aware of privacy rights.

GDPR placed greater obligations on data controllers and gave more protection and access rights to individuals.

Under the Regulations, people identifiable in video are characterised as data, which means images cannot be shared without permission. Blurring software is required to remove faces, number plates and any other identifying elements that are associated with anyone but the subject(s) of interest.

GDPR, video images and blurring requirements

The UK’s Data Protection Act 2018 prescribes that people should have access to any data that may be held relating to them. The relevant DPA section sets out an individual’s rights and the controller’s obligations.

GDPR (General Data Protection Regulation) is an extensive regulation that prescribes the protection of personal data. The Regulation covers more than written details, like names and addresses; it applies to any information that can identify someone. Identifiable information includes images and videos, which places a significant duty of care on CCTV operators.

The UK GDPR is supplemented by the DPA (Data Protection Act) 2018. Among other things, the DPA 2018 applies the GDPR’s provisions to certain types of processing that are outside the Regulation’s scope, including processing by public authorities. It sets out data processing regimes for law enforcement processing and intelligence processes.

The UK GDPR and DPA 2018 should therefore be read together.

Download our redaction guide

Check out Facit’s guide to understanding what AI-powered redaction software is, and how it can benefit your business.

Background grid.

Video capture compliance obligations

There is a long checklist of obligations for organisations and business that capture people’s images on video, in the private, commercial and public sectors alike. The checklist includes:


1. Making sure people know that they’re being recorded 

Transparency is a core principle of the GDPR. CCTV operators are required to tell people when personal information is being collected to allow them to exercise their data subject rights and to challenge the way their information is used. 

2. Stating clearly why CCTV is in use

Under the GDPR, it’s not enough to say that personal data is being collected; you also need to explain why you’re using it. This Regulation details strict lawful bases for processing

3. Controlling who has access to CCTV 

GDPR requires that personal information should only be accessible to those who need it to complete a function of their job. Video footage must also be kept in a secure location.

4. Deleting footage when it is no longer necessary 

The Regulation states that organisations must have a system to make sure video footage is deleted according to a data retention policy. 

The steady rise in reports of data breaches

According to the Information Commissioner’s Office (ICO), there has been a rise in data security incident trends.

Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO. The ICO published this information to help organisations understand what they are seeing and help them to take appropriate action.

“Failure to redact” – which includes ‘face blur’ – is a breach category that typically doubles year-on-year.

Facit contacted the ICO to ask about guidelines in relation to Data Subject Access Requests (DSARs) and CCTV. The ICO replied: “Individuals have the right to request CCTV footage that identifies them. If there are third parties present you should see our guidance. You should also consider redaction (face blurring) of the third-party personal data in order to supply the DSAR.”

The potentially high cost of non-compliance 

The penalties for failure to comply with GDPR can lead to penalties and large fines. The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements.

One of the first penalties issued in Europe under GDPR was levied against an Austrian retailer for its use of CCTV for failing to inform people that surveillance cameras were in use outside its shop. It was fined €4,800 (about £4,250). 

In the UK, the ICO has issued fines of more than £200 million against British Airways and Marriott International for GDPR violations. In the latter case, for failure to disclose data breaches several years prior to the fine.

Would you like support on compliance best practice?

Background grid.

Facit’s video analytics and face-blurring compliance heritage

Facit has been heavily involved for many years in helping organisations to make the most of information captured over video as well as to cope with the challenges posed by data privacy regulations.

Facit develops software that operates over the already-installed CCTV cameras of an organisation. Facit’s products help customers to analyse customer and visitor behaviour, manage building occupancy, and optimise staffing and resources.

The company’s video data assurance product, Identity Cloak, has been a leader in its field for several years. Identity Cloak is AI-powered face blurring software that enables organisations to blur faces quickly, reliably and cost-effectively entirely in-house.

An image of people at a till in a store with blurred faces.

Video redaction software with face blurring

Identity Cloak enables customers to comply with compliance regulations comfortably within ICO deadlines, by blurring the faces of people and any other identifying objects in a matter of minutes.

From its introduction into the face blurring software market Identity Cloak has proven superior in independent tests against other face blurring software.

You can book a demo on the Facit website to see for yourself how easy to use and fast automated face blurring is.

The advantages of automated face blurring over alternative techniques

Prior to the availability of automated CCTV face blurring software, the work required to blur the faces of third parties was both time consuming and very expensive.

Businesses with high levels of video data requests struggle to meet the GDPR 30-day deadline. The challenge is exacerbated when using historical means of blurring faces in video. The options were largely manual face blurring practices, whether the work was carried out in-house or outsourced for blurring to a bureau. Bureau outsourcing frequently does not ensure deadlines are met, and add layers of risk, administrative complexity and cost.

Outsourcing to an online face blurring service or to a bureau necessarily involves risks as the video footage for which you are responsible has to leave your own secure environment.

The advent of face blurring software such as Identity Cloak means that organisations can automatically radact (face blur) videos very quickly in-house, and so meet tight GDPR timelines at a much-reduced cost to the business.

Introducing Identity Cloak face blurring software

Identity Cloak works across a business’ installed CCTV systems, which represents a significant saving in set-up costs.

When a request for video footage is received, the software user has options either to blur the faces of all but the subject(s) of interest and show the background, or conversely, to blur all of the background footage and reveal only the faces of the subject(s) of interest.

Live (real-time) face blurring

Facit also provides the capability for live face blurring to enable organisations to comply with data privacy regulations while meeting the needs of their business.

Live redaction is suitable for remote video monitoring or recording in areas where surveillance is otherwise problematic owing to privacy rules and regulations. It is ideal for processing, manufacturing and logistics applications when video surveillance is primarily used to monitor processes. Other applications exist in retail, healthcare, education, at government facilities, and in travel hubs.

Key live face blurring benefits:

  • Safeguards privacy

  • Reliable, real-time dynamic blurring at high frame rates

  • Cost effective, high-performance edge-based solution

  • Easy to install, configure and manage

  • Choice of colour or mosaic blurring

The need for video face blurring capability is set to increase

The UK is one of the most video monitored societies, with around 6 million CCTV cameras in operation, or one camera for every eleven people.

The number of DSARs that UK companies will receive from clients and suppliers is set to increase considerably according to the latest UK Data Protection Index* results which highlighted there has already been a 66% increase in the average number of DSARs received since July 2020. (*The UK Data Protection Index, organised by The DPO Centre, is published quarterly.)

The increase in DSARs is likely in part the result of employees becoming ‘data savvy’ in requesting details of the data an employer holds on them, which is sometimes associated with claims or a tribunal action. The involvement in DSARs of lawyers and insurance companies has risen significantly in recent years, which coincided with the large number of redundancies during the Covid-19 pandemic. 

The pressure on Data Officers to provide access to personal data is all-pervasive. Most people are aware that Chief Data Officers at every local council now post their council’s fair processing policies - such as this typical example from The City of Westminster - alongside subject access request (SAR) forms for anyone who wants to know what personal data is kept and how it is used.

The growing awareness of data privacy rights, the ubiquity of CCTV cameras, and the strictures of privacy regulations combine to mean that the need for cost-effective data-compliant face blurring capability is likely to become a ‘must have’.

Automated CCTV face blurring software frees up budgets and resources

Commercial organisations are focused on data privacy and saving money on compliance measures. Public sector organisations also want to ensure that scarce expert resources are deployed where their skills are most needed.

The healthcare sector has seen a steady increase in data subject access requests (DSARs). In the year ending 31st Jan 2020, 74% of requests received by the NHS were made by law firms and insurance companies and 26% by patients. In the subsequent year, 81% of NHS requests came from insurance companies and law firms, which is a legal bandwagon that the sector has to contend with.

King's College Hospital is one of London's largest and busiest teaching hospitals, with a strong profile of local services primarily serving the boroughs of Lambeth, Southwark, Lewisham and Bromley.

As a progressive organisation, King’s College Hospital looked for ways to fulfil DSARs and comply with data privacy regulations without depleting precious budgets more than is absolutely necessary, and without wasting valuable expert resources on laborious administrative tasks.

King’s College Hospital installed Facit’s Identity Cloak automated face blurring software, which replaced tedious in-house manual processes and eliminated the risk of data breaches.

Feedback on Identity Cloak face blurring software

King’s College Hospital’s Head of Security highlighted the fact that “the application sits within our own network, which ensures that the Trust’s video never leaves our own secure environment, rather than having to place our video in the Cloud, which was an issue here at the Trust.” 

He added: “The multi-mode options give us flexibility and enables us to ensure that we provide the correct video output for each specific request we receive.”

Identity Cloak multi-mode is a function that enables operators to choose how they process redaction. Options include starting the process by blurring all or none of the people in a video, and then revealing the subject(s) of interest or anonymising third parties; or applying blur on the video in order to select areas to remain clear.

The King’s College Head of Security concluded: “The product does what it says it does and Facit continue to develop it after listening to our feedback. We are completely satisfied with our choice.” 

A Guide to Video Redaction

Increasing number of companies failing ICO deadlines

About the author

Facit is a software house founded in 2014 that specialises in digital data compliance and video analytics systems. Facit is a leader in the field of data privacy assurance face blurring software and works with commercial organisations such as retailers and tourist venues, and public sector organisations such as local authorities and the NHS.