Privacy masking – should you go down the static route, or does dynamic masking make more sense?
The wait is over. The European General Data Protection Regulation (GDPR) is in effect. If your organization is like most, you’ve probably had conversations about how you’re going to ensure compliance. While there’s much to consider under the GDPR, one big concern that often comes up in these discussions is how to protect people’s privacy when using video surveillance.
The technology used to mask people’s identities and the information captured on video is referred to as privacy masking. While privacy masking has been around for some time, the technology has evolved over the years. In fact, today there are two types of privacy masking— static and dynamic.
So what is the difference? Well, the difference in technology can be compared with the difference between Motion Detection and Video Analytics. They both serve similar purposes but achieve the result with very different levels of accuracy and are therefore more or less useful to the user. So it is important to be aware of the difference and when to employ what.
What is a mask?
A mask refers to hiding, anonymizing a portion of the video or blocking it. Usually accomplished by blurring a part of an image.
Traditional privacy masking is static in nature and the mask blocks certain areas in an image or live video feed. This form of masking is called “static” because you’re blocking a specific area of an image. Typically, this is done directly on the camera and can be used, for example, to hide the keypad of a credit card terminal in a top-down view at a cash register. This would render a mask in the video itself so it would be impossible to remove this mask later on. Recently, some providers have added this capability to video management systems (VMSs), making it possible to add or remove the mask based on user access rights or privileges. However, in this case, the original video is stored without any mask and the mask is just an overlay in the client application.
A dynamic approach to masking masks all relevant objects (typically objects or people in motion) in the image while everything else in the image can be seen just like in a usual video surveillance application. Thus, there is only a mask in the image when and where it needs to be. This allows you to record videos in highly sensitive areas, such as public restrooms or near retail dressing rooms. You can still see and recognize incidents as they happen, such as a person falling down, or someone being assaulted, but you cannot identify the person’s identity at this point. Only authenticated users with proper authorization will gain access to the original video for a full review. Not only does this approach protect the privacy of individuals, but it also offers a much a wider range of applications compared to static masks which require you to define the area to be masked right from the start.
Overlay masks in the operator software vs. removing identity data
If masks, static or dynamic, are applied by the VMS, there is an important distinction between the methods of how the mask is created. Some applications render an overlay on the client interface side when the video is viewed, similar to video analytics overlays. And based on a user’s privileges, the overlay is either shown or hidden. However, the original video is still stored in the same way as if there was no masking in place. From a data protection perspective, the video still contains private information that is stored and transferred from the server to the client. If this connection is intercepted, all private data is accessible.
Other solutions, however, completely remove people’s identity from the masked stream so that there is no such information available in the stream itself. In data protection terms, this is called anonymization. Contrary to static masking, the original video can be retrieved by switching to a second, original video stream. The big advantage is that this second stream can be stored in a highly encrypted way on the Archiver and only the parts that should be accessed are transferred over the network. This fulfills the “data minimization principle”, which states that data should only be created, stored, and transferred if need be.
To learn more about privacy masking, read our KiwiVision Privacy Protector brochure.
About the Author
Florian Matusek, Product Group Director - Video Analytics, Genetec Inc.More Content by Florian Matusek