Cloud vs offline image anonymisation: which fits your data?
If you capture 360° street-level imagery and need to blur faces and license plates before publishing, you have two broad options: send the images to a cloud service, or run the anonymisation on your own hardware. Both work. But they create very different obligations, costs, and risks — particularly under the GDPR.
What cloud anonymisation actually means
A cloud anonymisation service receives your raw images, processes them on remote infrastructure, and returns blurred output. The appeal is clear: no hardware to manage, no software to install, and processing scales with volume.
The problem is what happens between upload and return. Your raw panoramas — containing identifiable faces and license plates — travel to a third-party system. Under the GDPR, that transfer makes the service provider a data processor, which requires a Data Processing Agreement. You are responsible for verifying that the provider processes data lawfully, stores it only as long as needed, and does not use it for their own purposes. If they operate outside the EU/EEA, international transfer rules apply.
None of this is insurmountable, but it adds contractual overhead, a fresh point of exposure, and a dependency on a vendor's security posture.
What offline anonymisation actually means
Offline processing runs the AI detection and blurring locally — on your own machine, using your own GPU or CPU. The raw images never leave the system. No transfer, no third-party processor, no upload risk.
The GDPR implications are simpler. You are processing personal data on infrastructure you control, without transmitting it. You still need a lawful basis and appropriate security measures, but you do not need to establish a processing relationship with an external vendor for the anonymisation step itself.
The practical constraints are hardware-dependent: you need a machine with enough processing power to handle your volume. On an NVIDIA RTX 3090, Privacy Keeper processes a 12,288 × 6,144 Mosaic 51 panorama in approximately 9 seconds. A typical GPU workstation can handle thousands of panoramas per day.
The key differences at a glance
- Data transfer. Cloud: raw personal data leaves your machine. Offline: it does not.
- Third-party processor. Cloud: required; needs a DPA. Offline: none.
- Hardware cost. Cloud: pay per image or per volume. Offline: upfront hardware cost, then low marginal cost per image.
- Connectivity requirement. Cloud: constant, with high bandwidth for large files. Offline: none for processing (licensing sign-in requires internet).
- Audit trail. Cloud: depends on the vendor. Offline: Privacy Keeper writes a local audit log per run, recording settings and per-image results.
- Scalability ceiling. Cloud: virtually unlimited. Offline: bounded by your hardware; manageable with batch processing for most mapping operations.
When cloud makes sense
Cloud anonymisation is a reasonable choice when you process sporadically, in high volumes that exceed your hardware, or when you have no on-site infrastructure and cannot justify the investment. If the vendor's DPA is solid and their security posture is auditable, the compliance overhead is manageable.
When offline makes sense
Offline processing fits organisations that operate regularly at predictable volumes, handle sensitive client datasets where third-party transfer is contractually restricted, work in locations without reliable high-bandwidth connectivity, or prefer to own their processing pipeline end-to-end. Government and municipal mapping projects often fall into this category. So do survey contractors who process on behalf of clients with strict data handling requirements.