Teams working with images or video that contain faces frequently use "blur" and "anonymise" interchangeably. They're not the same thing, and the distinction has practical consequences — both for the effectiveness of your privacy measure and your GDPR compliance posture.
What face blurring does
Blurring replaces the face region detected in an image with a pixelated or Gaussian-blurred version of the same pixels. The face shape and approximate position remain visible. Blurring is:
- Fast to compute
- Reversible in some cases — sufficiently high-quality source images can sometimes be deblurred using deep learning upscalers
- Effective for content moderation and publication contexts where the goal is to prevent casual identification
What anonymisation does (and what GDPR means by it)
Under GDPR Recital 26, data is anonymised — and therefore no longer personal data — when "the data subject is not or no longer identifiable." The European Data Protection Board has consistently held that true anonymisation requires that re-identification be impossible, not merely difficult.
Gaussian blurring generally does not meet this standard. High-resolution source images, combined with modern neural network upscaling, can recover enough facial detail to enable re-identification in many cases. This means blurred images may still count as personal data under GDPR.
Stronger anonymisation approaches include:
- Solid-fill masking — replaces the face region with a solid colour or noise pattern, removing all facial pixel information entirely. This is what Quantilence's face blur API uses by default.
- Face replacement / deepfake anonymisation — replaces the face with a synthetic face that preserves head pose and expression but is not re-identifiable. Useful for training datasets.
- Full face crop removal — deletes the face region entirely and fills with background inpainting.
When to use each approach
Use blur (Gaussian or pixelation) when:
- You're preparing images for publication, social media, or press — where the goal is optical privacy, not legal anonymisation
- The source image resolution is low enough that deblurring attacks are impractical
- You need to indicate that a face was present (e.g., for audit trail or training data labelling purposes)
Use solid-fill anonymisation when:
- You're processing images to remove them from GDPR scope
- You're creating training datasets and need to publish or share images without consent obligations
- You're building dashboards or recordings for operator review (CCTV, retail analytics) where individuals must not be identifiable
- You're complying with right-to-erasure requests — GDPR Art. 17 — where re-identification must not be possible after processing
Multi-face support and detection accuracy
Both approaches depend on robust face detection. If a face is missed by the detector, it won't be blurred or anonymised. Key factors:
- Detection recall — the percentage of faces in an image that are detected. At 99.6% recall with Quantilence's detector, roughly 4 in 1,000 faces are missed. For large datasets, plan for this and consider secondary review for high-stakes use cases.
- Small face handling — faces in the background of crowd shots or wide-angle images are harder to detect. Ensure your provider is tested on small faces (<30px interocular distance).
- Partial faces and occlusion — sunglasses, masks, and partial crops reduce detection confidence. Understand how your use case maps to these edge cases.
Quantilence face anonymisation
Our face blur API detects all faces in an image and applies elliptical Gaussian masking to each face region. It supports multi-face images, returns the count of anonymised faces, and delivers the output as a base64-encoded image ready to save or display. Median processing time is ~90ms. Try it in the live demo.