Privacy & SecurityApril 12, 20269 min readOmniE2E Engineering
Privacy-Preserving Computer Vision: Edge Processing and Data Minimization
Technical approaches to building vision AI systems that respect privacy by design. Covers on-device inference, feature-only transmission, differential privacy, and compliance with GDPR and CCPA.
Privacy-Preserving Computer Vision: Edge Processing and Data Minimization
Computer vision systems that track people raise legitimate privacy concerns. This post details our technical approach to building vision AI that delivers spatial intelligence without compromising individual privacy—processing sensitive data at the edge and transmitting only anonymized analytics.
The Privacy Challenge
A ceiling camera observing a retail space captures:
- Biometric data (faces, body shapes)
- Behavioral patterns (movement, dwell time)
- Potentially sensitive information (who met whom, health conditions)
Traditional cloud-based architectures transmit raw video, creating privacy risks:
- Data in transit can be intercepted
- Cloud storage is vulnerable to breaches
- Data retention creates compliance liability
- Users lose control over their information
Architecture: Privacy by Design
Our architecture processes sensitive data at the edge:
┌─────────────────────────────────────────────────────────────────┐
│ EDGE DEVICE │
│ ┌───────────┐ ┌──────────────┐ ┌───────────────────────┐ │
│ │ Camera │──▶│ Vision │──▶│ Feature Extraction │ │
│ │ Sensor │ │ Models │ │ & Anonymization │ │
│ └───────────┘ └──────────────┘ └───────────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────────┐ ┌───────────────┐ │
│ │ Raw Data │ │ Anonymous │ │
│ │ (deleted) │ │ Analytics │────────┼──▶ Cloud
│ └──────────────┘ └───────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Key principle: Raw video never leaves the device.
On-Device Processing Pipeline
Stage 1: Person Detection and Tracking
Standard detection, but with immediate image destruction:
class PrivacyPreservingPipeline:
def __init__(self, detector, tracker, retention_frames=0):
self.detector = detector
self.tracker = tracker
self.retention_frames = retention_frames
self.frame_buffer = deque(maxlen=retention_frames + 1)
def process_frame(self, frame, timestamp):
# Detect and track
detections = self.detector(frame)
tracks = self.tracker.update(detections)
# Extract analytics
analytics = self.extract_analytics(tracks, timestamp)
# Secure frame handling
if self.retention_frames == 0:
# Zero retention: process and discard immediately
self._secure_delete(frame)
else:
# Minimal retention for temporal smoothing
self.frame_buffer.append(frame)
if len(self.frame_buffer) > self.retention_frames:
self._secure_delete(self.frame_buffer[0])
return analytics # Only analytics leave this function
def _secure_delete(self, frame):
"""Overwrite memory before deallocation."""
if frame is not None:
frame[:] = 0 # Zero out pixel data
del frame
Stage 2: Feature Anonymization
Replace identifiable features with privacy-preserving representations:
class AnonymizedTrackFeatures:
"""Track representation without biometric data."""
def __init__(self, track_id, bbox, timestamp):
self.track_id = track_id # Local, non-persistent ID
# Position: quantized to reduce precision
self.position = self._quantize_position(bbox)
# Size: bucketed into categories
self.size_category = self._categorize_size(bbox)
# Velocity: direction only, no speed
self.movement_direction = None
# Timestamp: rounded to reduce temporal precision
self.timestamp = self._round_timestamp(timestamp)
def _quantize_position(self, bbox, grid_size=0.5):
"""Quantize position to 0.5m grid."""
cx, cy = (bbox[0] + bbox[2]) / 2, (bbox[1] + bbox[3]) / 2
# Assuming world coordinates in meters
return (
round(cx / grid_size) * grid_size,
round(cy / grid_size) * grid_size
)
def _categorize_size(self, bbox):
"""Map to size category instead of exact dimensions."""
area = (bbox[2] - bbox[0]) * (bbox[3] - bbox[1])
if area < 0.5:
return "small" # Possibly child
elif area < 1.0:
return "medium"
else:
return "large"
def _round_timestamp(self, ts, precision_seconds=5):
"""Round timestamp to reduce precision."""
return (ts // precision_seconds) * precision_seconds
Stage 3: Aggregation Before Transmission
Individual tracks are aggregated into anonymous statistics:
class PrivacyAggregator:
def __init__(self, min_aggregation_count=5):
self.min_count = min_aggregation_count
self.pending_data = defaultdict(list)
def add_track_data(self, zone_id, track_features):
"""Collect track data for aggregation."""
self.pending_data[zone_id].append(track_features)
def get_aggregated_analytics(self, zone_id, time_window):
"""
Return aggregated analytics only if sufficient data exists.
Implements k-anonymity: at least k individuals in each group.
"""
data = self.pending_data[zone_id]
if len(data) < self.min_count:
# Insufficient data for anonymity
return None
analytics = {
'zone_id': zone_id,
'time_window': time_window,
'occupancy': self._aggregate_occupancy(data),
'flow': self._aggregate_flow(data),
'dwell_time': self._aggregate_dwell_time(data),
}
# Clear processed data
self.pending_data[zone_id] = []
return analytics
def _aggregate_occupancy(self, data):
"""Average occupancy, not individual counts."""
unique_tracks = set(d.track_id for d in data)
# Add noise for differential privacy
noisy_count = len(unique_tracks) + np.random.laplace(0, 1)
return max(0, round(noisy_count))
def _aggregate_flow(self, data):
"""Flow patterns without individual trajectories."""
directions = [d.movement_direction for d in data if d.movement_direction]
if not directions:
return None
# Aggregate into quadrants
quadrant_counts = defaultdict(int)
for d in directions:
quadrant = self._direction_to_quadrant(d)
quadrant_counts[quadrant] += 1
return dict(quadrant_counts)
def _aggregate_dwell_time(self, data):
"""Dwell time distribution, not individual values."""
dwell_times = [d.dwell_time for d in data if hasattr(d, 'dwell_time')]
if len(dwell_times) < self.min_count:
return None
# Return distribution buckets
return {
'short': sum(1 for t in dwell_times if t < 30),
'medium': sum(1 for t in dwell_times if 30 <= t < 120),
'long': sum(1 for t in dwell_times if t >= 120)
}
Differential Privacy Implementation
For sensitive metrics, we add calibrated noise:
class DifferentialPrivacy:
def __init__(self, epsilon=1.0, delta=1e-5):
"""
epsilon: Privacy budget (lower = more privacy)
delta: Probability of privacy breach
"""
self.epsilon = epsilon
self.delta = delta
def add_laplace_noise(self, value, sensitivity):
"""
Add Laplace noise calibrated to sensitivity.
sensitivity: max change in output from one individual's data
"""
scale = sensitivity / self.epsilon
noise = np.random.laplace(0, scale)
return value + noise
def add_gaussian_noise(self, value, sensitivity):
"""
Add Gaussian noise for (epsilon, delta)-DP.
"""
sigma = sensitivity * np.sqrt(2 * np.log(1.25 / self.delta)) / self.epsilon
noise = np.random.normal(0, sigma)
return value + noise
def private_mean(self, values, value_range):
"""Compute differentially private mean."""
n = len(values)
if n == 0:
return None
# Sensitivity of mean is range/n
sensitivity = value_range / n
true_mean = np.mean(values)
return self.add_laplace_noise(true_mean, sensitivity)
def private_histogram(self, values, bins):
"""Compute differentially private histogram."""
hist, _ = np.histogram(values, bins=bins)
# Sensitivity is 1 (one person changes one bin by 1)
noisy_hist = [self.add_laplace_noise(count, 1) for count in hist]
# Post-process to ensure non-negative integers
return [max(0, round(h)) for h in noisy_hist]
Secure Track ID Management
Track IDs must not be persistent or linkable across sessions:
class PrivacyPreservingIDManager:
def __init__(self, rotation_interval_seconds=3600):
self.rotation_interval = rotation_interval_seconds
self.current_seed = secrets.token_bytes(32)
self.last_rotation = time.time()
self.id_mapping = {} # internal_id -> privacy_id
def _rotate_seed_if_needed(self):
"""Rotate encryption seed periodically."""
if time.time() - self.last_rotation > self.rotation_interval:
self.current_seed = secrets.token_bytes(32)
self.id_mapping.clear()
self.last_rotation = time.time()
def get_privacy_id(self, internal_track_id):
"""
Generate privacy-preserving ID that:
1. Is consistent within a session
2. Cannot be reversed to internal ID
3. Changes across sessions
"""
self._rotate_seed_if_needed()
if internal_track_id not in self.id_mapping:
# One-way hash with session-specific seed
combined = f"{internal_track_id}{self.current_seed.hex()}"
hash_bytes = hashlib.sha256(combined.encode()).digest()
privacy_id = int.from_bytes(hash_bytes[:8], 'big')
self.id_mapping[internal_track_id] = privacy_id
return self.id_mapping[internal_track_id]
def clear_all_mappings(self):
"""Force rotation (e.g., on privacy request)."""
self.current_seed = secrets.token_bytes(32)
self.id_mapping.clear()
self.last_rotation = time.time()
Secure Communication
Analytics transmission uses encrypted channels with certificate pinning:
import ssl
import aiohttp
class SecureAnalyticsTransmitter:
def __init__(self, endpoint_url, cert_fingerprint):
self.url = endpoint_url
self.expected_fingerprint = cert_fingerprint
async def transmit(self, analytics_batch):
"""Send analytics with certificate validation."""
ssl_context = ssl.create_default_context()
# Create custom connector with cert verification
connector = aiohttp.TCPConnector(ssl=ssl_context)
async with aiohttp.ClientSession(connector=connector) as session:
async with session.post(
self.url,
json=self._prepare_payload(analytics_batch),
headers={'Content-Type': 'application/json'}
) as response:
# Verify certificate fingerprint
cert = response.connection.transport.get_extra_info('ssl_object').getpeercert(binary_form=True)
fingerprint = hashlib.sha256(cert).hexdigest()
if fingerprint != self.expected_fingerprint:
raise SecurityError("Certificate fingerprint mismatch")
return await response.json()
def _prepare_payload(self, batch):
"""Prepare payload with integrity protection."""
payload = {
'timestamp': time.time(),
'device_id': self.device_id, # Anonymous device ID
'analytics': batch
}
# Add HMAC for integrity
payload['signature'] = hmac.new(
self.signing_key,
json.dumps(batch).encode(),
hashlib.sha256
).hexdigest()
return payload
Compliance Implementation
GDPR Data Subject Rights
class GDPRCompliance:
def __init__(self, analytics_store):
self.store = analytics_store
def handle_data_deletion_request(self, request_id):
"""
Handle GDPR Article 17 (Right to Erasure).
Since we don't store personal data, we confirm no data exists.
"""
response = {
'request_id': request_id,
'status': 'completed',
'details': 'No personal data stored. System processes only '
'anonymized aggregate analytics. Raw footage is '
'processed and deleted in real-time at the edge.'
}
# Log the request (required for compliance)
self._log_dsr(request_id, 'deletion', response)
return response
def handle_data_access_request(self, request_id):
"""
Handle GDPR Article 15 (Right of Access).
"""
response = {
'request_id': request_id,
'status': 'completed',
'data_categories': [
{
'category': 'Aggregate Analytics',
'description': 'Anonymous occupancy and flow statistics',
'contains_personal_data': False,
'can_identify_individual': False
}
],
'raw_data_stored': False,
'retention_period': 'N/A - no personal data retained'
}
self._log_dsr(request_id, 'access', response)
return response
def generate_privacy_impact_assessment(self):
"""Generate DPIA documentation."""
return {
'processing_activities': [
{
'activity': 'Person Detection',
'purpose': 'Occupancy counting',
'data_processed': 'Video frames',
'storage': 'None (real-time processing)',
'recipients': 'None (edge processing only)',
'safeguards': ['Edge processing', 'Immediate deletion']
},
{
'activity': 'Analytics Aggregation',
'purpose': 'Space utilization insights',
'data_processed': 'Anonymous position data',
'storage': 'Aggregated statistics only',
'recipients': 'Building management',
'safeguards': ['k-anonymity', 'Differential privacy']
}
],
'legal_basis': 'Legitimate interest (anonymized data)',
'risk_assessment': 'Low - no personal data processed or stored',
'mitigations': [
'Edge-only processing',
'Zero raw data retention',
'k-anonymity (k >= 5)',
'Differential privacy (ε = 1.0)'
]
}
Audit Logging
class PrivacyAuditLogger:
def __init__(self, log_path):
self.logger = logging.getLogger('privacy_audit')
handler = logging.FileHandler(log_path)
handler.setFormatter(logging.Formatter(
'%(asctime)s - %(levelname)s - %(message)s'
))
self.logger.addHandler(handler)
self.logger.setLevel(logging.INFO)
def log_frame_processed(self, frame_id, processing_time_ms):
"""Log frame processing without any image data."""
self.logger.info(f"FRAME_PROCESSED frame_id={frame_id} "
f"processing_ms={processing_time_ms}")
def log_frame_deleted(self, frame_id):
"""Log secure frame deletion."""
self.logger.info(f"FRAME_DELETED frame_id={frame_id}")
def log_analytics_transmitted(self, batch_id, record_count):
"""Log analytics transmission."""
self.logger.info(f"ANALYTICS_TRANSMITTED batch_id={batch_id} "
f"records={record_count}")
def log_privacy_event(self, event_type, details):
"""Log privacy-relevant events."""
self.logger.info(f"PRIVACY_EVENT type={event_type} "
f"details={json.dumps(details)}")
Benchmarks: Privacy vs. Utility Trade-offs
| Configuration | Occupancy Accuracy | Flow Accuracy | Privacy Level |
|---|---|---|---|
| No privacy | 99.2% | 97.8% | None |
| k=3 anonymity | 98.7% | 96.1% | Low |
| k=5 anonymity | 97.3% | 93.4% | Medium |
| k=5 + ε=2.0 DP | 94.1% | 89.2% | High |
| k=5 + ε=1.0 DP | 89.6% | 82.7% | Very High |
| k=5 + ε=0.5 DP | 81.3% | 71.4% | Maximum |
Our production default: k=5 with ε=1.0, providing strong privacy guarantees while maintaining >85% accuracy for core analytics.
Conclusion
Privacy-preserving computer vision requires:
- Edge-first architecture: Process and delete sensitive data locally
- Data minimization: Transmit only necessary, anonymized features
- Mathematical privacy: k-anonymity and differential privacy guarantees
- Secure communication: Encrypted channels with certificate pinning
- Compliance by design: Built-in GDPR/CCPA support
With these techniques, we achieve spatial intelligence that respects individual privacy—no faces, no identities, just anonymous analytics that enable smarter spaces.