recently I learned about the Desktop Uploader and about the update that makes it possible to import from many different devices like for instance my Garmin Dashcam. Whilst this feature sparked my interest right away because eastern Germany is quite thin on data it also raised questions:
If I don’t turn off the data embedding in the video every still Frame will have the GPS Location, Speed and Date+Time in it. Even after upload and processing. License plates etc. will be blurred but the mentioned data is clearly visible.
Questions:
In the - not unlikely - event of an lawsuit: Who is responsible for this data when it is visible? There are many German Dashcam channels on YouTube which deleted/reuploaded hundreds of videos just to remove/blur this data This old post speaks about Mapillary being responsible for GDPR compliance but if I let an AI analyse the situation I get this: Mapillary acts as a data processor and platform provider, but their Terms of Use state that you grant them a broad license to use, reproduce, and distribute your content. However, you remain the original rights holder and responsible for the legality of what you upload. Mapillary explicitly says you retain ownership but grant them rights for commercial use under CC-BY-SA
So I waive all rights of usage of the material but still remain legally contestable?
Might be the quickest solution to this: Is there any way in the desktop uploader to auto-crop the video? For instance for my Garmin Dashcam I could crop the lower 40px - losing no viable information (its the dashboard/bonnet anyway). I searched around but I could not find any.
Ah, GITNE, always refreshing to get legal hot takes from someone who hasn’t uploaded a single image in Germany. Bold strategy, let’s see how that plays out. From the whole style of your answer I would guess you are US based.
First, let’s clear up the basics:
Mapillary’s Terms of Use: Sure, I keep the copyright, but I grant Mapillary a perpetual, irrevocable, royalty-free license to use my content however they like—including commercial purposes. So yes, they make money, and I still carry part of the legal risk. Great deal, right?
Why YouTubers like “Fahrnünftig” re-uploaded: It wasn’t about license plates (those have been blurred since 2020 and even earlier). The real issue was the advanced data overlays—date, time, GPS, speed. Sascha, the owner of the channel, started blurring everything in 2022 after a legal incident.
Privacy Officer Advice: Here’s a German privacy officer explaining at minute 4:20 why you should blur all data that can infer location—timestamps, GPS etc.: YouTube.
And now, about your line: “Anyone can sue you anytime for anything. That’s the way the rule of law has worked ever since.”
Ah yes, the classic “lawsuits happen, so why bother” argument. True, and anyone can also trip over their own shoelaces—but that doesn’t mean we ignore traffic laws. The point isn’t whether lawsuits exist; it’s about reducing risk by following GDPR and local regulations. Pretending compliance is “nonsense” is like saying seatbelts are pointless because accidents happen anyway.
So yes, Mapillary blurs faces and plates, but the overlays? That’s on us to either remove/blur them or not adding them to the original video at all. And under GDPR, metadata can be personal data. If you think otherwise, maybe upload a few thousand images in Germany and let us know how that goes.
Until then, I’ll stick to facts, not theory and will wait for an answer from the Mapillary team. That should be more legally binding and helpful than your comment.
The only helpful thing I take with me: no ability to crop the video in the Desktop Uploader.
Instead of you who is giving advice based on no sources (at least I can’t see any link to any legal decisions) I am asking valid questions regarding a jurisdiction that seems to be not your own. You are just guessing what could or could not be right here in Germany. So I am doing my Homework. You are just interfering with this thread. This requires a response from Mapillary employees, not from someone who directly questions the upbringing and education of their counterpart. I didn’t like your strange ad hominem argument in your first response to begin with.
Let’s turn that around: “You don’t want to take any private legal risk for a company that makes money from your voluntary work? Then just do not contribute”. Would like that statement to be confirmed from an actual employee of Mapillary. This is a sure-fire way to kill voluntary work.
Actual way to go: Answer the questions with valid backed legal decisions or the company takes full responsibility or they ask to not upload any of said metadata. Which would also be fine and could be the simplest answer to my question.
You are doing neither. Because you neither have the competence (or are you an Mapillary employee?) nor are you willing to back your claims with data.
Again. Where is your backing data for that? That is just a bold statement without any value.
Now we are finally getting somewhere. You start using actual sections from the law and technical terms. However we are still having some gaps here:
Pseudonymisation vs. anonymisation
– Article 4(5) GDPR defines pseudonymisation, but pseudonymised data is still personal data under GDPR.
– It does not “become” non-personal data simply because some points are dropped. The key question is whether re-identification is reasonably possible. This distinction is crucial and has been confirmed by multiple data protection authorities. You may be referring to the EuG, T-557/20 case here which, with some abstraction, ultimately leads to a possible identification of a person if the uploaded data includes timestamps + GPS coordinates and for instance a non blurred company car. That may indeed be the reason why German Dashcam channels on YouTube are now blurring everything.
Controller responsibility
– You mention a Privacy Compliance Officer “approving” Mapillary’s processes. That may be true, but it does not resolve the underlying question: Who is the data controller when I upload dashcam videos – the uploader, Mapillary, or both as joint controllers (Art. 26 GDPR)?
– Without clarifying this, the liability question remains unanswered.
Legal basis / sources
– So far you refer to your own interpretation, but not to any actual legal source (case law, supervisory authority statement, or Meta/Mapillary’s official position).
– Since we are talking about jurisdiction in Germany, vague references to “legal consensus” are insufficient.
I am not disputing that Mapillary applies blurring and other measures. My point is: as long as there is no clear statement who the responsible controller is under GDPR, the uploader remains in legal uncertainty.
Therefore my question stands:
Is there any official statement from Mapillary/Meta or a German/EU data protection authority clarifying this controller/responsibility issue?
Without such a source, your claim that “this is enough” remains an opinion, not a legal fact. Or I am still missing the fact that you are an Mapillary employee. But if I understand the forum correct those have “Mapillary Team” next to their name.
But for now I will rest my case here. Maybe someone from Mapillary staff will answer this in time. And maybe I will upload data from my dashcam without any data stamps on it.