Thank you for bringing this up and sorry it took so long. Here’s the official word from Mapillary.
When you as an individual upload a photo to Mapillary, Mapillary is responsible for making sure that the processing of that photo is lawful under the GDPR. You (or any user) is not liable under the GDPR for any photo when it has been uploaded to Mapillary.
If we look outside the GPDR, Mapillary cannot take responsibility for making sure that the taking of the photo is legal in the location where the photo is taken since there can be any number of local rules and regulations that we cannot monitor. We mention this in our Terms, stating that you should not upload any content that violates any local law.
Regarding the discussion about uploading non-blurred images. As mentioned, it is Mapillary’s responsibility to make sure that any personal data that is included in any uploaded content is ok to processes under the GDPR. The GDPR does not stipulate that you need the consent of any person pictured in order to process their personal data. The GDPR have several other legal grounds, beside consent, that allows for a data controller to process personal data. Mapillary bases its processing on Mapillary’s legitimate interest to provide our service. When the legal bases “legitimate interest” is used steps have to be taken to ensure that the legitimate interest of Mapillary outweighs the pictured person’s privacy interest. This weighing of interests, and the fact that we value people’s privacy, is the reason that we blur the faces of people and license plates in uploaded content. We also make sure that only a handful of people at Mapillary has access to any non-blurred images and never publish non-blurred images.
I hope this helps and clarifies some of your concerns.