Why data protection matters for 3D models from building photos
Voxelia processes supplied imagery into 3D models, CAD files, BIM inputs, orthophotos and viewer data. Privacy is therefore not only a capture issue. It also affects upload, processing, storage, sharing and delivery.
The European Commission defines personal data as information relating to an identified or identifiable living person. Processing includes collection, storage, organisation, alteration, use, disclosure and erasure. For imagery, upload and photogrammetric reconstruction can therefore be relevant processing steps.
Voxelia focus
The key question is not the drone flight. It is which image information is actually required for geometry and planning, and which details can be reduced before delivery.
When building photos can contain personal data
A photo of a roof or facade is not automatically personal data. It becomes sensitive when people are visible or when context makes a person identifiable, for example faces, licence plates, name plates, doorbells, private interiors, exact location metadata or time stamps.
The European Commission also notes that pseudonymised or encrypted data can remain personal data if re-identification is possible. Blurring, cropping or stripping metadata can reduce risk, but is not automatically irreversible anonymisation.
| System / Dataset | Suitability | Best For | Practical Note |
|---|---|---|---|
| Roof surface without people or sensitive surroundings | usually suitable | 3D roof model, PV planning, roof areas, CAD trace | Geometry remains usable while irrelevant edge areas can be reduced for delivery. |
| Facade with passers-by, windows or plates | requires review and masking | orthoplane, facade CAD, damage mapping | Identifiable people, vehicles and private interiors should be masked before broad sharing. |
| EXIF/XMP with GNSS, timestamp and camera data | technically useful, privacy-relevant | photogrammetry, georeferencing, quality review | Keep metadata for reconstruction when needed; reduce it for external delivery. |
Image details to review before upload
Privacy risks usually come from incidental information: a car near the facade, a person on a balcony, a name plate at the entrance or a visible private interior. These details may be irrelevant for geometry but still travel through the project folder.
| Risk Scenario | Why It Matters | Typical Symptom | Useful Countermeasure |
|---|---|---|---|
| Identifiable people | Faces or body features can identify a person | People remain visible in textures, orthophotos or viewers | mask before public or broad sharing; use internally only for the defined purpose |
| Licence plates and name plates | They can become identifying in combination with project context | Plates remain readable in high-resolution imagery | make plates, doorbells and names unreadable before delivery |
| Private areas | Balconies, gardens and windows may reveal private circumstances | Irrelevant edge areas remain in viewer or textures | limit crop, reduce edge areas and review textures before release |
Data minimisation without losing geometry
GDPR principles summarised by the European Commission include purpose limitation, data minimisation, storage limitation, integrity and confidentiality. In photogrammetry, this means preserving the information needed for the technical purpose while avoiding unnecessary personal detail.
Original photos can be important during reconstruction because sharpness, overlap, EXIF/XMP and camera parameters affect model quality. After reconstruction, delivery can often be leaner: CAD lines instead of full texture, an orthophoto crop instead of the full surroundings, or BIM elements instead of raw imagery.
Technically useful, but lean
Data minimisation in a Voxelia workflow means preserving geometry, scale and planning value while reducing personal side information once it is no longer needed.
Practical workflow for clients before upload
A good privacy workflow is short, repeatable and tied to the intended planning output.
- 01
Define output
Clarify whether you need mesh, CAD trace, orthophoto, BIM, PV handoff or viewer.
- 02
Review imagery
Check people, plates, interiors, names, neighbouring properties and sensitive edges.
- 03
Treat metadata deliberately
Keep EXIF/XMP when needed for reconstruction; minimise it for external delivery.
- 04
Define masking and crop
Decide what should be masked, cropped or delivered at lower detail.
- 05
Document the handoff
Record which raw data was processed and which exports are delivered.
What should remain in CAD, BIM or viewer handoff
Planning teams do not always need all source images. Derived geometry, point clouds, cropped orthophotos, CAD lines, IFC elements, roof areas or a protected viewer are often enough.
For PV, roof areas, pitch, azimuth, obstructions and shading context matter. For facades, planes, openings, damage zones and scale matter. Personal image details are rarely needed for those outputs.
FAQ: Privacy for building photos and 3D models
Process imagery with privacy in mind
Turn building photos into planning-ready 3D data
If you already have building, roof or facade imagery, we review which data is actually needed for 3D, CAD, BIM or viewer delivery and which details should be masked or reduced.