My understanding is that an image is by itself PII, regardless of whether or not it has any additional information associated with it. I don’t think there’s a way to retain images without contravening GDPR.
Data doesn’t have to be PII to fall under the provisions of the GDPR. Personal Data doesn’t have to identify a person; relates to an identified or identifiable living individual is sufficient (https://ec.europa.eu/info/law/law-topic/data-protection/refo...)
Unless I'm misreading, that criteria rules out data about individuals that are not identified and can't be identified.
When looking at a single datum by itself, this seems to rule out anything except PII i.e. data that identifies or can be used to identify an individual.
I’m not sure I understand what you’re saying, but I think you’re misreading ”Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.”
What that says is that, if (A,B,C) identifies a person, each of A, B, and C, in isolation, is personal data, not that you will be allowed to keep the pair (A,B) if it doesn’t.
One mathematically can cut each bit of information in units of arbitrarily small entropy. So, if taken to the letter, “this user is not Mark Zuckerberg” would be personal data. I doubt jurisprudence will go that far, but we’ll see.
My understanding is that an image is by itself PII, regardless of whether or not it has any additional information associated with it. I don’t think there’s a way to retain images without contravening GDPR.