Sure, it could - just like it could use StreetView type object detection to blur out faces and number plates. Who is in the photo is surely just as privacy sensitive as where it was taken? (oh, and "when" - blank the file timestamp while you're at it).
I don't buy it. For one thing, excess security granularity inevitably leads to complexity, frustration, mistakes and worse overall security (see routine AWS blunders) and more generally the function of the kernel is to supply data to userland for processing, it should not be meddling with file content. If you don't want EXIF data in your photos then switch it off just like any other image capture setting.
