The Privacy Paradox in People Counting

As the demand for occupancy data and foot-fall analytics grows, a technical divide has emerged in the IoT sector. On one hand, many solution providers utilize High-Definition (HD) RGB cameras, often in a dual-lens Stereovision configuration, paired with Artificial Intelligence (AI) to achieve high accuracy. On the other hand, a „Privacy-by-Design“ approach utilizes non-optical sensors and deterministic algorithms.

This paper explores how different sensing technologies approach GDPR compliance, and highlights potential residual risks associated with optical systems, particularly in the context of the evolving EU AI Act and broader cybersecurity considerations.

1. The RGB and Stereovision Dilemma: Data Over-Collection

The General Data Protection Regulation (GDPR) is built on the principle of Data Minimization: personal data should be adequate, relevant, and limited to what is necessary for the purpose.

The Optical Approach (RGB & Stereovision):
Most modern people-counting sensors are essentially sophisticated RGB cameras. Even „Stereovision“ sensors, which use two lenses to calculate depth, typically rely on standard optical sensors to create those images. They capture rich, high-resolution visual data (faces, clothing, gender, and gait). While the AI „filters“ this into numerical counts at the edge, the input remains highly sensitive personal data.

The Privacy-by-Design Approach: By using non-RGB sensors, such as Time-of-Flight (ToF), Thermal, or Radar, the device never „sees“ a human face or identifiable feature. The raw data consists of depth maps or heat signatures that are inherently meaningless to a human observer or a hacker. This is true data minimization: you cannot lose or leak what you never captured in the first place.

2. The EU AI Act: A New Regulatory Hurdle

The recently enacted EU AI Act introduces a risk-based framework for AI systems. Solutions that rely on computer vision and AI for certain types of biometric or behavioral analysis may face increased regulatory scrutiny depending on their use case.

Transparency Requirements: AI models can sometimes be complex to interpret. Under the AI Act, providers are expected to offer appropriate transparency into how systems operate and make decisions. In some cases, this may require additional effort compared to more deterministic approaches.
Deterministic Reliability: Deterministic, rule-based algorithms follow predefined logic, making their behavior easier to audit and predict. These systems typically do not rely on large training datasets, which can simplify governance and validation processes.
Classification Risk: Systems processing visual data in public or sensitive environments may, depending on implementation and purpose, fall under stricter regulatory categories. This can lead to additional documentation and compliance requirements compared to non-visual or non-AI-based systems.

3. Cybersecurity Considerations: Data Exposure and System Design

The claim that „processing happens on the edge“ ignores the vulnerability of the hardware itself.

Potential Data Exposure: In systems using RGB or stereovision cameras, a compromised device could, in certain scenarios, expose access to raw visual data streams. In environments such as offices or healthcare facilities, this may increase the potential impact of a security breach.
Data Characteristics by Design: With non-optical sensors, such as Time-of-Flight or thermal technologies, the raw data consists of abstract signals like distance points or heat patterns. Without the corresponding processing logic, this data is generally less interpretable and less sensitive from a privacy perspective.

4. Technology Comparison Table

5. Accuracy and Operational Reliability

AI-based systems often report very high accuracy levels under controlled conditions. In real-world environments, performance can vary depending on factors such as lighting conditions, shadows, and layout complexity.

Optical sensors may require stable lighting or additional illumination to maintain consistent performance. In contrast, non-optical technologies such as Time-of-Flight operate independently of ambient light, which can support more stable results across varying conditions.

Terabee systems are designed to deliver high accuracy (typically 98%+) in real-world environments, with a focus on consistent performance rather than optimized lab conditions.

6. Regulatory & Technical References

EU AI Act (Regulation (EU) 2024/1689): Annex III identifies AI systems used for biometric categorization and emotion recognition as High-Risk, enhanced data governance, transparency, and oversight depending on their application.
GDPR Article 5(1)(c): Establishes the principle of data minimization, requiring that personal data processing be limited to what is necessary for the intended purpose. In some implementations, the use of high-resolution visual data for occupancy measurement may require additional justification under this principle.
ENISA (European Union Agency for Cybersecurity): Highlights the „Attack Surface“ of IoT devices, noting that compromised edge sensors can lead to the unauthorized extraction of raw data streams.
Standard ISO/IEC 30141: Emphasizes that privacy is strengthened when data is minimized or anonymized as close to the source as possible, including at the sensor level.

Conclusion: Future-Proofing Your Facility

Choosing a solution is no longer just about accuracy; it is about Risk Management. Organizations must ask: Do we trust an AI to hide the data it sees, or do we use a sensor that is incapable of seeing private data at all?

The Author: Dr. Max Ruffo is a visionary technology leader with over two decades of experience at the forefront of industrial innovation, having pioneered the introduction of 3D printing, civil drones, autonomous mobile robots and LiDAR sensors. Today, Max is dedicated to a long-term mission of building a better world by championing green buildings and net-zero communities.

References and Links

If the topic is of interest, I advise diving into some interesting research with these key leaders:

Academic Research on Waste and Behavior

(1) Dr. Shahzeen Attari’s research: Her work at Indiana University focuses on people’s judgments and decisions about climate change and resource use. You can explore her publications and profile at:
https://oneill.indiana.edu/faculty-research/directory/profiles/faculty/full-time/attari-shahzeen.html.

Psychological Concepts (Inattentional and Change Blindness)

(5) Elizabeth Loftus’s work: Her research on memory, inattentional blindness, and change blindness is foundational to this topic.
- „Planting misinformation in the human mind: A 30-year investigation of the malleability of memory“ (2005): https://pubmed.ncbi.nlm.nih.gov/16027179/
- „Change blindness and eyewitness testimony“ (2010):
  https://psycnet.apa.org/record/2010-18400-006

Industry and Policy Resources

(2) American Council for an Energy-Efficient Economy (ACEEE): This non-profit organization provides extensive technical and policy analyses on energy efficiency in buildings. https://www.aceee.org/
(3) Air Conditioning Contractors of America (ACCA): This association provides resources and standards for the HVAC industry. https://www.acca.org/
(4) National Comfort Institute (NCI): NCI offers training and resources to HVAC professionals, with a focus on high-performance and energy-efficient systems. https://www.nationalcomfortinstitute.com/
(6) Commercial Buildings Energy Consumption Survey (CBECS) by the U.S. Energy Information Administration (EIA).
https://www.eia.gov/consumption/commercial/data/2018/
(7) Eurostat article „Final energy consumption in services – detailed statistics“ https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Final_energy_consumption_in_services_-_detailed_statistics

The Privacy Paradox in People Counting: Why RGB-Based AI and Stereovision May Fall Short of Modern Compliance Standards