Occupancy Sensors and Privacy: A GDPR-Ready Guide for European Workplaces
European workplace teams face a unique challenge: they need occupancy data to optimize their spaces, but they operate under the world’s strictest privacy regulations. The General Data Protection Regulation (GDPR) creates specific requirements around any technology that could collect employee data, and occupancy sensors sit directly in this compliance zone.
This guide breaks down what you need to know to deploy occupancy sensors without creating privacy risk.
Why GDPR Matters for Occupancy Sensors
Under GDPR, any data that could directly or indirectly identify an individual qualifies as personal data. This is where occupancy sensor technology choices become a compliance decision, not just a technical one.
Camera sensors capture images of people. Even with blurring or anonymization, the raw capture is of identifiable individuals. This typically requires a Data Protection Impact Assessment (DPIA), a legitimate interest assessment, employee notification, and in some countries, works council approval.
Wi-Fi tracking monitors device MAC addresses, which the European Data Protection Board has confirmed constitute personal identifiable information (PII) even when hashed. Wi-Fi tracking systems are tracking individual devices — and by extension, individual people.
Thermal sensors detect heat signatures that cannot identify individuals. This generally falls outside GDPR personal data requirements, making compliance simpler.
Edge AI sensors process optical data on-device and output only anonymous coordinate data. No images are stored, transmitted, or accessible. The output data (aggregate occupancy counts and anonymous positions) does not constitute PII under GDPR.
The Edge AI Privacy Architecture
PointGrab’s approach is specifically designed for privacy-regulated environments. Here is what happens inside a CogniPoint sensor: the optical CMOS (Complementary Metal-Oxide-Semiconductor) captures the pixels, the edge AI chip processes the image within memory and then outputs only numerical data (count, X/Y positions). The captured pixels are not converted into a file (.JPG etc) that can be stored locally or leaves the device, and the output data cannot be reverse-engineered into images.
This architecture means there is no personal data processing under GDPR definitions. No DPIA is required for the sensor output data. No works council approval is needed for anonymous aggregate data. The compliance burden is fundamentally different from camera or Wi-Fi approaches.
For a full breakdown of the five-layer sensing architecture that makes this privacy model work, see The Complete Guide to Workplace Sensing Infrastructure.
Works Councils and Employee Relations
In Germany, France, and several other European countries, works councils (Betriebsrat, comité d’entreprise) have significant influence over workplace technology deployment. Camera-based monitoring systems almost always require works council negotiation, which can delay deployment by months.
Edge AI sensors that produce only anonymous, aggregate data typically do not trigger works council requirements for employee monitoring. This significantly accelerates deployment timelines in regulated European markets.
Practical Compliance Checklist
When evaluating occupancy sensors for GDPR-regulated workplaces, ask: Does the sensor capture images? If yes, DPIA required. Does the system track devices or MAC addresses? If yes, personal data processing rules apply. Where does data processing occur? On-device processing is preferable to cloud processing. What data leaves the sensor? If only anonymous aggregate data, compliance is straightforward. Can the output data identify individuals? If no, GDPR personal data rules may not apply. For a full comparison of Wi-Fi-based device tracking vs dedicated occupancy sensors from a privacy perspective, see Wi-Fi Tracking vs Dedicated Sensors: What Workplace Teams Need to Know.
The Bottom Line
You do not have to choose between occupancy data and GDPR compliance. Edge AI technology gives European workplace teams the spatial intelligence they need — precise headcounts, area heatmaps, desk-level data — with a privacy architecture that keeps compliance simple.
Operating in GDPR-regulated markets? PointGrab’s edge AI architecture was built for privacy-first workplace sensing. Talk to us about deploying in European offices.
Frequently Asked Questions
What is privacy-first occupancy sensing?
Privacy-first sensing detects occupancy without identifying individuals or capturing visual data, focusing on anonymous presence detection.
How does occupancy sensing comply with GDPR?
GDPR-compliant sensors don’t capture personal data, focus on aggregate occupancy metrics, and provide transparency about data collection.
Are occupancy sensors considered personal data collection?
It depends on the sensor type. Edge AI devices that don’t store or transmit PII, such as an individual identifiable image, fall outside GDPR’s personal data scope.
What privacy concerns do occupancy sensors raise?
Common concerns include tracking employee location, identifying specific individuals, recording behavioral patterns, and data security.
How do organizations ensure privacy with occupancy data?
Best practices include using privacy-first sensors, implementing data retention policies, providing transparency to employees, and apply data security best practices.
What’s the difference between presence sensing and activity tracking?
Presence sensing detects only that a space is occupied, while activity tracking monitors what specific identifiable indeviduals do, raising greater privacy concerns.
Do employees need to consent to occupancy sensors?
Practices vary by jurisdiction, but transparency and consent are best practices, especially in EU organizations subject to GDPR.
Can occupancy data be re-identified to track individuals?
With proper data governance, aggregate occupancy data shouldn’t reveal individual identity or movements, technical safeguards prevent re-identification.
Are PointGrab occupancy sensors GDPR compliant?
Yes. PointGrab’s CogniPoint sensors are designed from the ground up for GDPR compliance. All visual processing happens on-device (edge AI) — the sensor captures a video stream, processes it locally, and outputs only anonymous occupancy metadata: headcounts, presence status, and zone analytics. No images are ever stored on the device or transmitted over the network. Because no personal data leaves the sensor, the data output falls outside GDPR’s definition of personal data processing, eliminating the need for consent collection or data subject rights management for standard occupancy monitoring. For customers in Germany, France, and other countries with works council requirements, PointGrab provides a technical architecture document confirming that individual identification is architecturally impossible, which typically satisfies works council review processes.
What privacy concerns exist with occupancy monitoring?
The most common privacy concerns with occupancy monitoring are: (1) Individual tracking — employees worry that sensors can monitor their specific movements or work patterns throughout the day. This is addressed by choosing sensors that output only anonymous zone-level or desk-level presence data, with no link to individual identity. (2) Camera surveillance — optical sensors raise concerns about video recording. Edge AI sensors like CogniPoint process video locally and never store or transmit images, making this concern moot. (3) Behavioural profiling — the fear that attendance data could be used to evaluate individual performance. This is a governance concern, not a technology concern — it should be addressed through a clear data use policy communicated to employees. (4) GDPR and legal compliance — organisations operating under GDPR need assurance that sensor data does not constitute personal data processing. Edge AI sensors with on-device processing satisfy this requirement. PointGrab provides a full privacy and compliance brief for procurement and legal teams on request.
