People counting without cameras

Most buildings have already built the sensor. They just don’t know it yet.

Every commercial property running Wi-Fi (a shopping centre, a transport hub, a museum, an office campus) has access points distributed across its floors to serve connectivity. Those same devices can, with the right software layer, count and map the people moving through the space. No new hardware in the ceiling, no camera trained on the entrance. The counting happens in the network that was already there.

What a phone emits when nobody is watching

Wi-Fi-enabled devices don’t wait to be invited. When your phone’s Wi-Fi is on and you haven’t connected to a network, it sends out probe requests, short signals asking whether any known network is nearby. Access points in range detect these signals. For years, each probe carried a unique hardware identifier (the MAC address) that made it possible, in principle, to track a specific device across time and space.

Apple introduced MAC address randomisation in iOS 8 in 2014; Android followed from version 8 onwards.

Devices now send probe requests with rotating, randomised MAC addresses rather than a fixed hardware ID.

With every probe burst carrying a fresh, randomised address, there is no fixed hardware ID left to follow a device across time and space.

For tracking individuals, that is the end of the road. For counting visitors in aggregate, it is actually the starting point: the randomisation means the raw data never contained a stable personal identifier to begin with.

Privacy by architecture, not by policy

The distinction matters. Many privacy controls rely on promises, a retention schedule, a deletion routine, a privacy policy. Wi-Fi counting without MAC persistence relies on architecture: the personal identifier was never captured in a form that links to an individual. You cannot re-identify someone from a rotating hardware address that changes with every probe burst.

The Wi-Fi-based people counting approach anonymises at the point of collection. Probe signals are processed into counts and flow statistics; the underlying signal data is not stored. What persists is aggregate: how many devices were detected in a zone during a given hour, how long the average dwell was, which route through a space was most common. No row in any database corresponds to a person.

A GDPR-compliant footfall analytics system built on Wi-Fi sensing does not require visitor consent to operate, because it processes no personal data. That is the legal test, and it passes it. It is also why this is the only footfall method in Europe approved by a data protection authority.

The building you already own

Installing dedicated optical people counters at every entry point (and every zone boundary, escalator, and lift lobby) requires project planning, cabling, and ongoing hardware maintenance. Wi-Fi sensing uses access points that facilities or IT already manages for connectivity.

Coverage extends wherever the Wi-Fi network does. A shopping centre with dozens of access points across five floors gets zone-level analytics across all five floors, not just a headcount at the front door. A transport hub can see how passengers distribute across a concourse in real time. For museums and cultural venues or public transportation hubs, that depth of insight is now reachable without a cabling project.

The data deliverables are richer precisely because the sensing network is already woven into the building fabric. No marginal camera to justify to a planning authority, no lens pointed at a queue, no image of a face at any step.

What cameras do differently, and why that matters to the public

Camera-based systems can do things Wi-Fi counting cannot: they can distinguish adults from children, count people in images with high precision, and in some configurations recognise repeat visitors. These are genuine capabilities.

They are also the source of public discomfort. Facial recognition attached to retail analytics has generated regulatory attention across Europe. Even where cameras are not running recognition, visitors in public spaces increasingly notice them and ask questions. The optics, intended or not, are surveillance. That friction has a cost: in visitor experience, in staff time answering questions, and occasionally in press coverage that nobody commissioned.

Wi-Fi sensing has none of those optics. There is no visible hardware pointed at people. There is nothing for a visitor to object to, because nothing about them is being captured. That difference is significant in environments where trust matters (cultural institutions, public transit, healthcare facilities) and increasingly in retail too, as people-counter versus analytics decisions get scrutinised more carefully.

Calibration and accuracy

A reasonable question: if the system never sees individuals, how does it know it’s right?

Calibration. Counts derived from Wi-Fi signals are validated against manual counting sessions, a known number of people walks through a zone, and the system’s estimate is adjusted to match. The ratio of Wi-Fi-enabled devices among visitors varies by location and time; calibration corrects for it. The result is high accuracy at the aggregate level, which is exactly what operational and strategic decisions require. A retailer needs to know whether 2,000 or 4,000 people came through on a Saturday; they do not need a census of individuals. That calibration discipline is also what makes the count comparable across sites and seasons, which is what a footfall benchmark is actually worth.

The technical challenge of MAC randomisation, now standard on modern devices, is handled at the algorithmic level, not by reverting to persistent identifiers.

The privacy benefit stays intact; the statistical output remains reliable.

Running the DPIA

For organisations subject to GDPR, a Data Protection Impact Assessment for people counting is the formal step that confirms a technology is lawful to deploy. For Wi-Fi-based systems that anonymise at collection and store only aggregates, that assessment is straightforward: the processing starts and ends with non-personal data. There is no special category data, no consent mechanism to build, no data subject rights to administer.

That simplicity has operational value. It means a venue can deploy footfall analytics without a legal project running in parallel, and without the ongoing compliance overhead of managing personal data.

The network that was already there

The best sensor is the one that requires nothing extra. Buildings invest in Wi-Fi for connectivity; with appropriate software, that same infrastructure becomes an accurate, anonymous, continuously operating visitor intelligence system. No camera, no new hardware budget, no identity.

The data deliverables (hourly counts, zone dwell times, flow paths, trend comparisons) are the quality of insight that was previously only available with more intrusive and more expensive technology. That visitor count is also the denominator the till cannot supply: set it against sales and you get the conversion rate behind why footfall and sales tell different stories. The building already owned the sensor. It just needed to know how to listen. A DPIA for people counting confirms the legal position for any organisation that needs formal sign-off before deployment.