What to require when procuring people counting
A practical requirements checklist for municipalities and public bodies buying visitor measurement: anonymity by design, evidence instead of assurances, delivery you can use, and method fit per venue.
The tender decides what you get
Public procurement runs on what is written down. Visitor measurement is bought once and lived with for years, so the requirements decide what arrives: statistics a whole organisation can build on, or numbers nobody quite trusts. For municipalities, libraries, cultural venues and other public bodies the stakes are specific. The measurement must be privacy-compliant beyond doubt, accurate enough to carry decisions, and delivered in a form your organisation can actually use. What follows is a practical checklist of what to require. It is orientation from the supplier side, not procurement or legal advice; your own procurement and data protection functions set the final wording.
Require anonymity by design
The strongest privacy position is a method that produces no personal data at all. Write that into the requirements: visitors counted as anonymous, aggregated statistics, nothing stored that could identify anyone, and nothing asked of visitors, no app, no login, no action. If cameras or sensors are involved, require that video is processed for analytics only and that no personal images are stored. The point of “by design” is that the privacy position should be a property of the method itself, in place before the first visitor is counted.
Require evidence, not assurances
Any bidder can write “GDPR compliant” in a tender response. Ask what sits behind the words: a documented review of the method, independent validation, accuracy verified against reality. Bumbee Labs runs the only footfall method in Europe approved by a data protection authority, the method is validated by academia, partners and customers, and every deployment is verified with manual control measurements. That is the standard worth holding any supplier to, and experienced buyers already do: a major Stockholm transport hub chose its measurement system on accuracy and documented GDPR compliance.
Require delivery your organisation can use
Statistics that never leave a portal are a wasted contract. Specify how the data must arrive: dashboards for each stakeholder group, an open and documented API into the systems you already run, and scheduled exports and reports written for boards and funding bodies. Require that the visitor data belongs to your organisation. The catalogue of metrics and delivery channels on data deliverables is a useful reference when naming exactly what to ask for.
Specify venues and questions, not a technology
A tender that locks in one technology too early buys the wrong tool for half its venues. Different spaces need different methods: camera-free Wi-Fi counting suits indoor public buildings such as libraries; streets, squares and districts need the wide coverage of Wi-Fi and cellular together, the setup cities and municipalities use; a single door where the count must be exact calls for an optical 3D sensor. Describe each venue and the questions the data must answer, and let bidders propose the method or hybrid that fits. The methods and their sweet spots are compared on how to count visitors.
The checklist, in short
- Anonymity by design: anonymous, aggregated statistics; no personal data produced; nothing asked of visitors.
- Evidence: a data protection authority’s approval or other documented review, independent validation, and accuracy verified with control measurements.
- Delivery: dashboards per stakeholder, a documented API, scheduled exports and reports.
- Ownership: the visitor data belongs to the contracting organisation.
- Method fit: requirements per venue and question, with room for hybrid solutions.
The privacy half of this checklist is covered in depth on GDPR-compliant footfall analytics.
Having the large flows we have is a challenge. We constantly strive to have as efficient a station as possible. With the help of reliable data from the new measurement system, we can better plan where different service functions or stores are to be located and how we can adapt doors or passages.
Frequently asked questions
What privacy requirements should a tender for people counting include?
Require that visitors are counted as anonymous, aggregated statistics, that no personal data is produced, that nothing is asked of visitors, and that any camera or sensor processes video for analytics only with no personal images stored. Then require documented evidence rather than a compliance statement.
Should we specify which counting technology to buy?
Specify the venues and the questions instead. Wi-Fi suits whole indoor spaces, sensors give exact counts at single doors, cellular covers districts and outdoor areas, and many public deployments combine them. Locking in one technology too early can buy the wrong tool.
How do we evaluate accuracy claims in bids?
Ask how accuracy is verified in practice. Bumbee Labs calibrates every deployment with manual control measurements matched against its own data, and the method is validated by academia, partners and customers. Any bidder should be able to describe an equivalent procedure.
Who owns the visitor data?
Your organisation should. With Bumbee Labs the visitor data is yours, delivered as anonymous statistics through dashboards, a documented API and exports, so it can be used in your own systems and reporting.