Why you shouldn’t use mobile phone signals to count people: Dutch city fined €600000

Enschede in the Netherlands chose a mobile phone solution to count the people in their city. But they failed to identify the pitfalls of using pseudonymised data and fell foul of GDPR regulations. Their method of people counting meant that the data they collected could be used to track individuals’ movements over time, as well as for individuals to be matched to a specific phone code at quiet times.

The Dutch Data Protection Authority (DPA) fined Enschede €600,000 for their failure to protect their citizens’ privacy.

Identifying People from their Phone Signals

The company Enschede chose for their people counting system placed sensor equipment in the shopping streets that detected the Wi-Fi signals from the mobile phones of passers-by. Each phone was registered separately and given a unique code. 

This makes it possible to measure how crowded the street is by counting how many phones are near a sensor at a particular time. If, however, you monitor over a longer period of time which phone passes close to which sensor, that ‘counting’ becomes tracking.

The DPA said that this was the case in Enschede. People’s privacy was therefore not properly protected, as they could be tracked without this being necessary or consent being given.

‘If people can be tracked via their phones that is a bad state of affairs,’ said DPA deputy chair Monique Verdier. ‘Everyone has the right to go about their business outside freely and without being spied on. Without the government or any other party being able to watch you or keep track of what you’re doing. That is part of our free and open society.’

Ms Verdier continued. ‘When it’s relatively quiet, you can see exactly which person belongs with which code. Or you can look at patterns: if a person arrives at the same location every day at 08.00, and leaves again at 17.00, that means they work there.’

The use of Wi-Fi tracking from mobile phones is subject to strict conditions, and in most cases it is prohibited. Other methods of counting people – like video people counting – are available which don’t violate their privacy.

Video People Counting

In video people counting no images are saved or transmitted. Intelligent people-sensing units connect with overhead cameras. The people-sensors analyse the video stream and log counts and times. No video is recorded: the only data accessible are the counts and the retail analytics. Nobody is identified and privacy is protected.

The video counting system sees people as “blobs: the video pictures aren’t transmitted or saved, only the counts are recorded. The only time the video is seen is during installation.

The system can’t tell how often a person visits or when they were last there. What it does do very effectively is count footfall, show most popular routes and areas, analyse how long people pause to look at displays, integrate visitor counts with point-of-sale data to calculate sales conversion, and so on.

Find out more

Further Reading

Do your People Counters comply with GDPR? January 2021
Dutch DPA fines municipality for Wi-Fi tracking, Accessed May 2021

Jill Studholme

Writing about people counting since 2002

Tags: ,

Leave a Reply

Your email address will not be published.