Why privacy-first occupancy sensing matters in Germany
Germany has strong data protection expectations and a robust legal framework. Beyond compliance, privacy-first solutions build trust with employees, simplify works council engagement, and reduce legal risk.
- Legal context: GDPR (General Data Protection Regulation) is EU-wide; Bundesdatenschutzgesetz (BDSG) supplements it in Germany.
- Employee rights: Works councils have co-determination rights for workplace monitoring under the Works Constitution Act (Betriebsverfassungsgesetz).
- Public trust: Camera-free, non-identifying sensing reduces perceived surveillance and increases acceptance.
Adopting privacy-first occupancy sensors helps companies meet legal obligations while unlocking operational benefits like energy savings, space optimization, and hybrid-work planning.
What is an occupancy sensor? Key terms defined
- Occupancy sensor: A device that detects presence or movement of people in a space to measure whether the space is occupied.
- Thermal sensing: Detects heat signatures (infrared) rather than visible-light images and identifies human presence by heat patterns.
- Camera-free: No visible-light or video imaging is captured; the system does not create photos or videos of people.
- DPIA (Data Protection Impact Assessment): An analysis required under GDPR when processing is likely to result in high risk to individuals' rights and freedoms.
- Pseudonymization vs. anonymization: Pseudonymization replaces identifiers with tokens but remains potentially linkable; anonymization irreversibly removes personal identifiers.
Butlr specializes in thermal, camera-free sensing that produces anonymized occupancy metrics rather than personal data.
How Butlr's thermal, camera-free sensing works (high level)
- Sensors detect heat signatures and movement without capturing images or video.
- On-sensor processing classifies human presence and activity patterns locally (edge processing).
- Only aggregated, anonymized occupancy counts and spatial analytics are transmitted and stored.
- System is designed to avoid personal identification: no facial data, no photos, and no persistent tracking of individuals.
This architecture aligns with privacy-by-design principles and reduces GDPR risk compared with camera-based systems.