Non Camera Occupancy Sensors UK 2026: Privacy-First Buying Guide

As organisations in the UK modernise buildings, occupancy sensing is a critical tool for energy savings, space optimisation, and safe capacity management. This guide helps procurement teams, facilities managers, and IT/security leads buy non-camera occupancy sensors in 2026 with privacy and practicality as top priorities, explaining sensor types, legal considerations, selection criteria, deployment tips, and an actionable vendor checklist for informed, defensible decisions.

Meet Butlr

Discover what spatial intelligence can do for you.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Why choose non-camera sensors?

Non-camera sensors detect people without capturing photographic images, reducing privacy risk and simplifying compliance compared with camera-based systems.

Privacy protection: no visual images stored or transmitted.
Lower regulatory scrutiny: avoids many risks associated with facial recognition.
Focused metrics: occupancy counts, dwell times, and movement patterns without personal data.
Easier user acceptance: staff and visitors are more comfortable when cameras are not used.

Common non-camera sensing technologies

Thermal sensors: measure heat signatures; good for counting and privacy.
Passive infrared (PIR): detects motion changes in infrared light; low power and simple.
Radar (mmWave): uses radio waves to detect movement and presence; works through some materials.
Ultrasonic: senses movement via sound waves; less common in large spaces.
Wi-Fi/Bluetooth analytics: uses device signals to infer presence; raises privacy issues unless anonymised and consented.

Legal and privacy context (UK)

Two legal frameworks are especially relevant when deploying occupancy sensors in the UK: UK GDPR, which governs processing of personal data, and the Data Protection Act 2018 together with ICO guidance, which emphasise data minimisation, transparency, lawful basis, and DPIAs for high-risk processing.

Practical steps

Conduct a DPIA if sensors may identify or track individuals or when deployed in sensitive areas.
Choose sensors and vendors that minimise personal data collection and retain data for the shortest necessary time.
Provide clear signage and privacy notices where sensors are installed.
Ensure a lawful basis for processing (for example, legitimate interests with a balancing test, or consent where appropriate).

What to prioritise: privacy-first technical features

Prioritise features that reduce privacy risk by design and enable secure, auditable deployments.

Must-have privacy features

No raw image capture: sensors should not store or transmit photographic images.
Edge-processing: data analysed on-device with only aggregated metrics sent to the cloud.
Minimal data retention: default short retention periods and easy deletion options.
Strong anonymisation: device identifiers should be hashed, salted, and rotated if used.
Transparent outputs: provide interpretable aggregates (counts, occupancy percentages), not trajectories tied to IDs.

Security features

Encryption in transit and at rest (TLS, AES).
Strong authentication for APIs and dashboards.
Secure OTA firmware updates with signature verification.
Role-based access and audit logs.

Where applicable, prefer vendors who publish independent security and privacy assessments or support third-party audits.

Performance and deployment considerations

Match sensor capabilities to space types and project objectives to ensure accuracy and usefulness.

Space suitability

Open-plan offices: thermal and radar sensors provide accurate counts.
Meeting rooms and small offices: ceiling-mounted thermal or dual-PIR units work well.
Corridors and entrances: PIR or radar can detect flow and trigger lighting.
Retail and public areas: thermal sensors useful for discrete crowd counting without visuals.
Sensitive areas (toilets, changing rooms): avoid people-sensing unless strictly necessary; any use requires heightened controls and justification.

Technical considerations

Coverage and density: verify sensor coverage at expected ceiling heights and layout; thermal sensors have limited field-of-view.
Ceiling height and obstructions: sensors perform best with clear line-of-sight for their sensing modality.
Environmental factors: HVAC, sunlight, reflective surfaces, and temperature differences can affect thermal and PIR performance.
False positives/negatives: ask for real-world accuracy metrics (percentage error, conditions tested).
Calibration and learning: confirm whether sensors self-calibrate and how they handle seasonal changes.

Integration and interoperability

Open protocols: prefer BACnet, Modbus, MQTT, REST APIs for BMS, EMS, and room-booking integration.
Cloud vs on-prem options: consider data residency, latency, and security policies.
Scalability: check how systems scale from single rooms to multi-site deployments.

Cost and ROI

Total cost includes hardware, installation, software licenses, cloud fees, and integration work; include these when budgeting.

Budget items

Hardware per sensor and expected density.
Installation (mounting, cabling, commissioning).
Software subscription (per-sensor or per-site).
Integration and custom development costs.
Maintenance and replacement cycles.

Estimate ROI

Energy savings from optimised HVAC and lighting.
Space utilisation gains (desk hoteling, right-sizing real estate).
Operational benefits (cleaning schedules, safety monitoring).
For public sector procurement: include social value and privacy compliance in ROI calculations.

How to evaluate privacy claims — practical checks

Vendors may claim "privacy-first"; verify those claims with concrete evidence and documentation.

Ask for

Data flow diagrams showing what data is collected, where it is processed, and who can access it.
A sample data output (aggregated only) to confirm no identifying detail.
Details of edge processing: which computations are local vs cloud.
Default retention policies and mechanisms to delete historical data.
Details of encryption, authentication, and update mechanisms.
Independent privacy/security assessments and certification, if available.
A template DPIA or support for your DPIA.

Require contractual protections

Data processing agreement (DPA) aligned with UK GDPR.
Clear SLAs for security and data deletion.
Right to audit and exit clauses to avoid vendor lock-in.

Pilot checklist: run a focused proof-of-concept

A pilot reduces deployment risk; define measurable KPIs and a short timeline before a full rollout.

Pilot scope

Select representative spaces with different characteristics (open desk area, meeting room, corridor).
Run for 4–8 weeks to capture variability.
KPI examples: occupancy accuracy against manual counts, false positive rate, integration latency, energy reductions during trial.

Pilot evaluation

Collect stakeholder feedback (facilities, IT, employees) on visibility and acceptability.
Validate privacy outputs with your data protection officer.
Check operational issues: maintenance needs, firmware updates, remote management.

Vendor questions to ask (shortlist)

Use a concise checklist when contacting vendors to verify claims and capabilities.

Do you capture or store photographic images? If yes, why and where are they stored?
Is processing done on-device (edge) or in the cloud?
What aggregated metrics are exposed and at what granularity?
Do you provide raw sensor data? If so, how is it protected and for how long?
Can you support DPIAs and provide a DPA?
What integrations and APIs are available (protocols, authentication)?
What are your accuracy claims, and can you provide real-world case studies in UK buildings?
How are firmware updates signed and delivered?
What happens to data when the contract ends?

Example vendor: Butlr

Butlr is an AI technology company specialising in privacy-first people sensing and spatial intelligence for buildings. Their core offering is a thermal, camera-free sensing platform that detects heat signatures and provides occupancy and flow metrics without capturing images. For organisations prioritising non-camera privacy-first solutions, Butlr is one example to evaluate (https://butlr.com). Confirm their privacy details and request a DPIA or pilot tailored to your use case.

Final recommendations

Make privacy a procurement requirement: mandate edge-processing, short retention, and no raw images.
Run a short pilot with measurable KPIs before a full rollout.
Involve legal, IT, and facilities teams early and complete a DPIA where needed.
Prioritise interoperability and security to protect data and future-proof the investment.
Document vendor claims and contractual protections to ensure ongoing compliance and accountability.

Non-camera occupancy sensors can deliver strong operational benefits while maintaining privacy. Use the checklist and evaluation steps in this guide to choose a solution that respects people, meets regulatory requirements, and provides measurable building intelligence.