Smart building occupancy sensors measure the presence, count, or movement of people inside rooms, corridors, and open spaces to inform HVAC, lighting, space planning, and security systems. In Germany in 2026, buyers must balance accuracy and operational benefits with strict privacy rules, works council obligations, and rising cybersecurity expectations.
Why privacy-first sensors matter in Germany
Germany enforces strong data protection through the EU General Data Protection Regulation (GDPR) and national law (BDSG). Beyond legal compliance, works councils (Betriebsrat) have co-determination rights around employee monitoring, and local data protection authorities take an active role in enforcement. Choosing sensors that minimize personal data collection reduces legal risk, improves employee trust, and simplifies deployments.
- GDPR requires a lawful basis for processing personal data and mandates data minimization, purpose limitation, and retention controls.
- Sensor deployments that can identify or single out individuals are likely to trigger stricter rules and works council consultation.
- The German Federal Office for Information Security (BSI) and state data protection authorities publish security and privacy guidance relevant to IoT and building systems.
Types of occupancy sensors — brief definitions
- Passive Infrared (PIR): Detects motion via changes in infrared light; simple and low-cost, but limited to motion detection and can miss stationary occupants.
- Thermal sensors: Detect heat signatures (infrared) without producing images; can count people and detect presence while preserving anonymity.
- mmWave radar: Uses radio waves to detect movement and micro-motions; works in low light and through some obstructions, typically preserves anonymity.
- Camera-based sensors: Use images or video; high accuracy and features (e.g., posture detection) but carry high privacy risk and regulatory burden.
- CO2 and other environmental proxies: Infer occupancy from air quality changes; inexpensive but slow and indirect, not suitable for precise counts.
Privacy-first means a system designed to avoid collecting personally identifiable information (PII) in the first place, using anonymized, aggregated outputs and on-device processing where possible.
Practical buying criteria
Use this checklist to evaluate vendors and products. Prioritize items that reduce privacy and security risk while delivering the business value you need.
Functionality and performance
- Detection type: Does the sensor use thermal, radar, PIR, camera, or a hybrid approach?
- Accuracy and granularity: Can it count people, detect presence only, or track dwell times? Ask for independent benchmarks in environments similar to yours.
- Coverage and mounting: What field-of-view, ceiling height, and spacing are required per sensor?
- Environmental robustness: Can it handle varying temperatures, reflections, or open-plan spaces common in German offices?
Privacy and data governance
- Data minimization: Does the device avoid raw image capture or unique identifiers by design?
- On-device processing: Are detection and anonymization performed at the edge before sending any data off-device?
- Output types: Does the sensor export only aggregated event counts, occupancy status, or anonymized heatmaps?
- Retention and deletion: What default retention periods exist and can they be configured to meet GDPR requirements?
Security and compliance
- Encryption: Data in transit and at rest must be encrypted using modern standards.
- Authentication and access control: Support for role-based access and integration with your IAM systems.
- Certifications and audits: Look for ISO 27001, SOC 2, or equivalent and ask for penetration test reports.
- Vulnerability management: Vendor policies for firmware updates, patching, and incident response.
Integration and scalability
- Building management integration: Compatibility with BMS protocols (BACnet, Modbus), room scheduling systems, and energy platforms.
- APIs and data export: Well-documented APIs and support for common formats for analytics or data lakes.
- Network and power: Options for Power over Ethernet (PoE), wired, or secure wireless, and implications for network segmentation.
Operational total cost
- Installation and commissioning costs (ceilings, cabling, calibration).
- Ongoing license fees and cloud costs.
- Support SLAs and training.
- Expected ROI from energy savings, space optimization, or desk hoteling improvements.
Vendor transparency and support
- Data processing agreements and data flow diagrams that show where data resides and who has access.
- Local presence or EU data processing guarantees.
- Clear documentation for works council consultation and privacy impact assessments (DPIA).