No Sniffing Here

Footfall ls

Neal Forse, CTO - IoT Solutions Group

It was with interest that I read news of the fine imposed upon the City of Enschede in the Netherlands. If you have not seen the article then, in summary, it refers to a fine levied by the Dutch Data Protection Authority on the municipality, due to its use of WiFi sensors to measure the number of people in the city centre.

Colloquially termed WiFi MAC sniffing, the methodology involves detecting packets of data related to a specific device and registering them against a unique entity.

Even though no clear personal data was collected, the fact that unique, pseudonymised information was obtained made tracking and identification possible.

This in itself was deemed an offence and resulted in the €600,000 fine.


The approach is not new and has, realistically, been awaiting a test case in the courts for some time. The results are now in, but despite that, it is an area that has been subject of much debate over recent years. Is it ethical to use such methods?

We believe not and do not use MAC sniffing technology in any of our solutions, including the footfall monitoring devices we have deployed. Fundamentally we believe it is wrong and not in line with our tech for good philosophy. It opens the door for mal-practice and invasion of privacy when there is no need. As the Dutch DPA ruled, even though the intent was not to track people, using such a system made it possible.

In the field of footfall monitoring, we utilise PIR (Passive InfraRed) technology, which, not only avoids all collection of personal data, but is also more accurate.

WiFi sensing solutions rely upon a ratio of 1:1 (WiFi enabled device to person) to identify the number of people present in any given area. Now I don’t know about you but, with me, it’s not always 1:1 – some days I’m carrying two phones, an I-pad, a smart watch and a laptop in sleep mode. I would register as four or five people! At other times, I’ve dumped the lot in search of peace and quiet. In fact, it’s probably a rare occurrence for me to be carrying exactly 1 WiFi enabled device when I walk through a town centre.

By virtue of this, detection of the actual number of individuals in the town centre by this method is highly inaccurate. By utilising PIR technology we are able to precisely measure the number of individuals that pass in and out of a specified zone without safety or privacy concerns.

The fall-out

The implications of the ruling are significant, not only for the local authority of Enschede, but for organisations across Europe and beyond. We know that various UK councils are already utilising such technology, so are going to have to swiftly consider the way forward. This is important from both financial and PR perspectives.

Few UK authorities can cope with such substantial fines and, with a test case now on the books, albeit overseas, it will not be long before further scrutiny is placed upon the use of such methods in the UK.

From a public relations perspective, it presents a further challenge around faith in technology.

Fundamentally we believe tech can be and is generally a positive influence on society, but there are some exceptions. It takes little additional fuel for new, and often unfounded allegations to be made that diminish public faith in technology and, when this relates to solutions deployed by councils in town centres, this presents a serious issue.

It is incumbent upon ethical suppliers of technological solutions (not just IoT), councils and other partners to guarantee the privacy of the public. It is not for us to decide if we can collect identifiable data of those passing by – it is the right of the individual.

As an industry we need to respect this and do all we can to protect our reputations – not only for our own good, but to allow the expanded utilisation of such solutions that truly add value to society, save councils money and improve residents’ lives.