Most people counters for stores and sites are today equipped with 2D or 3D sensors. These people counters are defined to process personal data as they monitor peoples' presence and movement through video surveillance. Some suppliers of people counters also store location and time data, unique people IDs and even biometric data.
As it almost always is a matter of large-scale processing of personal data processing, it becomes critical to use a supplier who understands how to minimise the obvious legal and privacy risks.
However, due to the lack of transparency, it can be a real challenge to ensure that suppliers minimise the risks, particularly as most suppliers don't even believe GDPR applies to their people counting activities.
One reason they take this standpoint is that it removes a possible sales hurdle for them. Another is probably that, at the end of the day, the ultimate responsibility lies with the shops and sites.
This complexity is one of the reasons why Indivd was established in 2017 as a humanitarian, self-funded research project. Our aim was to develop the first privacy-friendly people counter. The result is both a patented anonymisation method and the first people counter that has been approved by the Swedish Authority for Privacy Protection.
It's quite complicated to explain what anonymisation is and how it works, which is why we in this article try to do exactly that. We will explain why Indivd uses anonymisation, how Indivd's patented anonymisation method works, and why anonymisation is recommended by one of raw European sata protection board.
Anonymisation is an irreversible personal data processing, making it impossible (or extremely impractical) to identify the natural person.
In the context of people counters, this means that simply erasing the image and saving random, hashed or salted data for a customer is not enough. This data is still personal data which, in combination with location data for the store/mall, time data relating to when the processing took place and external data such as mobile phone data, easily can be used to identify a unique natural person.
Anonymisation requires it to practically be impossible to identify the person, which can be tested with available data. If the data can be traced to a natural person, then the activity is pseudonymisation rather than anonymisation. This means that the data has been processed but that it is still personal data. that can identify a natural person.
In 2017, Indivd began to develop an anonymisation method with the purpose of reducing the risk of privacy breaches. This was in response to our realisation that there were major ethical risks associated with how various people counters were constructed.
GDPR came into force a year later, while at the same time new innovations were needed, new methods that could replace the old ones. We were not the only ones that saw the risks. The Confederation of Swedish Enterprise released a report in 2019, pointing out the risks of AI development, and in 2020, the European Commission released a major report on the dangers of surveillance.
The report addressed the importance of implementing measures to minimise the risks. Their view was that development companies needed to come up with preventive measures. Anonymisation was one of the measures they highlighted.
Anonymisation is a safe and secure way to conduct people counting, as it makes it impossible (or extremely impractical) to identify the natural person.
We believe anonymisation is the right way, and people in general seem to agree. Surveys show that 95 percent of customers agree to measures that protect their privacy.
We are thus glad to be the supplier of the most reviewed people counter on the market. And the first and only people counter that has been assessed and approved by the Swedish Authority for Privacy Protection.
Data is, according to EU, an important driving force behind innovation. But it must not be at the expense of our fundamental common values: Respect for human dignity, pluralism, non-discrimination, and privacy protection.
Indivd’s patented anonymisation method is based on several years of integrity research. Much like researchers in medicine, for example, Indivd uses a form of data grouping.
The data grouping takes place in a neural network. The anonymisation takes place in real time and is carried out without saving any exact time data. Groups are a type of categories designed to not convey any meaningful information about the individual. This grouping is done at an accuracy level of about 50%, meaning the grouping is random.
Once the anonymisation process is completed, the identity is irrevocable, and the result is groups that are impossible to de-anonymise. And this is regardless of whether you have access to our database with anonymous data, an image of the visitor, time and location data from the person was in the shop, our anonymisation method and the geographical location of the store or mall.