Anyone who has fitted a website with a cookie banner or wired up an opt-in flow arrives at footfall counting expecting the same paperwork. The instinct is reasonable: privacy law has trained everyone to assume that measuring people means asking permission first. So the question comes up on nearly every people-counting evaluation, usually early and usually nervously. Do we need a consent banner at the door? Do we need visitors to opt in before we count them?

The short answer, for a method that captures no personal data, is no. But the reason matters more than the answer, because the wrong reason will get you into trouble the moment a data protection officer or a regulator asks you to defend it. "Consent-free" is not a marketing claim to wave around. It rests on a specific fact about what the sensor does and does not capture, and if that fact does not hold for your setup, the exemption does not hold either. This post explains why counting footfall can be consent-free, exactly where consent still applies, and how a camera-free method keeps the count on the right side of the line.
This is general information, not legal advice. Every deployment has its own facts, and you should confirm your specific setup with your DPO or legal counsel before you rely on any of it.
Do you need consent to count footfall?
Consent under GDPR is a lawful basis for processing personal data. If a footfall method captures no personal data, meaning no camera image, no MAC address, no device ID, and no biometric data, then there is no personal-data processing to seek consent for, so no consent banner or opt-in is required for the count itself. This is the honest reason "consent-free" works here: not that data is anonymized after collection, but that no personal data is collected in the first place. Consent becomes relevant only for optional identified features, such as a guest Wi-Fi login, which a visitor chooses to give. This is general information; confirm your specific deployment with your DPO or counsel.
Why consent enters the picture at all
To see why counting can be consent-free, it helps to be precise about what consent is for. Under the General Data Protection Regulation, Regulation (EU) 2016/679, consent is one of several lawful bases a business can rely on to process personal data. The others include contract, legal obligation, vital interests, a public task, and legitimate interests. The point that gets lost in the cookie-banner era is that all of them are bases for processing *personal data*. If there is no personal data being processed, you are not choosing between lawful bases at all, because you never needed one for that activity.
That reframes the footfall question completely. The instinct to reach for consent comes from years of web tracking, where cookies and device identifiers are personal data and consent is the usual basis for placing them. A physical counter is a different situation, and the honest test is not "which lawful basis do we pick" but the prior question: is any personal data being processed here in the first place. If the answer is no, the consent machinery simply does not engage.
That is also why a legitimate-interest argument, while valid for many analytics activities, is not the cleanest way to justify a no-PII count. Legitimate interest is a basis for processing personal data without consent. Reaching for it implies there is personal data to process. A method that captures none does not need to make that argument; it sits before the question rather than answering it.
The no-PII path to consent-free
The strongest position is not "we collect personal data and then remove the identifying parts." That is anonymization, and it is weaker than it sounds, because at the moment of capture the personal data existed, was processed, and had to be handled under GDPR before anything was stripped from it. A camera counter that records faces and blurs them afterwards has still captured images of identifiable people at the sensor. The blurring is a mitigation applied to personal data, not the absence of personal data.
Consent-free footfall analytics works on the opposite principle: there is nothing to consent to because nothing personal is captured. A method that measures the geometry of a moving body rather than its image, and that stores no device identifier, never holds personal data at any point in the chain. There is no image to blur, no identifier to hash, no record to scrub, because none of it was collected. The data that exists is a count, a dwell time, a path, none of which relates to an identifiable person.
This distinction is not pedantic. It changes what a business has to be able to prove. Anonymization has to be defended: how strong is it, could the data be re-identified, was it truly irreversible. A no-capture method sidesteps that entire line of questioning, because the honest answer to "what personal data did you collect and how did you protect it" is that none was collected. That is a far simpler thing to stand behind, and it is the difference this post is built on.
Where consent still matters
Being precise cuts both ways. "Consent-free" describes the anonymous count, and it does not describe every possible feature a system might offer. The moment a deployment adds something that captures a real identifier, consent comes back into the picture, exactly as it should.
The clearest example is a guest Wi-Fi login. If a venue offers Wi-Fi and a visitor chooses to log in with an email address or a social account, that is personal data, freely given by the visitor for a purpose they can see. That is a textbook consent situation, and it is entirely separate from the anonymous count running in the background. The same goes for tying footfall to a loyalty programme a shopper has joined, or any opt-in loyalty and footfall feature where the visitor knowingly identifies themselves. These are opt-in by design, and the consent they rely on is the visitor's own choice to identify, not a blanket banner covering everyone who walks past.
Keeping these two things separate is what makes the consent-free claim honest. The anonymous count needs no consent because it captures no personal data. The identified features need consent because they capture personal data, and they get it explicitly, from the individual, for a clear purpose. A vendor that blurs this line, or that quietly folds identifier capture into a "consent-free" count, is the one to be wary of. The right architecture treats the count and the opt-in features as two different systems with two different legal footings.
This is also why the modality of the count matters so much. A non-biometric counting method that never touches an identifier stays consent-free. A method built on capturing something identifiable does not, no matter how it is described. It is worth knowing why Wi-Fi MAC methods can need consent: a counter that collects and stores the MAC address a phone broadcasts is handling a device identifier, which many regulators treat as personal data, and that pulls it back into the consent question the no-capture method avoids. If you want to see the difference concretely, the practical test is what a sensor actually captures, stated plainly rather than buried in a policy.
How Ariadne keeps the count consent-free
Ariadne measures this with Hybrid Fusion, its patented camera-free method. Time-of-Flight depth sensing counts every visitor at the entrances, capturing geometry rather than images, while patented phone signal sensing follows movement through the interior, detecting the signals a phone emits even in airplane mode, and tracks that movement to about one-metre precision. The sensor streams both feeds to Ariadne, where Hybrid Fusion combines them into one trajectory per visit and computes counts, dwell, and paths. The streams carry no identifier: no MAC address, no device ID, no biometric data, and no camera is involved. Identifiers are stored only when a visitor explicitly opts in, which keeps the method GDPR-friendly and outside biometric territory.
Read against the consent question, that architecture is the reason the count needs no banner. The two feeds the sensor streams carry no identifier, so there is no personal data flowing through the count at any stage, which means there is nothing for a visitor to consent to. The fusion that turns those feeds into a trajectory happens centrally in the Ariadne platform, not on the sensor and not at the edge, and it still holds no identity: the trajectory is a shape moving through a space over time, not a named person. Because counting captures no biometric data, it also sits outside the high-risk biometric-identification territory that the EU AI Act, Regulation (EU) 2024/1689, singles out in its Annex III; there is no biometric identification or categorisation happening to fall under those rules. That is a statement about what the method does, not a blanket claim that no regulation ever applies, and your DPO should confirm the classification for your deployment.
The opt-in features live on the other side of that line, by design. If a venue chooses to run a guest Wi-Fi login and a visitor logs in, that visitor has consented to being identified for that purpose, and it is handled separately from the anonymous count. The count does not depend on it and does not change because of it. That separation is the whole point: consent-free people counting for the crowd, explicit consent for the individual who chooses to identify.
What to still show visitors
Consent-free does not mean invisible, and it should not. Even where the law requires no consent for the count, telling visitors what is happening is good practice and, in many jurisdictions, a transparency expectation worth meeting regardless. A short, plain sign at the entrance that a venue measures visitor numbers to manage the space, with a pointer to a privacy notice for anyone who wants detail, costs nothing and builds the trust that a quietly-running sensor can erode if a visitor discovers it by accident.
The transparency notice is also where the opt-in features get explained honestly: that the count is anonymous and needs no consent, and that any identified feature such as guest Wi-Fi is separate and opt-in. Writing it that way does two things at once. It satisfies the general transparency principle GDPR expects, and it makes the consent-free claim legible to the one visitor in a thousand who reads the notice and cares. Whether a specific sign or notice is legally required in your setting is a question for your DPO or counsel; treat this as good practice rather than a legal instruction.
FAQ
Do you need consent to count footfall?
Not for a method that captures no personal data. Consent under GDPR is a lawful basis for processing personal data. A count that captures no camera image, no MAC address, no device ID, and no biometric data is not processing personal data, so there is no processing to seek consent for. This is general information; confirm your specific deployment with your DPO or counsel.
Why is this consent-free without anonymizing anything?
Because there is nothing to anonymize. Anonymization means collecting personal data and then removing the identifying parts, which still involves capturing personal data at the sensor. A no-capture method never holds personal data at any point, so the consent-free position rests on the data never existing rather than being scrubbed after the fact.
When does consent still apply?
When a deployment adds a feature that captures a real identifier that a visitor chooses to give, such as a guest Wi-Fi login or a loyalty tie-in. That feature is personal data, freely given for a clear purpose, and it is handled separately from the anonymous count with its own explicit consent.
Is a Wi-Fi MAC-based counter consent-free too?
Usually not in the same way. A counter that collects and stores the MAC address a phone broadcasts is handling a device identifier, which many regulators treat as personal data, so it can need a lawful basis and often a consent or transparency step that a no-identifier method avoids.
Do we still need to tell visitors anything?
Even where no consent is required, clear signage and a privacy notice are good practice and often a transparency expectation. Tell visitors the count is anonymous, and explain separately that any identified feature such as guest Wi-Fi is opt-in. Confirm what your specific setting requires with your DPO or counsel.

---



