Any organisation that wants to understand how people move through a space, an airport, a station, a shop, a venue, runs into the same tension. The insight is valuable, but the usual way of getting it, the camera, collects personal data, and under the GDPR personal data brings obligations, risk, and friction.
Optimizing Airport Operations with LiDAR-Based Passenger Tracking
Rising passenger volumes are pushing airports to operate with greater precision and efficiency. LiDAR-based Spatial Intelligence provides real-time visibility, enhancing flow, safety, and overall passenger experience.
Read article →
What counts as personal data
Under the GDPR, personal data is any information relating to an identified or identifiable person.
This is why any analytics method that records images or tracks individual devices has to assume it is processing personal data and take on the duties that follow: a lawful basis, transparency, retention limits, security, and the rights of the people involved.
Why LiDAR is different
LiDAR does not take pictures. It measures distance, building a 3D map of shapes and their positions in space. A person appears as a moving cluster of points, not as an image.
Anonymous vs. Anonymized: learn the difference
Understanding Anonymity in Sensor Data: discover the inherent privacy characteristics of each type of Sensor data and the potential risks associated with anonymizing sensitive information
Read article →
There is no face, and no device identifier.
With cameras, privacy is something you manage on top of the data. With LiDAR, the data is non-identifying from the start.
Privacy and data protection by design
The GDPR asks organisations to build privacy in from the beginning rather than bolt it on, a principle it calls data protection by design and by default. A camera deployment satisfies this through layers added around the footage: masking, access controls, short retention, and so on. Each layer is a control that can fail or be misconfigured.
LiDAR satisfies the same principle at the source. The minimisation is physical.
The sensor never captures identifying detail, so there is nothing to mask, nothing sensitive to secure, and nothing to leak.
Practical benefits for compliance teams
The practical effects are easy to see. Data protection impact assessments are shorter and lower risk, because the central concern, processing identifiable people, is removed.
Consent and signage requirements ease, because there is no personal data being captured. Retention is simpler, because aggregated counts and flow metrics are not personal data and do not carry the same storage limits.
Deployments become possible in sensitive areas, near security screening, in medical zones, in spaces used by children, where a camera would be hard or impossible to justify. And the risk of a damaging personal data breach drops, because the most sensitive material is never created.
A note on doing it properly
Choosing LiDAR does not switch off good governance. Teams should still document why the system is non-identifying, confirm that no other data source is combined with it in a way that could re-identify people, and be transparent with the public about what is and is not being collected.
The point is not that compliance disappears.
It is that the work becomes proportionate to a system that was built not to collect personal data, instead of heavy work spent protecting data that did not need to exist.