What is ‘COVID-19 Digital Campus: a living lab for digital technologies’?
The outbreak and rapid spread of Covid-19 across the world resulted in stringent limitations on interaction between people. Following the first wave of the pandemic, blanket lockdowns have been lifted piece-by-piece. Yet, Covid-19 will remain among us for some time and events in recent months have shown that people, albeit often unintentionally, violate the prescribed social distancing guidelines. Solutions are required which can help people to act responsibly. Digital technologies can aid in this process.
‘COVID-19 Digital Campus: a living lab for digital technologies’ is an initiative that comprises four research and innovation projects in support of the ‘1.5m campus’. The initiative is unique because it combines scientific research and practical use. TU Delft researchers are expanding scientific knowledge on topics such as mobility flows and student wellbeing and leverage their expertise to create smart digital solutions in support of campus management and campus life. The aim of these new smart digital solutions is to monitor crowding levels on the TU Delft campus and measure the wellbeing of students.
The initiative features four projects, namely:
- Outdoor Mobility Dashboard (OMDt)
- Building Rhythms
- Conversational agent
- Contact networks for human mobility processes
Jointly, these four projects provide various insights into crowding levels and mobility movements on the TU Delft campus. These insights can be used to define and evaluate crowd management measures and policies in support of the 1.5m-society.
Various data sources are used within the project. As far as possible, data will be drawn from publicly available sources. For instance, travel times and densities of the road networks are drawn from the National Data Warehouse (www.ndw.nu), planned and actual travel-time information from the national public transport data warehouse (https://ndovloket.nl), real-time bridge openings (https://blauwegolfverbindend.nl), and the number of users in parking garages in Delft. Only if the required data are not publicly available will data be collected as part of this project.
The Outdoor Mobility Dashboard and Building Rhythms project (Projects 1 and 2) feature data from a comprehensive mobility monitoring system consisting of an assorted set of sensors. The conversational agent (Project 3) collects responses of staff and students, e.g. about their well-being. The human mobility networks modelling does not involve any data collection (Project 4).
This privacy statement explains how your privacy is protected while your data are collected and analysed..
Privacy summary ‘COVID-19 Digital Campus – a living lab for digital technologies’
The primary interest of this initiative is to provide insight into crowdedness and mobility on campus, as well as insight into student wellbeing. These insights can be used to define, evaluate, and test policies that aim to limit the transmission of the Covid-19 virus on the TU Delft campus.
The different projects within the initiative have a different timing. The current privacy statement constitutes information relevant to Project 1, the ‘Outdoor Mobility Dashboard’. This Privacy Statement will be revised as soon as new functionality is added to Project 1 or when the other projects become operational.
Project 1: Outdoor Mobility Dashboard (OMDt)
The Outdoor Mobility Dashboard is an important aid to support protecting the well-being of our staff, students and visitors of our campus during the Covid-19 pandemic. It is deployed to detect potential high-risk situations when sufficient distance is not maintained, since this presents a potential risk for public health. It also serves scientific research related to mobility and social distancing.
No personal data are processed and collected for the Outdoor Mobility Dashboard. The sensor network that collects the data for the Outdoor Mobility Dashboard identifies how many people are within the view area of each sensor and how they move, not who is within the view area. Any piece of information that might relate to an identifiable person is encrypted in such a way that it cannot be traced back to the individual.
Part of the OMDt project is a digital twin of the TU Delft campus (see figures 1 and 2). This is a digital replica of the campus, which displays the multi-modal movements of people across TU Delft campus. This digital twin is fed by mobility data that is gathered by a mobility monitoring system. A mobility monitoring system is a set of sensors, algorithms and servers that continuously assesses the state of pedestrian and cycling infrastructure, such as TU Delft campus. This system, for instance, determines the average walking speed, maximum density and average interaction distance between pedestrians and cyclists at our campus.
Privacy-by-design is embedded in the backbone of the monitoring system. Below you can find detailed information about how the right to privacy is preserved, while developing and using the systems.
How does the OMDt project adhere to the General Data Protection Regulation (GDPR)?
By adopting privacy-by-design the OMDt team commits to comply with the General Data Protection Regulation. Further, the OMDt team undertakes to:
- openly communicate about the locations and time periods at which a monitoring system is active;
- provide details with respect to the type of sensors and information that are deployed to collect information;
- explain the reasoning why crowd monitoring systems are used;
- ensure that the usage and storage of your data has a legitimate purpose;
- ensure that usage and storage of your personal data is minimised;
- ensure that your data is secured and treated with care.
Legal basis for data collection
The legal basis for the processing of the data is the protection of the vital interests of TU Delft. Firstly, these encompass the health and safety of the staff, students of, and visitors to, TU Delft and companies located on campus (i.e. during the current pandemic). After the pandemic, these vital interests will pertain to the accessibility of the campus, as well as the safety, health and security in the short term (traffic safety) and the long term (liveability and sustainability).
In the case of UMO app, we will operate under consent as a legal basis. This means that we will ask you for specific permission to process some of your personal information, and we will only do so if you provide us your consent. You may withdraw your consent at any time by contacting s.hoogendoorn-lanser@tudelft.nl.
Adopting privacy-by-design
Privacy-by-design is at the heart of this project. The raw (unprocessed) collected data is encrypted at the source (i.e. the sensor) in such a way that it is impossible (even for those involved in the project) to recreate the raw data without the exact encryption algorithms and seeds. These algorithms and seeds change dynamically every day.
In addition, the only data which are essential to evaluate people’s movements are captured by the crowd monitoring system and transmitted from the sensor directly towards the mainframe. No identifiable data leaves the camera’s. If someone manages to intercept the data stream, privacy is still maintained.The mainframe only stores anonymized aggregated statistics showing people as ‘moving objects’. These statistics cannot be traced back to any identifiable person.
Further, the Outdoor Mobility Dashboard only collects data for the purpose of the initiative ‘COVID-19 Digital Campus – a living lab for digital technologies’ firstly, and secondly for the ‘Mobile Campus 2.0’ project, intended to run for the coming five years. The system does not collect nor transmit video feeds. Video images captured (raw data) are translated into statistics at source (i.e. the sensor).
Finally, researchers and security staff have no access to the video feeds.
What data are collected?
As indicated above, only the following data are collected:
- The speed and direction of moving objects;
- The location of all objects within a field of view of a sensor;
- A temporary hashed identifier of Wi-Fi/Bluetooth enabled devices;
- The (subjective) assessment of crowdedness by individuals that volunteer to participate in the collection of these data for the OMDt (including the location that the assessment adheres to);
- Variability in mood of passing persons.
No information is stored at the level of individual objects or Wi-Fi enabled devices. Aggregate statistics, such as average speed, density, flow, travel time and route pertaining to crowd movement dynamics at TU Delft campus are stored in a database within TU Delft’s secured ICT infrastructure. In the same database, aggregated statistical information on variability in mood of one location (on the bike path near the main entrance of CEG) is periodically stored.
Four distinct sensors are used to collect the data of the OMDt, namely:
- Automatic counting systems;
- Stereo-vision sensors;
- Wi-Fi/Bluetooth/radar sensors;
- Smartphone applications which collect subjective crowdedness and location information (opt-in only);
- Sensors with stereo vision and with ability to determine mood.
Since October 2021, Resono data has been purchased and used in the OMDt. These show how busy it is in different parts of the campus (divided into eight areas) and how the crowdedness changes over time. From the Resono data, we also know per 24 hours from which PC4 areas visitors to the campus come from. These data are completely anonymous.
Below you can see additional and detailed information about how these sensors work and where they are located at TU Delft.
-
The table below provides an overview of the sensor locations and data that is collected by each sensor.
Location Sensor of type Collected data In front of AS - old
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelweg, in front of X
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelweg, in front of Balpol 1
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelweg, in front of EEMCS
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Stieltjesweg, between CEG and AS - old
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow
Between Aula and AS - old
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelweg, next to bridge to IDE
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelweg, near the crossing with Jaffalaan
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Christiaan Huygensweg, near the crossing with Schoenmakerstraat
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Leegwaterstraat, near the crossing with Jaffalaan
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Leegwaterstraat, near the crossing with Cornelis Drebbelweg
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow In front of Bouwpub
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Corner of Library / Schoemakerstraat
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Cycling path AS/ Freezone C
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow In front of Aula
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Stieltjesweg, near the crossing with Schoemakerstraat
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Mekelpark, CEG
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Cycling path CEG near classroom B
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Berlageweg / Van der Burghweg
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Cycling path near Fellowship
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Cycling path near AE
Wifi/bluetooth/radar
Identification code of devices on which Wi-Fi is activated; flow Bus stop TU Mekelpark, CEG side
Stereo vision sensor
Location, direction and speed of all moving objects Bus stop TU Mekelpark, EEMCS side
Stereo vision sensor Location, direction and speed of all moving objects Bus stop TU Aula, Aula side
Stereo vision sensor Location, direction and speed of all moving objects Bus stop TU Aula, IDE side
Stereo vision sensor Location, direction and speed of all moving objects In front of IDE
Stereo vision sensor Location, direction and speed of all moving objects Mekelweg, near the crossing of Jaffalaan
Stereo vision sensor Location, direction and speed of all moving objects Mekelweg, near bridge to IDE
Stereo vision sensor Location, direction and speed of all moving objects Cycling path EWI / CEG before crossing with the buslane (1)
Stereo vision sensor Location, direction and speed of all moving objects Cycling path EWI / CEG before crossing with the buslane (2)
Stereo vision sensor Location, direction and speed of all moving objects Cycling path between CEG / AS
Stereo vision sensor Location, direction and speed of all moving objects Cycling path near main entrance CEG (1)
Stereo vision sensor Location, direction and speed of all moving objects Cycling path near main entrance CEG (2)
Stereo vision sensor Location, direction and speed of all moving objects Cycling path near main entrance CEG (3) Depth sensor with mood determination Location, direction of movement and speed of all moving objects and variability in mood of passers-by per time interval (at least 1 minute) Bus stop Berlageweg, X side
Stereo vision sensor Location, direction and speed of all moving objects Bus stop Kluyverpark, Reactor Institute side
Stereo vision sensor Location, direction and speed of all moving objects Bus stop Kluyverpark, AS side
Stereo vision sensor Location, direction and speed of all moving objects
Locations at TU Delft Campus with stereovision sensors.
Locations at TU Delft Campus with wifi/bluetooth/radar sensors.
-
This digital sensor is a combination of a 2D-camera and computer vision software. The video feed from the camera is analysed using software in the camera real-time and is erased directly afterwards. Only the results are transmitted to the Digital twin of the TU Delft campus (DCTUD) mainframe. Each minute, the mainframe receives a message consisting of the sensor ID, the timestamp, the inflow and the outflow. In some cases, also the trajectory of the moving objects in the field of view are part of this message (depending on the precise make and model of the camera). These trajectories feature only the location of the object at a specific moment in time. No identifiable information pertaining to the object is captured. The cameras are placed far enough from one another such that fields of view do not overlap and consequently trajectories from different cameras cannot be combined into a single trajectory.
This digital sensor is a combination of a stereo-vision camera and computer vision software. In real-time, the video feed of the camera is analysed by means of this software at the source and directly erased afterwards. Only the results of the analyses are transmitted to the OMD mainframe. Each minute, the mainframe receives a message consisting of the sensor id, the timestamp, and the inflow, the outflow and the number of objects that are visible in the field of view and the trajectory of the moving objects in the field of view. It is not possible to trace individual objects since the fields of view of the stereovision cameras do not overlap.
Combined Wi-Fi / Bluetooth / Radar sensors are used to determine the density of pedestrian and cyclist flows on a specific location on campus as well as the routing of pedestrians and cyclists over campus.
1. Wifi / bluetooth
In the OMD project the Wi-Fi / Bluetooth in the combined Wi-Fi / Bluetooth / Radar sensors are used to determine the routing of pedestrians and cyclists over campus.
Each Wi-Fi enabled device, such as a smartphone or a wireless printer, transmits messages to determine the nearest cell tower and/or to communicate with other devices. These messages contain information pertaining to the identification of the Wi-Fi enabled device and the signal strength of the connection of the device and the cell tower. A Wi-Fi sensor detects the communication of these Wi-Fi enabled devices with the nearest cell tower or Wi-Fi router, and filters out the unique media access control (MAC) addresses of these mobile devices. Only part of the messages is detected, and this corresponds to roughly 20% of the devices in the vicinity of a sensor. The main reason that only a minority part of the messages is detected is that some types of mobile devices (specifically newer models) shield the MAC address of a device, and send a rotating MAC-address instead. The messages of these types of mobile devices can consequently not be used to track the movements of a device through the sensor network. Furthermore, if a user has disabled Wi-Fi / Bluetooth on a device, they do not send messages and can thus not be detected. Comparing the lists of unique devices of two locations makes it possible to determine how many devices moved from one monitored location to the next. Routing of pedestrians and cyclists over campus can be determined even when only some of the devices are detected as long as the number of devices on campus is large.
The MAC-address, which is part of this message, is privacy-sensitive information as it can be used to identify one particular Wi-Fi enabled device that belongs to a particular person. To ensure that the privacy rights of individuals are safeguarded, the Wi-Fi sensors used in the OMD project anonymise the data (hashing) every minute so it cannot be traced back to a Wi-Fi device. Moreover, a person’s hashed MAC-address is ‘forgotten’ as quickly as possible (average: 30 min), but at least once a day.
The anonymisation process consists of four steps, which are performed each minute:
- Capturing the messages and filtering the MAC-addresses and timestamps from each of the collected messages.
- Scrambling the MAC-addresses by applying a hashing algorithm. All sensors within the monitoring system apply the same hash at the same time, which is changing at least once a day.
- Deleting a part of the hashed addresses, which ensures that even if one knows the exact hashing algorithm, one is not able to recreate the original MAC-address.
- Transmitting the list of shortened hashed MAC-addresses to the mainframe via a secure connection.
After this process, the mainframe database translates these lists of hashed identifiers into aggregate statistics and erases the underlying lists. These lists are only stored for as long as it has a value for the analysis modules, which is maximum 30 minutes after the data was captured. The ‘old’ data is continuously pro-actively erased from the mainframe.
2. Radar
In the OMD project the Radar in the combined Wi-Fi / Bluetooth / Radar sensors is used to determine the density of pedestrians and cyclists on specific locations on campus. The radar detects moving objects (without identifying who is who) and distinguishes between pedestrians, cyclists and cars e.g. based on their speed.
A smartphone application is provided to volunteers aiming to collect (subjective) information about the situation on campus. Users of the app are asked to send a notification if a location appears to be crowded to them and about the perceived reason of overcrowding. The location of the smart phone and the timestamp are automatically sent with the notification. This means that only location information is collected for specific moments in time after the action taken by the smartphone user.
Use of the app and the notification is voluntary. Before a person is able to use the app, they are required to accept the service agreement (informed consent) and are explicitly asked whether they agree that their location information may be shared with the DCTUD as part of the assessment.
The notification, location and timestamp are directly transmitted to the mainframe and securely stored. As these notifications are very important for the operation as well as policy evaluations of the longer term, this particular information will not be deleted from the mainframe.
Sensors with stereo vision and mood determination
This digital sensor is a camera with stereo vision. The video images from the camera are transmitted through a secure connection to a secure TU Delft server located in a locked room. This server contains computer vision software that analyses the images. After analysis, the images are immediately deleted. Only the aggregated and anonymised results of the analyses are subsequently sent to the OMD mainframe. Every minute, the mainframe receives a message, which, in addition to the ID of the sensor and a time code, contains the inflow, outflow and number of objects visible in the field of view, as well as the route of moving objects c.q. passersby in the field of view. The message to the mainframe also includes the variability in moods of all passing persons. The mood is determined based on analysis of facial expression ( state of the mouth and eyes). It is not possible to track individual objects or persons since the fields of view of the stereo vision cameras do not overlap. Neither can the individual state of mind of persons be ascertained.
-
Data collected are transmitted from sensor to our data storage facilities through https. Only anonymized data are stored in our databases. Potentially identifiable data like a MAC address are hashed with a non-stored and often changing hash key. This means that, even with access to the data, it is impossible to reconstruct multi-day movement patterns and identify persons that way.
Access to our data API is strictly monitored and only possible with a 256-bit key provided by us. In the event of unexpected activity all keys are invalidated and changed immediately.
-
All personal data collected and processed as part of this project will be anonymized or deleted at the time they are no longer needed for scientific research.
This table complements the specific retention times for the data used in the Project.
Project area
Type of data
Retention period
Outdoor Mobility Dashboard
Raw data
Immediately erased
Anonymised identifiers derived from hashed MAC addresses
Stored indefinately
Movement data and people counts from stereo camera’s
Images are not stored, coordinates are transmitted and stored in our databases
Radar detections (pedestrians and cyclist counts)
Counts are transmitted and stored in our databases
Aggregate statistics, such as average speed, density, flow, travel time and route pertaining to the mobility movement dynamics on the TU Delft campus are stored indefinitely for management and research purposes. Please bear in mind that no personal data is involved. The one exception to this rule is the crowdedness assessment from individuals that voluntarily send this data via a smartphone application. OMD stores the location from where the assessment was sent indefinitely for management and research purposes. -
If your questions are not yet fully answered after reading this page, please contact Sascha Hoogendoorn-Lanser (director of the Mobility Innovation Centre Delft) the OMD team via s.hoogendoorn-lanser@tudelft.nl.
For relevant privacy questions you can also contact our Data Protection Officer, Erik van Leeuwen via privacy-tud@tudelft.nl.
