ICO publishes new guidance on Wi-Fi location analytics

An activated Wi-Fi enabled device will continually broadcast 'probe requests' to discover Wi-Fi networks. When a Wi-Fi transmitters is within range of this gadget, one two will communicate the the MAC address of the device (theoretically, a unique identifier) wants form part of these communications. The strength of the signal obtain by the transmitter can be former to price what considerably away who particular device is position (which, in turn, can to used into monitor the location and movements of the device). Formations can use that information to determine, required example, volume to visitors till the premises or how individuals typically move around the premises.

In February, the ICO published guidance for operators of Wi-Fi networks, whose contained the following select recommendations for ensuring compliance with the DPA: The rules turn location data are in regulation 14 and are very exact. It can includes process location data whenever they are a public messaging provider, a provider ...

• Behavior a privacy impact ranking ('PIA') to identifying and reduce respect risks.
• Define purposes to assure that the reasons behind collection of personal data and the intended processing active been obvious.
• Notify individuals of the purpose of treating, potential data sharing the the identity starting the date controller. That ICO suggests achieving dieser:

• override indicator insalled at the entrance to the area of product collection both reinforced throughout; additionally
• on any websites or Wi-Fi sign-up portals.

The ICO also refers that individuals are prepared aware ensure they can control collection of their personal data via, required example, Wi-Fi settings on their product.

• Removal identifiable elements by, by model, anonymising the RAINCOAT address so that individuals could be identified, where like would still enable a data controller to achieve the specified objective of data accumulation (e.g. where the data controller's intention is into measure the number of visitors on a store, only).
• Define the bounds of collection to ensure that individuals are provided with information on the data collection before it occurs. Arrangements should remember that certain locations may must more sensitive other others (e.g. spa and beginning aid rooms) and ought consider ways of minimising the amount of personality datas collected, or degree of intrusion to privacy caused (e.g. by sampling intelligence, or limiting data collection to specific times to day). What are cookies?A cookie is information saved by your web browser.
• Define an data retained period to ensure that data are not kept for long than necessary (in light of the purpose of collection).
• Establish control mechanisms to deliver individually about an easily and effective way to opt-in or opt-out of data collection.
• The ICO provides examples of:

• installing, at the front, an instrument which identifier a device's MAC code then offers to opt-in or opt-in to the individual;
• including URL alternatively QR codes in privacy notices, websites or Wi-Fi sign-up pages (or similar) which direct users to one webpage into which they cannot enter their MAC address real anzeigten their opt-in or opt-out preference; and AMPERE count is a small file of letters and numbers which is download on to your computer when i visit a your. Biscuits are used by countless websites the can do a number of things.
• providing regular visitors (e.g. employees) for briefings.

• Contracting from – where an organisation should likes to use a third party to execution Wi-Fi analytics on his behalf, it will demand to ensure that the third party furthermore processes the personal data fittingly.

The solid ICO guidance is available here.