As head of the commercial team Luisa has a wealth of commercial law experience and advises clients…View Profile View all
The Information Commissioner’s Office (ICO) has issued new guidance setting out how businesses offering Wi-Fi access to their customers and employees may use Wi-Fi analytics in a way which complies with the Data Protection Act 1998 (DPA 1998).
What are Wi-Fi analytics?
Many electronic devices, including smartphones, tablets and laptops, are Wi-Fi enabled. When the Wi-Fi is switched on, the device will continually search for Wi-Fi networks within range by broadcasting “probe requests”, which contain a unique identifier called a media access control (MAC) address.
Businesses offering Wi-Fi access can collect these probe requests and extract the MAC addresses for further processing. Signal strength can also be monitored to estimate the location of a device. The information gathered can be used to track the behaviour of a device over time. It is possible for a specific individual to be identified from the information, allowing businesses to analyse that individual’s behaviour. This is known as Wi-Fi analytics.
A key point to note, and the main concern of the ICO, is that a device does not have to be connected to a Wi-Fi network for data to be collected; the Wi-Fi feature being switched on is enough. This means that data can be collected covertly without the data subject’s knowledge.
What are Wi-Fi analytics used for?
The information gathered can be used to monitor how often someone visits a business, how busy the business is at certain times of the day, and can generally be used to monitor a person’s behaviour. Wi-Fi analytics are used by businesses to inform their store layout, and even shape their marketing strategy by targeting specific products to individuals.
How can businesses ensure compliance with DPA 1998?
For further information or help with understanding your obligations under the Data Protection Act, please contact a member of our Commercial team.