The impact of GDPR on Guest Wi-Fi


The EU General Data Protection Regulation (GDPR) is a law that was adopted by the European parliament in April 2016 and will become enforceable on May 25, 2018. The regulation applies to the collection, processing, and movement of personal data for individual residing in 32 European states (28 EU states + 4 other European states).  Now, individuals must understand exactly what they have consented to which means that an end-user must give specific consent for each personal data and agree on how it will be used.

How will GDPR impact guest Wi-Fi practices and deployments?

Vendors will need to provide tools to get end-users’ consent to use their personal data for marketing. Venue managers and brands will also want to give end-users transparent access to that personal information

Johan Terve from Aptilo believes the transparency will mean that venue owners will think twice about how aggressive they will be or they will risk to lose some customers. But, when they find the right balance I agree that people will feel more comfortable. The vast majority of users will probably not care/read the simplified text anyway as they just want to get online?
“As for sharing data. Everything is ok as long as there is a legitimate reason for storing the data and the user agrees. In the cases you mention the provider need to be crystal clear who is going to get access to the data and how they are going to use it” he added.
Ucopia’s CEO Didier Plateau indicated “Databases must be classified according to the purpose they serve: legal or marketing. The collection of personal data must be performed in compliance with applicable laws, including antiterrorist laws that require the retention of logs and their disclosure to official authorities in case of an investigation”.
Clients will want to use a central consent and personal data management system for all their different services including Wi-Fi. Different deployment scenarios are possible:
  • Privacy self-management
  • Handled by customer care
  • Automatic

GDPR, requires vendors to erase all personal data upon request from the end-user within 30 days (GDPR).

Saas vendors will need to provide system administrators the ability to create and configure as many terms and conditions/privacy policies as required. All end users must be able to exercise their access rights through the network administrator.

GDPR requires companies to implement privacy-by-design, VP Marketing at Cloud4wi,  so that information is always protected regardless of the application in use as well as development projects. Privacy must also be protected by default, ensuring that the least amount of personal data is in play at any time. Reducing the amount of accessible data is key to improving data protection.

“If there is a data breach, it must be reported to authorities and customers within 72 hours from when a company first becomes aware of the incident. This will require a high-speed response that many companies today are unable or unwilling to provide.” she added

Fon’s GDPR highlights some important end-user rights:

  • All end users may exercise their right to rectify their personal data by contacting the network administrator who has access to user profile pages and can edit and update all modifiable personal information based on the requests of end users.
  • All end users have the right to request that they be permanently deleted from the service. Their associated user data will not be deleted until period of proscription but none of the information related to this end user will be displayed in any API, and thus will not appear in the management platform.
  • All end users have the right to oppose acceptance of any previously optional Terms and Conditions/Privacy Policy. By accessing the specific end user’s profile, the network administrator can view all of the Terms and Conditions/Privacy Policy that the end user has accepted.

In summary, the impact of GDPR among the public is hard to predict, one thing is sure, GDPR will force the adoption of better marketing practices.

Previous articleWireless Runs Afoul of the Justice Department (Part 2)
Next articleHow Regulators May Evaluate the Merger Between T-Mobile and Sprint
Mr. Fellah, is a Senior Analyst and founder of Maravedis with 20-year experience in the wireless industry. He authored various landmark reports on Wi-Fi, LTE, 4G and technology trends in various industries including retail, restaurant and hospitality. He is regularly asked to speak at leading wireless and marketing events and to contribute to various influential portals and magazines such as RCR Wireless, 4G 360, Rethink Wireless, The Mobile Network, Telecom Reseller to name a few. He is a Certified Wireless Network Administrator (CWNA) and Certified Wireless Technology Specialist (CWTS).


Please enter your comment!
Please enter your name here