WiFi Privacy: Network Analytics Guidance Issued By ICO
The Information Commissioner's Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information.
When a device's WiFi functionality is enabled, it broadcasts 'probe requests' to find WiFi networks that are within range. If the device discovers a WiFi network that it recognises (such as the user's home or work network), the device may attempt to connect with that network.
Each probe request contains an identifier – known as a media access control (MAC) address – that is designed to be unique to each device. The MAC address not only identifies the device but can be used to track its location over time. If the network operator can identify an individual from the MAC address (whether alone or in combination with other information in the operator's possession), the data constitutes personal data.
The ICO's guidance includes the following recommendations:
- Network operators should conduct a Privacy Impact Assessment (PIA) to identify the privacy risks associated with operating a WiFi network.
- If WiFi analytics are collected, operators should be transparent about the identity of the data controller, the purposes of the processing, and any third parties with whom the personal data may be shared.
- Network operators should consider converting MAC addresses into an alternative format that removes any identifiable elements...
No comments:
Post a Comment