WiFi-Tracking - how to do it privacy-friendly

March 19, 2019

According to the Dutch Data Protection Authority (DPA), the tracking of people in (semi) public areas via their mobile device - or wifi tracking - is in very few cases allowed under strict conditions (Dutch). The MAC address of a device is processed within the WiFi tracking technology. A MAC address is a personal data at the time this is combined with other (personal) data that can be traced to a person. This traceability is possible via the observed location data of the mobile phone. This involves processing personal data and the General Data Protection Regulation (GDPR) applies. The previous blog post addressed the question of what conditions the GDPR imposes on organisations for carrying out WiFi tracking. This blog explains how organisations should take privacy into account when designing tracking techniques, such as WiFi tracking, based on the principle of Privacy by Design.

What is Privacy by Design?

The GDPR requires that organizations must apply privacy by design. This means that organisations must already in the design process consider how they can safeguard the privacy of users in their service or product. For example, organizations can anonymize personal data or delete it as soon as it is no longer needed for the intended purpose. Another example of Privacy by Design is the pseudonymization of personal data as a security measure. With the support of the SIDN fund, Privacy Company has developed a privacy by design framework. This framework consists of 7 parts, namely data minimisation, pseudonymisation, encryption, access control, privacy by default, removal/retention periods, and facilitation of rights of data subjects.

How can Privacy by Design be applied to WiFi tracking?

In practice, in order to carry out WiFi tracking, companies and municipalities must critically examine which personal data are actually required for the intended purpose, such as performing a public task or generating business data. The less personal data are processed, the better: select before you collect.

Various privacy-by-design techniques can be used when applying Wi-Fi tracking or similar tracking techniques. Which techniques can be used depends on the purpose of the processing. If the goal is, for example, to follow individuals in order to show them advertisements later based on their shopping patterns, organisations cannot anonymise the collected data. What they can do as a security measure is hashing identifying data such as MAC addresses (Dutch).

If the purpose is more limited, for example when assessing the number of visitors, the responsible organizations can take more privacy protection measures. It is then possible, for example, to aggregate the collected data into statistics after a few seconds on the sensor and only store these statistics centrally. Personal data are still processed by doing so, but the invasion of privacy is considerably limited. For purposes that go beyond the pure assessment of the number of visitors, more complex Privacy-by-Design techniques are possible. By using Bloom filters, for example, measurement data can be anonymised in a way that still allows statistics on traffic, visitor flows between sensors and returning visitors, while the chance of re-identification is minimal.

Another Privacy by Design measure that an organization can take is to program the retention period of the data in the software, so that the data is automatically deleted after a certain time. In order to comply with the GDPR, the organisation must record the retention period in the retention period policy and/or in the (processor) agreement in any case. The DPA points out that organisations may only store personal data for a limited period of time, as long as it is necessary for the purpose of WiFi tracking (Dutch). For example, companies may store the measurement data within their stores for a maximum of 24 hours.

Apply Privacy by Design to make wifi tracking privacy friendlier!

By means of Privacy by Design, a tracking company can generate statistics based on WiFi signals with a minimum privacy impact on those involved. If anonymization is technologically not possible, organizations can also use pseudonymization techniques to better protect personal data. If you need help with the application of Privacy by Design, feel free to contact us.