{"id":16689,"date":"2024-09-26T06:00:29","date_gmt":"2024-09-26T06:00:29","guid":{"rendered":"https:\/\/letslaw.es\/?p=16689"},"modified":"2024-09-09T10:33:11","modified_gmt":"2024-09-09T10:33:11","slug":"fines-wifi-tracking","status":"publish","type":"post","link":"https:\/\/letslaw.es\/en\/fines-wifi-tracking\/","title":{"rendered":"First fines of over 40,000\u20ac by the AEPD for exploiting customer data through business Wi-Fi"},"content":{"rendered":"

The Spanish Data Protection Agency (AEPD) has focused on the handling of personal data collected by companies through Wi-Fi in their establishments, warning of potential hefty fines for those who jeopardize their customers’ privacy.<\/span><\/p>\n

These fines can range from \u20ac40,000 to \u20ac20 million, potentially even threatening the survival of small businesses.<\/span><\/p>\n

Use of Wi-Fi tracking<\/span><\/h2>\n

Wi-Fi tracking<\/span><\/a>, also known as Wi-Fi tracking technology, is a tool that allows the identification and tracking of mobile devices through the Wi-Fi signals they emit. <\/span>Its main purpose is to detect the presence of devices in specific areas and analyze movement patterns<\/b>. It is used, among other things, to estimate the number of people in a location, analyze movement flows, and measure dwell times.<\/span><\/p>\n

This technology has applications in a wide variety of contexts, such as shopping centers, museums, workplaces, public spaces, public transportation, and large events. However, it is crucial to note that this practice presents significant privacy risks, as it could enable tracking of people’s movements without their consent or knowledge, and therefore without an appropriate legal basis.<\/span><\/p>\n

The AEPD has focused on businesses that, without adequate preventive measures, allow the identification and tracking of electronic devices that have connected to the establishment’s network.<\/span><\/p>\n

Violation of explicit consent<\/span><\/h2>\n

It is important to remember that any processing of personal data must comply with the principles established in Article 5 of the GDPR and meet at least one of the legal bases listed in Article 6 of the GDPR. This also applies to Wi-Fi tracking when the data controller chooses a technology that enables such processing.<\/span><\/p>\n

It is important to note that Article 4.11 of the GDPR defines the data subject’s consent as any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.<\/span><\/p>\n

Wi-Fi tracking technology allows businesses to track devices comprehensively, so it must be ensured that the processing is conducted fairly and transparently, with individuals clearly understanding what data is being handled and how through Wi-Fi tracking. <\/span>This information must be provided in an accessible and easy-to-understand manner, regardless of the technical or practical difficulties that Wi-Fi tracking may present<\/b> to the data controller in complying with these principles.<\/span><\/p>\n

Another possibility that businesses might argue is that the legitimate interest of the data controller, as outlined in Article 6.1.f) of the GDPR, takes precedence. However, the data controller must ensure that this processing is necessary to satisfy those interests and that the interests or rights and freedoms of the data subjects do not override them, considering their reasonable expectations.<\/span><\/p>\n

This requires a meticulous assessment of whether the processing can be carried out and whether it takes precedence over others\u2014a balancing test\u2014even if a data subject could reasonably foresee it at the time and in the context of the collection of personal data. This balancing test must be conducted by the data controller.<\/span><\/p>\n

Preventive measures<\/span><\/h2>\n

The data protection authorities in Spain have developed specific guidelines for those responsible who use Wi-Fi tracking technology<\/b>. These guidelines examine both the technical and legal implications of Wi-Fi tracking, identify the main risks, and offer recommendations for proper use in compliance with <\/span>data protection<\/span><\/a> regulations. Beyond clearly informing users, these recommendations include:<\/span><\/p>\n