This is a backup version of

Wi-fi tracking illegal in Swedish cities

Wi-Fi tracking is illegal in Swedish city centers.

That is The Swedish Data Protection Authority’s conclusion after reviewing the survey of how people move in central Västerås.

Västeras CitySamverkan have a pilot project that makes use of the visit- flow system IOPS for the statistical measurement of the footfall of visitors in Västerås city center. The system is developed by Bumbee Labs. By using IOPS Västeras CitySamverkan regularly can take part of the visitor statistics, and can effectively identify large footfall flows.
In the area where the footfall should be measured a number of routers for wireless WiFi communication are installed. In the City of Västerås is about 20 routers installed in the innermost center. The routers are located 80 to 120 meters apart. The system collects data that mobile phones with switched on wifi automatically send out.

Data Protection Authority’s audit shows that the so-called MAC addresses collected are personal information and  Västerås therefore must follow the rules in the Personal Data Act. Even though the company that supplied the solution has taken certain measures, such as encryption, to make it more difficult to identify individuals.

“Despite the measures taken, the system involves measurement that individuals can be monitored in a way that infringes privacy. The data collected may under certain circumstances be used to identify how a person moves in a public place in Västerås city center, at least for a period of a week, “says the Data Inspection lawyer Martin Brinnen.
”Therefore, we believe it is not consistent with the Privacy Act.”

Data Protection Authority submits therefore Västerås CitySamverkan to either end with collecting visitor statistics or to ensure that the information recorded can not be used to identify how individuals move in Västerås city center. Västerås CitySamverkan must then also inform visitors about who is collecting data and why.

The white boxes placed around the city centre pick up signals from all phones that have WiFi turned on, and record the mobiles MAC addresses. The aim is to monitor how people move into the city, to have as a basis in, for example, urban planning.

A fundamental question has been whether mobiles MAC addresses has been personal data and if the use therefore is subject to the Personal Data Act. Data Protection Authority’s answer is yes, also the encrypted version is personal data according to the decision, and it is also according to the authority possible to trace the address back into the system to a single natural person.

”A cell phone is such a personal property, filled with personal information, so every information that uniquely identifies a mobile phone has to be a personal task,” says Martin Brinnen.

”We believe that it is possible to track individuals. Although the company has no intention of doing so, and even if it has taken good measures, so it will not go far enough.”

The Data Protection Authority is also critical that Västerås does not inform the inhabitants that may be mapped, but according to Martin Brinnen it will not be enough with better information for the system to fulfill the legal requirements.

“In the near future we will be collecting the Board to make an assessment on the way forward. We will discuss the matter internally and with our supplier Bumbee Labs “. writes CEO of Västeras CitySamverkan Maria Fors in an email to SVT.

“Simply put, we now have three options: to appeal, to cease visiting measurement, or to report measures regarding information and the like that the Data Inspection Board deems sufficient for continued use of the system.”

In Borås, who stood next in line to test the new technology, everything is ready for the boxes to be registering the movement of visitors in the city center. According to Bumbee Labs, a dozen Swedish town centers have expressed interest in using the technology, and similar systems are also used by other companies in shops and shopping centers. In Borås it is considered introducing an improved version of the system, where users could share more information on the free wifi connection.

Here is the decision from the Swedish Data Protection Authority.

, , , ,

Ansvarig utgivare: Björn Nylund ges ut av Scandinavian retail newsservice AB, org. nr 556935-9945 | All contacts: Please allow 24 hrs to respond. | Tel: +46 (0) 760 541 850 (Sweden) | +47 988 29 274 (Norway) | +358 41 36 20 542 (Finland) | +45 266 49 316 (Denmark) |