The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information.

When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers a WiFi network that it recognises (such as the user’s home or work network), the device may attempt to connect with that network.

Each probe request contains an identifier – known as a media access control (MAC) address – that is designed to be unique to each device. The MAC address not only identifies the device but can be used to track its location over time. If the network operator can identify an individual from the MAC address (whether alone or in combination with other information in the operator’s possession), the data constitutes personal data.
Continue Reading WiFi Privacy: Network Analytics Guidance Issued by ICO