Most places open to the public now offer free Wifi access. Users can no longer do without this convenience. However, they are increasingly concerned about the issues surrounding the collection and storage of personal data.
For suppliers of Wifi access management solutions (or captive portals), the legal context surrounding the retention of connection data is often seen as a constraint: what data should be retained, for how long, etc? Recent legislative developments on this subject have, however, stabilised and clarified practices. The current legal context makes it possible to collect qualified data and engage in communication with the user. We take a look at the issues involved.
Table of contents
- The retention of connection data, a vexed question?
- What does the law say about the retention of connection data?
- Collecting and exploiting qualified data: Wifi as a marketing tool
Is the retention of connection data an irritating issue?
When connecting to a captive portal, users must provide certain identification data to access free Wifi. Wifi access management solution providers then find themselves in possession of this identification data, but under what conditions should they keep it? This question raises a number of issues:
- What connection data should be stored?
- For how long should this data be kept?
- What is the purpose of storing this data?
In France, the retention of connection data is governed by Article L. 34-1 of the French Post and Electronic Communications Code. This article has been amended several times in recent years and has given rise to a great deal of debate:
- The right to privacy,
- General data retention”,
- The definition of “identification data”,
- The purpose of data retention (e.g. combating serious crime, preventing serious threats to public security).
The development of this article has been closely monitored by the Constitutional Council, the Court of Justice of the European Union and privacy protection associations.
What does the law say about the retention of connection data?
After numerous amendments, the current version of article L. 34-1 of the French Post and Electronic Communications Code has now been stabilised. This article obliges electronic communications operators to retain a set of personal data for a certain period and for a specific purpose:
- Information relating to the civil identity of the user (5 years) and other information provided by the user when subscribing to a contract or creating an account, as well as information relating to payment (1 year), for the purposes of criminal proceedings, preventing threats to public security and safeguarding national security.
- Technical data making it possible to identify the source of the connection or data relating to terminal equipment (1 year), for the purposes of combating crime and serious delinquency, preventing serious threats to public security and safeguarding national security.
Gathering and exploiting qualified data: Wifi as a marketing tool
The current legislative context now clearly defines what constitutes “identification data”, since the following are now considered to be identification data :
- The surname and first name, date and place of birth or company name, and the surname and first name, date and place of birth of the person acting on its behalf when the account is opened in the name of a legal entity,
- The associated postal address(es),
- The e-mail address(es) of the user and of the associated account(s), if applicable,
- The telephone number(s).
There are several authentication methods for users to connect to a Wifi captive portal, but most of the data can be easily falsified by the user, with the exception of the telephone number. With a solution such as the one proposed by Ucopia, the user receives a unique code to enter on the portal to access Wifi (SMS authentication). Authentication by SMS to access WiFi therefore makes it possible to identify a person in a unique and reliable way, and therefore plays the role of “identifying data” for suppliers of WiFi access management solutions.
This legislative clarification of what constitutes “identifying data” is also an advantage when it comes to using Wifi as a marketing tool. By collecting the mobile numbers of users who have connected to your Wifi captive portal, you have reliable, valuable data at your disposal.
The result: you can create qualified contact bases to communicate with your customers and visitors (sending invitations or promotional offers, for example), strengthening the relationship you have with them and boosting your marketing strategy.
The retention of connection data has been the subject of much debate (which data to retain, for how long and for what purpose). The article of law setting out the terms and conditions for storing connection data has now been stabilised. It authorises the controlled retention of connection data for a specific period and purpose.