Connectivity, Guest Wi-Fi

4 Tips for Making Guest Wi-Fi Compliant with New Privacy Laws

January 2020
Sagenet Blog Compliant Wifi 09262019
By Alex Jinks

Once considered a perk for visitors and customers, guest Wi-Fi access long ago became table stakes in most industries. Hotels, restaurants, shopping centers, airports and even mass transit systems routinely offer free wireless connectivity as a cost of doing business. It improves customer satisfaction, and the cost is commonly offset by selling user data to third-party marketing companies.

New data privacy laws are forcing organizations to revise that strategy, however. Laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) place severe restrictions on how companies collect and handle personal data about their customers.

Enacted last year to standardize data privacy legislation across Europe, the GDPR has had a global impact. Any company, regardless of location, must comply with the GDPR if it stores or processes personal information about citizens of any of the EU’s member states.

Several U.S. states are following suit. California led the way with the CCPA, which goes into effect Jan. 1, 2020. New York, Connecticut, Hawaii, Rhode Island and Washington are among other states considering similar legislation that incorporates many of the principles of the GDPR.

These regulations don’t outlaw data collection by public Wi-Fi providers, but they do require providers to gain consent from users. In addition, providers must explicitly describe what data is being collected and how it is used.

These laws also give individuals the right to revoke their consent at any time. Known as the “right to be forgotten” or the “right to erasure,” these provisions require businesses to delete personal information in a timely manner following a written request from an individual. Additionally, the GDPR and other proposed legislation forbid organizations from making access to a Wi-Fi network conditional upon receiving permission to collect data. Users who choose not to share their information must still be provided access.

Here are four steps organizations can take to make sure their guest Wi-Fi services are compliant with the CCPA, GDPR and other data privacy laws:

  1. Update your terms of service to include a privacy policy, along with a description of how you handle, process and store personal data.
  2. Create a splash page with an opt-in consent message. Compliance professionals say the option can’t be pre-checked, the form can’t be bundled with other messages and it can’t be a condition of service.
  3. Add an opt-out form that makes it easy for guest Wi-Fi users to request that their records be deleted.
  4. Use identity and access management (IAM) to control what information you collect and who can access it. IAM tools provide a framework for managing users and access privileges across the entire organization, and can help organizations generate an audit trail that demonstrates compliance to internal or external auditors.

Of course, it would be easy enough to achieve compliance by simply ending the practice of providing guest Wi-Fi access. Or you could begin charging for the service to cover your costs. Neither option is likely to go over well with customers who have come to expect free Wi-Fi. The better option is to take the necessary steps to become compliant.

SageNet can help you implement guest Wi-Fi services with our highly customizable captive portal, giving you complete control over what information is captured when guests log in. Our captive portal also provides advanced analytics, integration with other business applications, and one-time enrollment of all devices for a hassle-free customer experience. Contact us to discuss how to make guest Wi-Fi access both convenient and compliant.

More Insights

Interested in what our experts had to say?

Learn more about our services - all driven by the changing technology landscape.