Since 2006, Data Protection Day or Information Privacy Day has been celebrated every year on January 28th. Specifically, since the Personal Data Protection Act was passed, which aims to ensure and safeguard, in comparison with the processing of personal data, the public freedoms and essential rights of natural persons, and in particular their honour and personal and family privacy.

However, there is still a great lack of awareness of all the areas that can be covered by this law. One example is free Wi-Fi. Since the GDPR came into force, companies are obliged to comply with a number of privacy and data protection requirements, and therefore to offer secure access to these services.

What has changed?

The end of signs with Wi-Fi and the password in a visible place. And, of course, weak encryption (WEP). These behaviours expose your users’ security to cybercriminals. In addition, you may face an administrative sanction if a crime is committed from your business network.

What obligations do you have?

The login portal should include the following information: who is the data controller, why and for what purpose personal data are collected and how to exercise your rights.

Furthermore, in the event that a breach is detected that jeopardises the information collected, the owner of the user registry must notify the users within 72 hours. In case of failure to do so in a timely manner, the responsible party will face sanctions as determined by the Spanish Data Protection Agency (AEPD).

Therefore, a section should be included where the user expressly agrees to have read and accepted the privacy policy and the Terms and Conditions of Use.

You should also collect a log of user activity with the following information:

  • Visited pages.
  • Connection sessions.
  • Device used for the connection.
  • Language.
  • Operating system.
  • Browser used.

Is there an easy solution?

Yes, the answer is the creation of a captive portal. The captive portal is software that monitors the traffic of a Wi-Fi hotspot, forcing users connecting to that network to go through a landing page. On the landing page, they are informed of the steps they must take to connect to that Wi-Fi network to gain access to the Internet.

What the captive portal does is to intercept all HTTP and/or HTTPS traffic and redirect all requests to the establishment’s website. It can also:

  • Manage the bandwidth to be offered to customers.
  • Control when users’ sessions have to expire.
  • Log the resources visited by users.
  • Personalise that page and use it as a marketing tool to publicise your promotions and services.

We recommend that you put this task in the hands of professionals to ensure success. Your focus is on offering your customers your products and services. You focus on your business and we focus on everything else. Your success is our success.