Increasing numbers of business are using Wi-Fi to provide network access to their staff. And it's great for McDonalds to encourage its customers to linger and buy more McStuff while whiling away the day on their Nintendo DS systems. It's good for airports to offer Wi-Fi to businesspeople in a rush. But many of these could get you a whole heap of trouble with Data Protection law.
Westchester County in New York has even recognised that there is a major identity theft issue in the USA and that this is compounded by freely accessible and unsecured wireless networks.
There are three main issues in relation to EU privacy law:
As a Hotspot Provider, if your Wi-Fi is unprotected and this is unintentional, and it links to your corporate network you are exposing your confidential information to “open door” hacking and leakage. You give away the data you store probably without even noticing, and this violates the law
As a Hotspot Provider, if your Wi-Fi is well set up and well protected, the logging of traffic that you perform is likely to break laws if your log associates the traffic with an individual – because this is personal data and you need permission.
As a Hotspot user you are certainly not breaking any laws by using the network in a valid manner, but you need to exercise caution, which is the same caution you would do in a cybercafé, over divulging credentials over insecure channels. Be aware of SSL and the little padlock symbol in your browser to indicate that, while the session's existence is known to the Provider, the content is not.
A simple analysis is that, unless you as a Wi-Fi Hotspot Provider take sufficient care when configuring your Wi-Fi then you run the risk of breaking Data Protection laws. The EU Information Commissioners are now looking long and hard at how well companies protect data – it is only a matter of time before they turn their attention to Wi-Fi.
