Keeping your free Wifi on the right side of the law

WiFi HotSpot Laws

The UK and the EU have been banging on about the new Digital Economy Bill for some time and most of the provisions contained within it are useful to connected businesses. This isn’t the only law you should be familiar with though, if you offer free Wifi or internet services at your establishment then you need to know about the laws controlling the data you are required to keep.

Data retention

Relevant law and regulation includes: The European Directive (2006/24/EC) which has been implemented in the UK under the Data Retention (EC Directive) Regulations 2009 and the January 2004 the Code of Practice (for voluntary retention of communications data) implemented under the Anti-Terrorism, Crime and Security Act 2001. Under this EC directive you, as the venue owner providing free Wifi, must capture and store certain data about your users. This data will enable the authorities to identify users, what they were doing and who they might have been communicating with. Examples of the data that must be retained are;

• User ID; name, address, email, date and time of login and log off
• IP address allocated to a user, the MAC Address of the device they used and the originator of the communication
• The internet service used (“communications data”). HTTP, POP, IMAP, SKYPE etc

The Home Office would expect such data to be retained for a period of 12 months from the date the data came into existence. The purpose of maintaining communications data is to assist intelligence and law enforcement agencies such as the police in their investigation of criminal and terrorist activities.

Law enforcement requests for information

Under the Regulation of Investigatory Powers Act 2000, intelligence and law enforcement agencies such as the Police can direct that communications data be provided for the purposes of investigation of crime. It is therefore very important that any communications data that the police or other law enforcement agency may require is stored and capable of being accessed upon receipt of a valid court order for the data.

Copyright Infringement

The government has now passed the Digital Economy Bill which is designed to implement steps to reduce online copyright infringement by end users. The Bill will cover illegal downloading of copyrighted material and illegal file sharing. The Bill came into law in June 2010 and prescribes obligations to keep end user records to assist copyright owners in identifying, and taking action.

Data protection Act 1998

Under the Data Protection Act 1998 any user of Internet access services in a public establishment is entitled to request at any time details of his/her personal information. Failure to securely maintain and make available data to a data subject is an offence and may lead to the imposition of fines by the Information Commissioner.

What can I do about it?

All this sounds a little more complicated than you ever expected doesn’t it? And all you wanted to do was offer a free internet connection to your visitors. Helpfully there are companies like Fusion Wifi who’ve taken care of all this for you – and thrown in some great marketing features also.

This post originally appeared on Lumiserv.com in December 2014.