The Dutch Data Protection Authority (AP) has sanctioned the municipality of Enschede for 600.000 euros because it has used the control by the Wi-Fi in the city center in a non-permitted way. This permitted to follows buyers and persons who live or work in the city center.
In 2017, Enschede has decided to measure the traffic into the city center by using sensors. The municipality has hired a society specialized in counting the passers-by.
Mensuration boxes where placed into the shopping roads recollected the Wi-Fi signals by phones of passers-by. The phone has been registered individually by a unique code.
By counting how many phones are in a specific moment you can understand how the street is busy. If you keep track of which phone pass by which mensuration boxes for a specific and longer period of time, this “counting” becomes in tracking people.
In investigation of AP at the Enschede municipality reveals that was carried out how it has been imaged. Privacy of citizens was not adequately guarantee, because they can be tracked without that this was necessary.
It was not intentional this track of people. And also AP has not find out any proof. But the implementation of the Wi-Fi tracking is a serious breaching of the GDPR privacy legislation.
Privacy of citizens shall be placed at the first place
Keeping track of people by their phone. Because everyone has the right to walk freely and without being observed. Without that the government or another body can control or register what they are doing, and its is adapted to our freely and open society.
Is not intention that anyone can follow which shops, doctor, church or mosque we are visiting. This is a private information and shall remain private, in order that people can be their selves without felting inhived by a registration.
Placing at the first step this fundamental right. In order to measure the crowd into the city center, a system that can count people, not following them.
People follow
The municipality and two affected societies have the access to those data. And with those data you may follow people in the city center of Enschede.
In a moment of silence, you can see exactly who that code belongs to. Or look at a pattern: Does someone arrive at the same place at 8 in the morning every day? And she or he leaves at 17:00? Then it’s someone who works there.
The violation began in May 2018. The intervention of the AP prompted the City to stop Wi-Fi tracking on 1 May 2020.
Wi-Fi tracking is usually prohibited
The use of Wi-fi tracking is subject to strict requirements and in most cases prohibited. Because this technique affects so much of people’s lives, you can only use it in extreme cases.
In some situations, municipalities may process personal data via Wi-fi monitoring, for example if this is necessary for their legal tasks. But if the AP detects that a municipality or a company is illegally using Wi-Fi monitoring, there is the possibility of a steep fine.
Companies and municipalities can find more information on the use of Wi-Fi tracking on the AP website.
AP advises municipalities to review their proposed or ongoing Wi-Fi tracking projects again.
The municipality of Enschede has lodged a complaint against the fine.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI – AP