Purple WiFi sign up to the Future of Privacy Forum Mobile Location Code of Conduct

Purple WiFi sign up to the Future of Privacy Forum Mobile Location Code of Conduct
Posted on | Updated on

Purple WiFi has joined the Future of Privacy Forum, ensuring we are up to date with best practices in data collection and how data is being used. This will enable us to be at the forefront of any privacy dialogue and access up to date information from thought leaders on issues concerning privacy.

What is the Future of Privacy Forum?

The Future of Privacy Forum is an organisation that advocates responsible data practices. The forum seeks to advance responsible data practices and includes an advisory board of leading figures from industry, academia, law and advocacy groups.

The Future of Privacy Forum describe themselves as a source to provide technical clarity and context on issues.  They also seek to advance meaningful self regulation, best practices, resulting in consumer friendly and business practical privacy measures.

Collection of MAC addresses

Venues of all kinds are increasingly taking advantage of Mobile Location Analytics. The majority of people will have a mobile device on their person and, if they have WiFi turned on, the device will broadcast a unique number known as the MAC address.  The MAC address can then be logged by WiFi equipment.

A MAC address does not contain any explicit personal information, such as a person’s name, email address, or phone number for example.   A MAC address is 12-character unique combination of letters and numbers.   As the MAC address is unique to each device, analytics can be used to create reports about customer traffic in a store, based on the MAC addresses that are detected at any particular time or in any given location.  Data can be gathered such as the number of unique customers arriving in the venue, or the route that has been taken as they move around.  This is used to enhance customer experience, to best place staff, reduce waiting times and to improve store layouts.

Mobile Location Analytics and Data Protection Law in Europe

Mobile location analytics (MLA) relies on the use of MAC addresses of mobile devices in order to created aggregated reports and to provide insights into the consumer traffic at venues.  Regulators in the EU will sometimes consider a MAC address to be personal information under local law and so MLA companies will take steps to immediately pseudonymize the data they collect.

Responsible MLA companies who have legally committed to the FPF Mobile Location Analytics Code will therefore minimize data collection and to apply data protection requirements that are available while preserving the utility of the data collected.  The Future of Privacy Forum believes companies complying with the code are handling data legally and responsibly.

Steps we take to protect data

The steps that are currently recommended as best practice by the FPF are to hash and pseudonymize MAC addresses immediately, to hold deletion periods regularly, to ensure that access is restricted, to recommend that venues inform users of the data being collected and the options to opt-out and to have restrictions on how the data is going to be used.

Enabling opt out

Mobile location analytics companies that have agreed to Future of Privacy Forum’s Mobile Location Analytics Code of Conduct will honour any requests from consumers to opt-out of having their location linked to their mobile device MAC address.

Consumers can opt out by visiting www.smart-places.org and entering their phones’ WiFi or Bluetooth MAC address.

Comments from the top

Jules Polonetsky, Executive Director of the Future of Privacy Forum said, “We are pleased to have Purple WiFi pledge to support the requirements of the Mobile Location Analytics Code. Location information can be used to benefit consumers and assists venues in understanding customer traffic patterns, but it must be collected and used in accordance with data protection requirements.”

Gavin Wheeldon, CEO of Purple WiFi commented, ‘I’m delighted to announce this relationship, which highlights our ongoing commitment to both adhering to the law and respecting customers privacy. It all comes back down to businesses always being responsible with any data they collect and store, and ensuring that they are allowing customers the choice to opt in and out as necessary. Privacy and the issues around it will always evolve and I will make sure that Purple WiFi’s processes and procedures will evolve in line with both the law and customers expectations.”

Relevant articles:


Information for Purple WiFi partners

If the venue does not have a Purple WiFi location analytics licence in place, then this information is not applicable to you.

If you do have location analytics running with us, most of the actions we are taking are to do with data handling and storage on our side and you are not required to take any action.

We will however shortly be sending out communication to venues with location analytics licences running to politely request that they display signage in the venue to inform customers about data collection opt-out at www.smart-places.org. It is then up to the venue to decide whether to put signage up or not. Venues may also wish to publish the opt out information for customers on their websites.

Examples of signage and a complete overview of Mobile Location Analytics can be found here.

© 2024 Purple. All Rights Reserved.