GDPR and WiFi Location Analytics

At Exposure Analytics we take privacy seriously and ensure we comply with GDPR and The Data Protection Act 2018 regulations with regards to delivering our services.

If WiFi is enabled on mobile devices they are constantly probing for a WiFi network to connect to. With this probe request, a unique identifier (MAC address) is broadcast. MAC addresses are not explicitly classed as personal data under GDPR but if used in conjunction with a variety of other data and an individual could be identified then GDPR needs to be complied to.

Overview

If WiFi is enabled on mobile devices they are constantly probing for a WiFi network to connect to. With this probe request, a unique identifier (MAC address) is broadcast. MAC addresses are not explicitly classed as personal data under GDPR but if used in conjunction with a variety of other data and an individual could be identified then GDPR needs to be complied to.

Our solution

A Privacy Impact Assessment (PIA) was carried out by our team and is reviewed annually to ensure the information being collected complies with privacy-related legal and regulatory compliance requirements.

As part of Exposure Analytics data collection process, all MAC addresses are hashed, salted and truncated before they reach the platform. This ensures that we are not able to re-identify the original MAC address.

A statement from The Information Commissioners Office (ICO) says that if “If the data is anonymised and is unable to be re-identified it is not subject to the requirements of the GDPR and Data Protection Act 2018 (DPA).”

We implement privacy by design; we will never share anonymized MAC address data with third-parties or create features that involve using data gathered to single out an individual.

If you require any further information about our data policy and GDPR compliance at Exposure Analytics please contact DPO@exposureanalytics.com