In the counting of footfall via WiFi-sensors, privacy is our primary concern. Locatus & BlueMark have issued an independent research to mitigate this concern, resulting in the Privacy Impact Assessment (PIA). In this research, our methodology was inspected and checked against the European laws concerning privacy – resulting in a positive conclusion.
Legislation
The European privacy legislation distinguishes between[1]:
- personal data (strict legislation, regulated by i.a. an opt-in/permission of user)
- anonymous data (no legislation)
- indirect personal data, also known as pseudonym data (less strict legislation).
The MAC-address of a smartphone is classified by privacy experts as indirect personal data, a form of pseudonym data – because it indirectly provides information about the user. The legislation concerning this sort of information is such that it is permitted to gather pseudonym data from consumers and privacy supervisors without their permission. However, the consumer has to be offered an opt-out.
Anonymising MAC-addresses
Footfall 24/7, however, takes privacy a step further by transforming the MAC-addresses into anynomous data: this optimally guarantees the consumers’ privacy. Article 29 of the Data Protection Working Party of the EU, “Opinion 05/2014 on Anonymisation Techniques”, states techniques and conditions for anynomising data. The crucial point is that it should not be possible (within reasonable means) to identify individuals after anonymisation.
Privacy Impact Assesment
The audit of Footfall 24/7 concludes that Locatus / BlueMark handle the gathered data with extreme care and consideration, and comply with the European legislation for privacy.