The tracking of people’s location is becoming an increasingly useful tool for many businesses, whether they want to use it to connect customers with their special offers, monitor footfall, or provide other location-based services.
However, a snag is coming in the shape of the EU’s General Data Protection Regulation, which introduces much tougher rules around the collection and use of personal data. And location data can most certainly qualify as personal data, anytime it relates to an identifiable individual.
It’s not that European regulators haven’t cracked down on location-based data protection abuses before. In 2015, France’s CNIL censured the billboard giant JCDecaux for installing Wi-Fi boxes on their signs that captured the unique MAC addresses that identified passing smartphones – the firm wasn’t properly anonymizing the data, and it wasn’t getting people’s informed consent, either.
The Swedish “visitor flow” tracking outfit Bumbee Labs got into similar hot water with that country’s privacy watchdog around the same time, leading it to stop collecting MAC addresses.
But the GDPR is something else, partly because of the way in which it will harmonize law across EU countries, and partly because of the new obligations it will bring – starting with data protection impact assessments.
Source: The Next Web
Read Original Article
