Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is this even remotely compliant with any basic privacy legislation?


Is mapping wifi access point locations covered by any privacy legislation?


Likely GDPR, yes.


I am not so sure. An SSID is not personally identifiable information.


It might be a fine line to walk with the definition of "other identifiers" here (especially with a BSSID), particularly when RFID tags count as personally identifiable.

https://gdpr.eu/recital-30-online-identifiers-for-profiling-...

> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.


I'm not so sure either. Sit on any train and you'll see lots of personal wifi hotspots called "Fred Bloggs's iPhone". That certainly is PI.


Google doesn't want "Fred Bloggs's iPhone" in their data set anyway. A mobile access point is no use for geolocation.


I guess just change your routers broadcast Mac to an iPhone one. Maybe we could use randomized MAC for APs like we have for clients.


is it tho? it's publicly broadcasted data. is wigle.net a huge database of stolen privacy related data now?


No, it isn't. An SSID isn't personally identifiable information.


I recall this was argued in one of the early issues of the journal of data privacy law.

https://academic.oup.com/idpl/article/1/3/149/688705


How bizarre that you're being downvoted. This is probably the most useful comment in this thread. The answer is in the first line:

WiFi maps do not fall within the scope of existing European privacy legislation. They do not consist of ‘location data’ as defined by the E-Privacy Directive, nor do they consist of ‘personal data’ under the Data Protection Directive, except in highly unusual and very rare circumstances.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: