Who: The Information Commissioner’s Office (the “ICO”)
Where: The ICO’s blog
When: 25 September 2015
Law stated as at: 6 November 2015
What happened:
The ICO recently conducted a review of public Wi-Fi services on the UK high street and, as a result, has issued guidance regarding the dangers of using public Wi-Fi (the full guidance can be found here, on the ICO’s blog). The review found that the Wi-Fi networks requested varying levels of personal data and that they usually process users’ personal data for marketing purposes. Of those providers that used the personal data that they collected for marketing purposes, only some provided opt-in or opt-out options for e-newsletters. For the remaining providers, it wasn’t ever possible to connect to the network without signing up to marketing communications.
As a result of the review process, the ICO notified the Wi-Fi network providers that it had reviewed and advised them of improvements that they could make to their service.
Why this matters:
Public Wi-Fi networks are increasingly common and are a service that users should be able to take full advantage of but, as a pre-requisite, members of the public need to have confidence in the security of the networks they use.
Users must also be reassured that using these networks won’t compromise their personal data or end up in them being bombarded with unwanted marketing communications. Without this assurance, the uptake for public Wi-Fi will never reach its full potential and the opportunity for a fantastic public service will never be fully utilised.
Risks
Public Wi-Fi is predominantly un-encrypted and, consequently, anyone who wishes to do so can tell what sites users are visiting, obtain information they transfer to unencrypted webpages and web forms, and access emails sent using unencrypted email services whilst connected to a public Wi-Fi network. Essentially, any information accessed or transferred across a non-encrypted public Wi-Fi network is vulnerable to interception by malicious hackers.
Protective Measures
There are several measures that can be taken in order to be best protect when using public Wi-Fi:
- Check to see whether the network is encrypted (if users are asked to provide a network security key when accessing the Wi-Fi then the service will be encrypted);
- Read the network’s privacy policy. This will indicate what information the provider is permitted to collect and what they can do with it as providers should state in their privacy policies if they will use users’ personal data to send marketing communications;
- Maintain up-to-date anti-virus and firewalls;
- Where possible, use the computer’s public network feature for connecting to the public Wi-Fi;
- Avoid disclosing personal information on unencrypted webpages;
- If users are cautious about using public Wi-Fi and about giving out email addresses, they can create an email account just for use with public Wi-Fi;
- Be wary of public Wi-Fi that lets users log-on using a social media account as doing so often requires the granting of access to the user’s social media account. This may allow the network provider to view the user’s profile or post messages on the user’s behalf;
- Use a Virtual Private Network if the user has the capability; and
- Avoid disclosing any highly sensitive information when connected to a public Wi-Fi network, such as by performing internet banking.
These steps will not protect personal data from being misused or accessed against the user’s will when using a public Wi-Fi network, but they should make it safer and, occasionally, as safe as using a home Wi-Fi connection.
