Why we implemented this feature
Our captive portal software for UniFi networks already provided the following controls which are required to achieve GDPR compliance:
- request guest users to explicitly accept your Terms of Service
- request guest users to explicitly accept your Privacy Notice or Statement
- offer the guest user the ability to opt-in for specific usage of their personal information, for example for sending them special offers
- offer the guest user the ability to connect to the guest WiFi network without sharing personal information, but with lower bandwidth limits than for guest users that did register
GDPR also requires you to offer guest users the following capabilities with regard to their personal information that has been collected through the captive portal:
- view their personal information
- correct their personal information
- export their personal information
- delete their personal information
Until now, dealing with such requests and authenticating guest users requires considerable employee time and effort and introduces unpredictable costs.
In order to address these compliance-related issues in an efficient manner, we have implemented a self-service portal where guest users are provided these capabilities, giving them direct control over their personal information while also saving costs.
What does it look like
This is the main view of the GDPR Self-Service portal which the guest users can only access when enabled by the administrator, as viewed on an iPhone 6:
Important note: when a guest user decides to delete their full Profile, their device is automatically disconnected from the network.
This is where guest users can correct or delete their personal information and update their marketing consent preference:
This is where guest users can view the properties of their device which are collected by our software in order to optimize their captive portal experience:
Here guest users can view a summary of their network activity as collected by the UniFi Controller:
Here guest users can download their personal information to their own device:
Personal information according to the GDPR regulations
Within the context of GDPR, personal information is any information relating to a person, directly or indirectly, which in the case of our captive portal can be any of the following:
- first name
- last name
- postal code
- phone number
- email address
- device MAC address
- session information as collected by the UniFi controller
Even an IP address is regarded as personal information (…) but since local IP addresses are typically not persistent in guest network environments we don’t display them in the Self-Service portal.
More background on GDPR
GDPR (‘General Data Protection Regulation’) also known as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU.
Simply put; if a company operates a WiFi network that can be accessed by EU citizens they must comply with the GDPR regulations irrespective of where they are located.
The official EU site for the GDPR is located here.
The full GDPR publications in different languages can be obtained here.