rangerovers.pub
The only place for a coil spring is up Zebedee's arse
Member
Joined:
Posts: 1356

If the public hotspots are explained in their terms and conditions are you not opting in by buying their service?

Use BT with a different router that doesn't feature a public hotspot?

Member
Joined:
Posts: 736

They just replied ... do you think that BT/FON are monitoring rr.pub now (?)

So, there we are: "Tough but you MUST accept it" Really ? I don't think so, I _will _now ask the ICO...
(I like how their typo mentions the Privacy "police", because that's the ICO too !)

The emboldened text is how I received it too; Yes, it's not their fault it is BT's (of course)

..........................................................................................................................................................................

_We have received your request to be informed about the hotspot location in the maps.

As a BT customer you must accept the BT's T&C and Privacy police were should reflect the usage of the personal data provided by the customer to BT at the time of registration.

The personal data provided to BT has a purpose and the responsible for these personal data is "BT" that should clarify that purpose as is not Fon who collect these personal data and we do not have access to BT purpose of processing user personal data.
_
.......................................................................................................................................................................................................................

Yes, guess what ? - Customers only read the (umpteen page) Ts&Cs once the problems start and their privacy is impinged upon....

Member
Joined:
Posts: 736

Lpgc wrote:

If the public hotspots are explained in their terms and conditions are you not opting in by buying their service?

Use BT with a different router that doesn't feature a public hotspot?

1) That's the problem Lpgc, BT changed their OPT IN policy covertly (for new customers)
2) That's the solution I have been suggesting as per the TP-Link info I posted !

Member
Joined:
Posts: 2441

I think the crucial word in your understanding of the situation is "our" in "our locations"
As far as I can see they're not revealing YOUR location but the location of "A" speedhub. There's no visible link between the ID of the speedhub and the name of the customer which means that personal data is not being revealed.

Is it being processed? Well that's very hard to determine without knowledge of BT's internal systems, but for PD to be processed in the provision of BT FON there would need to be a link between the ID of the speedhub and the customer. Even then BT could pseudonymise or fully anonymise the data without any great effort. In fact, it's probably far harder to maintain an accurate list of who has what router than it is to simply ship the next box in the pile and be done with it.

How is the location of the speedhubs calculated for the maps I hear you ask? Well it could be simply a list of addresses of customers with speedhubs. There's no need to the customers names to be included in that list. A list of addresses isn't PD unless it's linked to names. (Even a name isn't necessarily PD, especially if it's a common one). It could be phone numbers for which BT are likely to know the locations, but even then a landline isn't going to be personal data.

Of course, even if PD is being used to provide the BT FON service (and this is only suspected and not proven) there are still mechanisms that allow BT to lawfully process that PD without consent. Consent is only one lawful basis for processing PD and BT only need demonstrate that one basis applies for their processing to be legal.

Clearly Vital Interest and Public Interest aren't going to be relevant but Performance of a Contract could easily be (especially if BT undertake to provide the BT FON service in their contract with you) and Legitimate Interest looks likely to me. For Legitimate Interest they just have to say that what they are doing is legal and doesn't infringe on the data protection rights of the subject (and for infringement to apply PD would have to be processed unlawfully during that operation).

So, I'm pretty sure that you won't be able to get BT to change their TnC on any legal basis. Of course if you raise enough public awareness you might get them to concede something - maybe a more public set of controls over BT FON on speedhubs - on a Public Relations basis.

Member
Joined:
Posts: 2441

Just had a thought. If BT wanted to automate the mapping procedure AND make it GDPR tight they'd just use a BT FON app on the mobile device to connect to BT Fon networks. If this reported hotspot locations back to the BT HQ using all the great data you can get from a phone (GPS, WiFi signal strenght, Connection Speed) then their process would not only be easy and automated but it would be trivial to demonstrate that speedhub locations were nothing to do with Personal Data.

I've never used BT FON but that's how I'd design it if I was King of the World.

Member
Joined:
Posts: 736

Sorry for the delay in replying Morat but I still have not received a response form BT (of course): Not sure if that is because they are ‘concerned’ by my questions (and so are checking with their lawyers, which I very much doubt) or simply don’t care !

However I still maintain that publishing HotSpot data, detailed enough to identify individual properties (and without specific permission from those Hub Users) is close enough to a Personal Data infraction as to be covered by GDPR principles (and if not specifically it should be). I do take your point though that it might only be better appreciated by a Media Campaign, something along the lines of “ How WiFi Causes Ant-Social Behaviour “?! (and then perhaps BT would deploy an Opt In Clause ?)

Overall I suspect GDPR will need to be extended to deflect this kind of ‘presumed’ (blanket) permission’

One thing I noticed incidentally is that FON’s own maps (in contrast to BT’s) have a resolution limit of 20m “for privacy reasons”
(And also note that Spain do not permit any such maps for some reason…. or maybe Telefonica are just smarter than BT ?)

https://fon.com/maps/

-Find you own location and ‘zoom in’. You will note FON have made it more difficult to locate individual HotSpots…….

EDIT: Forgot to comment on your Technical solution wrt HotSpot strength etc; Whilst this might be a good tool for BT I don't think it strengthens their legal case:
ie. "You can't get around privacy rules just by using a Third Party" !

Member
Joined:
Posts: 82

If, as I do, you live in a remote area and are the only house for at least 750m, then any hotspot is pretty specifically identifying an individual property.

Thankfully, I've checked out the map and we are not a hotspot (LOL) - I'd be f**king surprised if we were, given the pathetic broadband speed I'm paying through the nose for! Anyone who wants to traipse half a mile and then not have much service would be most welcome - I'd probably offer them a drink....

Member
Joined:
Posts: 2441

All true, but a property address is not personal data.

Member
Joined:
Posts: 1356

Not taking sides, I dunno much about it but this is interesting. From what's been said above, would a court case go like this...
Judge: Addresses are not personal data. On what grounds do you think you have a case against BT?
You: There have been groups of kids hanging around my remote house to use the hotspot, they may not have known about the hotspot if BT hadn't published the info.
Judge: Our expert witness here says you could easily prevent the kids gathering by using a different inexpensive router, while this court case will cost £X.

On the addresses are not personal data thing though.. Is it legal for a firm to list all it's customers addresses on the internet? I suppose if Ferrari listed it's customer addresses on the internet that would be inviting trouble for it's customers...

Member
Joined:
Posts: 736

I like your scenario there Lpgc - especially when the (BT) Expert Witness states "it's OK as long as you take the BT Router out" !

In the meantime Morat again the problem is that it may be a combination of certain types of data that constitutes an infraction as I posted a while back: GDPR 4(1)
https://www.gdpreu.org/the-regulation/key-concepts/personal-data/

Similarly ME: "Well Mi'Lud, what about this part of the GDPR ? ":
(R 75) 'Risks to the rights and freedoms of natural persons'
The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analysing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.

I rest my case !

Member
avatar
Joined:
Posts: 8080

But your case has a hole big enough to drive every Land Rover product ever made side by side through it. An address is not personal information. It does not allow anyone to identify the identity of the person that lives there (unless the householder has put a bloody great sign outside saying, Fred Bloggs lives here). If it did, the likes of Zoopla, Rightmove and every estate agent in the country would be in contravention of GDPR.

Member
Joined:
Posts: 82

What actually would exercise me, if I didn't live in the middle of nowhere, is more the fact that MY internet service which I pay for under contract with BT, could be used by any third party FOC, and presumably slow down my available service speed.

Given that our house is not a hotspot and I'm pretty sure I didn't choose to opt out of FON, not sure how this comes about?

Member
avatar
Joined:
Posts: 8080

The FON service is capped at 1Mbs and isn't enabled if you have a slow connection in the first place (which you may have if you are really out in the sticks) so it doesn't slow down a customers connection. You are paying BT for a service and by opting into (knowingly or otherwise) the FON service, you can use every other BT customers connection. So you still getting service even when out of range of your own router.

Member
Joined:
Posts: 736

Ok ……

Under the GDPR (from that last lengthy paragraph I posted) clearly it is not just about the ‘Data’ itself it is about the potential/real effect/s of that ‘Data’ too. Thus I am going to post up another link (and hopefully this time it _will _be read/considered !):-

https://kirkpatrickprice.com/blog/what-is-gdpr-personal-data-and-who-is-a-gdpr-data-subject/

…. And it’s not actually my case it’s the GDPR’s Case !!

Accordingly if, as with my affected neighbour, BT have publically published data which caused his life to be impinged on, then that alone can be an infraction ..

(This is -most probably- why FON’s more-responsible maps are essentially a lower resolution than BT’s when you Zoom In on them… ?)

The major difference with an Estate Agent’s sign etc is that it is ‘material’ for them to do the job you paid them for: Sell your house; For BT BB their FON facility is not ‘material’ (to their service) in that same sense

  • BT are thus on shaky ground by not specifically explaining (ie. in appropriate and clear detail) what customers are signing up to…. Thus either BT have to change their Maps or be more up-front on the Ts&Cs now in the light of GDPR

BT BB customers are paying for this of course: It does not matter if it is ‘only’ 1mbps if most of them seem to be unaware of this. (Again just ask one and see for yourself !!)

And it’s not just BT’s (usual) bombastic stance that is driving me now, it is the notion that there may well be many others like my poorly Neighbour being (badly) affected….

Anyway…. thanks to everyone for their comments/banter etc; It has encouraged me to research/pursue this further and I will now definitely escalate this with the ICO (and report back): BT will probably continue to ignore me but they can’t really do that to them..

Ultimately it is not really our own interpretations that necessarily count here of course, but those of the presiding Regulatory Authorities……

So.... One last time (even though I am now starting to suspect Morat and Gilbertd work for BT):
……………………………………………………………………………………………
What is GDPR Personal Data?

In Article 4(1), GDPR specifically states that “personal data” means any information relating to an identified or identifiable natural person, which is someone who can be directly or indirectly identified. For further clarification, the law provides examples of personal data: a name, identification number, location data, physical address, email address, IP address, radio frequency identification tag, photograph, video, voice recording, biometric data (eye retina, fingerprint, etc.), or an online identifier of one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

https://kirkpatrickprice.com/wp-content/uploads/2018/06/What-is-GDPR-Personal-Data-and-Who-is-a-GDPR-Data-Subject_inpost-300x300.png

Member
Joined:
Posts: 2441

Dave,
I don't work for BT, but I am qualified in Data Protection law.
From your Fitzpatrick link I see nothing that supports your theory and nothing that contradicts mine, indeed - from your link:

<quote> Anonymous Data: One thing about GDPR personal data is clear. Article 26 states anonymous data is not subject to the requirements of the law. </quote>

You need to look at your posts and strip them back to only the points that can be argued from the GDPR/DPA 2018.
I'm sorry, this was fun but now I'm bowing out. If you want to take BT to court it's your choice. My final piece of free legal advice is that you should think very carefully before entering into a short but expensive campaign against a company with limitless resources. Especially when you're wrong.

Member
Joined:
Posts: 736

Well Morat it's your choice to bow out but you are being very selective there of course if in that last link it you are choosing to ignore where it clearly states GDPR Personal Data can be locational and physical address

" From your Fitzpatrick link I see nothing that supports your theory and nothing that contradicts mine " Really ? You are trained in Law for sure !
(Relax, it's a joke...)

Much of the above is banter of course but yes, I have already stripped back my posts and submitted it to BT (so far): Next stop, if their failure to reply persists and as previously stated, will be the ICO, who will decide if I am 'wrong' (not a Court, obviously, that's what the ICO is for of course)

We all know what BT will do (and that should not be allowed either); "We changed our Ts&Cs and then posted them up on our web site, didn't you see them ? (and similar platitudes) "

In fact I have taken on the Big Boys a couple of times in my own career and so don't actually need any free legal advice; Don't take it personally but _not _doing something about this is how they (continue to) get away with it, and is exactly why the GDPR were introduced in the first case and the same principles will be deliberated on for some time too !

Indeed, based on how badly it affected my neighbour enduring chemo I believe I should have done something about it sooner: Thanks to some of your remarks (banter or not) I now have; Will I 'win' ? Who knows ?!... but surely that's not the point.... ?

Member
Joined:
Posts: 1356

I just Googled 'BT hotspot', the top search result reads...
Sign up for BT Broadband and get free access to over 5m hotspots across the UK! +5 Million Wi-fi Hotspots. 18 Month Contracts. Unlimited Broadband. Types: Broadband, Fibre Optic, Unlimited, BT Plus.

I wonder if BT would argue that one of the reasons people sign up is to enable themselves to use hotspots and they need to know where hotspots are to use them. By signing up you knew you'd be able to use listed hotspots but also knew your address would become a listed hotspot... Isn't it fairly obvious that by default with such a service your address would be a hotspot and listed? If you never liked the way that works you could have gone with a a different ISP.. You could still switch to a different ISP, why are we in court when plenty other customers appreciate the trade-off.

Isn't that a case of

davew wrote:

‘material’ for them to do the job you paid them for:

?

Member
avatar
Joined:
Posts: 1228

But your address is useless on its own if I don't know that you live there. It won't necessary personally identify you as being someone that lives there by itself.

Equally your name is useless on its own - Bob Smith isn't unique to person X. There might be a person Y and Z too also called Bob Smith.

Version X of Bob Smith and Address A however, could be personal data if Bob Smith X lives at Address A. Together, that's unique personal data that identifies Bob.

But good luck with it. I'd just not use BT or turn it off if you're that bothered.

Member
Joined:
Posts: 736

First a quick reminder chaps that I did not write BTs WiFi Contracts and/or the GDPR !
However briefly (and repeating myself here to an extent):

Lpgc: Yes, "free" hotspots is a dubious use of that word if you have to give up part of your Bandwidth to join....
Anything that impinges on you negatively as a Customer needs to be explained not imposed as a default...
When you sign up it does not ask you -specifically- if is OK to show your location on their maps either:
BT have imposed certain conditions retrospectively and without 'due notice' to Customers,. even by e-mail
(ie. They have quietly changed their Ts&Cs in a way that the GDPR would not have permitted 'back then' )
Yes, you can go to another ISP of course but you may then have a long-term contract/HotSpot situation;
Not entirely sure of this part but if you turn off the HotSpot facility then it can (possibly) be reinstated by a
(unrequested) software upgrade (downloaded by BT to your hub )
We're not in Court, that was your suggestion/scenario !

Sloth: Again GDPR is aimed at stopping Companies from compiling Profiles on you for nefarious purposes,
and that process may be a result of 'data harvesting' from several sources (as per the links I posted)
I have turned it off; And at least many neighbours appreciate/understand a quieter neighbourhood now !
(For the 3rd or 4th time) I was sensitised to all this because of the effect on another ill neighbour

From experience I would say that sadly many 'just don't get it' until it happens to them....

Probably 'a bit late' but note (4) ! :-

https://teachprivacy.com/why-i-love-the-gdpr/

Member
Joined:
Posts: 736

Quick update on this: BT have just informed me that "if/when I renewed/changed my package then whatever (new) Ts&Cs were involved would then apply" (including, by implication but not specifically, MY LOCATION on THEIR MAP regardless of any anti-social effects): Really ? We'll see....

They also indicated that if you OPT OUT of their WiFi it then takes 7-28 days for your Hub to stop being a HotSpot !!

BT's Definition:

What is personal data?
Answer
The law tells us that it is any information relating to an ‘identified or identifiable natural person’ that
can be used to identify them; for example, a name, address, telephone number, or IP address