rangerovers.pub
The only place for a coil spring is up Zebedee's arse
Member
Joined:
Posts: 1141

So it would still seem the best option would be use a different isp if you dont like what they are doing? There are many others to choose from who offer alternatives.

Your reply above reinforces what's been said previously, it doesn't tie your name to any of the data given. Therefore not personal data. The location of a hotspot is not the same thing by any means.

Member
Joined:
Posts: 739

With respect BrianH the 'best' option - at least for me - is (still) to 'encourage' BT NOT to impinge on Customers' privacy and welfare
(and not just mine) !

As already explained you can keep BT BB and disable the HotSpot and/or change the Router

My reply above does not actually 'reinforce what others have said': Please do read the information in the links I provided as LOCATION is part of the Personal Data definition of course: It is not just about the name of a person: It is getting a little irritating having to repeat these things as patently folks are not actually reading the links, just repeating their (possibly misguided) interpretations of the GDPR

BT state that in the light of the GDPR:

Key steps include:
• re-writing our main customer-facing privacy policies
• creating a system to allow tight management of data across systems
• introducing a new group-wide Privacy Impact Assessment tool so that we design privacy
into all of our products, service and ways of working
• appointment of a Group DPO
• updating our corporate customer and supplier contracts
• implementing an awareness plan across BT group

We’re confident that we’ve already taken the most important measures that most directly impact on
our customers’ rights and blah blah blah....

....the main point being (yet again) that by publishing Customers' Locational Data (without their specific Consent) is probably in breach of GDPR privacy principles.

I will return with whatever weasel words BT reply to this charge (other than 'tough you upgraded so we decided via new Ts&Cs that it was OK' !)

Additional:
Apologies if anyone thinks my responses rude//harsh but imagine how many BT BB WiFi/HotSpot Customers might be similarly unwittingly inconvenienced / harassed etc

Member
Joined:
Posts: 1357

I don't know anything about GDPR and wouldn't expect to become an expert by reading a few links today.

Seems you're implying a point that there's a difference between, say...
1 - someone picks addresses at random and lists them on a website made just for the purpose of listing the random addresses and calls the website 'some one time randomly generated UK addresses' or 'examples of UK addresses'.
2 - The Ferrari analogy again where some Ferrari dealer lists addresses of customers who have recently bought a new Ferrari.. though it probably wouldn't make much difference if Ferrari called this list 'valued prior customers' or 'list of people who recently bought a new one'.

Seems intuitive but again I'm not an expert. To me, the difference in 1 and 2 is that 1 is just a list of addresses with no context, can't see how that could be of much use to anyone with good or bad intentions, 2 could be put to use by thieves who want to nick a Ferrari or by sales people who knock on doors trying to sell conservatories.

But then when you say 'BT BB WiFi/HotSpot Customers might be similarly unwittingly inconvenienced / harassed etc' I'm not sure if it would make for an all round better situation if customers had to opt in. There will be some people who signed up to the service because they want(ed) / need(ed) to make use of hotspots, plenty other customers who aren't fussed about sharing a small amount of their bandwidth occasionally so others can use hotspots but probably wouldn't bother to opt in if opting in meant having to lift a finger (and similarly wouldn't bother to opt back in if they got a letter saying they'd been automatically opted out but could opt back in again). The likely result of people having to opt in would be that the number of hotspots would become so small as to render hotspots a totally unreliable means of accessing the internet... Maybe not so bad these days with 3g/4g but a few years ago if you'd managed to force BT into making opted out the default instead of opted in I dunno if that would have made you more popular or less popular... If I had to guess I'd say most likely overall less popular.

Member
Joined:
Posts: 739

Sorry Lpgc I appreciate the input but it would be a long/repeated answer without providing even more suitable links...

Briefly then, for your examples 1) and 2) both could contravene the GDPR 'simply' by putting such data into the Public Domain without our consent.

As for consent itself the GDPR states it is a requirement to 'opt in'.... not 'sign us up' by default, pre-ticked boxes, hiding it away somewhere in the Ts&CS and it can't be assumed that we opted in because we did not actually 'opt out' etc etc.... and all regardless of what any of us may personally prefer !

Yes - if more people knew about all this they probably would not opt in; Thus BT would have to provide more Primary Hubs (as they already have established in Shopping Malls etc) instead...

No, I am really not concerned about 'popularity' here (particularly with BT!) but what I can tell you is that those BT BB Users I have told
1) Were almost always uniformed/unaware about this issue and 2) Were grateful !

As I have also stated the best way to find out for yourself is to explain it all to an 'identified' BT BB Customer;
You may be surprised by just how rapidly indignant they become !

Member
Joined:
Posts: 739

One of the advantages of having revealled BT's WiFi disadvantages is (enraged) folks sending me numerous other examples, like Virgin proudly stating how in their " Free Hotel WiFi service " they 'Data Harvest' us too (albeit with our permission/consent); Moral ? Don't consent.....

" Customer analytics
Users register before they can access your WiFi – it’s a potential gold mine of data for your marketing.
Get their consent and you’ll get their dwell time, location analytics and user demographics too
"

Member
Joined:
Posts: 2448

Dave, sorry but you can't keep misleading people like this.

In LPGC's examples.

  1. No contravention of GDPR. GDPR is relevant only when personal data is processed. No personal data is processed in this case because an address on its own is not personal data.
  2. Not necessarily a contravention of GDPR. A Ferrari dealer could very easily process the personal data of its customers in a lawful manner, as long as they abide by the terms of GDPR. A lawful basis could be "legal obligation". Should there be a recall on a model of Ferrari the dealership would need the contact details of their customers to inform them of that recall. No consent would be required for this lawful processing.

    If the dealership were to publish or share the list they'd be in breach. If they were to use the list for direct marketing they'd very likely be in breach (depending on their Fair Processing Notice) and also of PECR, just for fun.

To address an earlier post

<quote> Please do read the information in the links I provided as LOCATION is part of the Personal Data definition of course: It is not just about the name of a person: It is getting a little irritating having to repeat these things as patently folks are not actually reading the links, just repeating their (possibly misguided) interpretations of the GDPR </quote><br>

This is a clear misunderstanding of the law. The location being provided is that of a Hot Spot and not an individual identifiable person. I can see no way in which the location of a hotspot identifies an individual and therefore this information is not Personal Data. GDPR is only relevant when personal data is being processed.

Dave, BT Fon Maps show the locations of one specific service - BT Hotspots. If you think that is a breach of GDPR, what do you think of Google Maps?
They show the location of nearly all addresses in the world, the location of many services (restaurants, shops, schools, hospitals etc) and they even let the public add photographs and reviews of these locations and services.
Surely this is an even more outrageous breach of GDPR?

Your starter for ten: "How are Google not in breach of GDPR due to their provision of the Google Maps service?"

Member
Joined:
Posts: 2448

davew wrote:

One of the advantages of having revealled BT's WiFi disadvantages is (enraged) folks sending me numerous other examples, like Virgin proudly stating how in their " Free Hotel WiFi service " they 'Data Harvest' us too (albeit with our permission/consent); Moral ? Don't consent.....

" Customer analytics
Users register before they can access your WiFi – it’s a potential gold mine of data for your marketing.
Get their consent and you’ll get their dwell time, location analytics and user demographics too
"

Now this is the sort of shit that GDPR was designed to counter. Yes, the correct answer is to withhold consent.
GDPR brought in some very powerful tools for the consumer. You are allowed to withdraw your consent at any point*. You are allowed to demand that your data be deleted. Most importantly, it's no longer legal to make consent to marketing analytics a requirement for provision of a service (don't quote that, I'd need to check the exact wording) which is why you get these massive cookie consent lists with different levels of consent for different types of cookie.
The cookies that make the site run can be compulsory (under Legitimate Interest) but those that track your purchasing preferences and/or are used for big data analytics and ad preferences have to be optional. If you read the Fair Processing Notice of those sites they HAVE to explain what each level of data is being used for. This is all GDPR and it has real teeth.

I'd be interested to know how Virgin are getting hold of User Demographics. IME that's either a rough guess based on device type (are you using a brand new iPhone or el-cheapo Android tablet) or it's a really deep dive into tracking cookies and/or social media. Smelly.

*which is a real pain in the arse for the processor who has to create a mechanism that allows the removal of the data subject from whatever systems they originally consented to be part of.

Member
Joined:
Posts: 995

I'm clueless about GDPR (which is why I've stayed out of it all so far) but my girlfriend is a director of a software and web development agency. She's very well versed in GDPR for her own company, the clients she and her employees make software and websites for and has also spent time a good amount of time contracted out to other companies to consult on GDPR.

She knows her stuff.

She's looked through this thread and in summary she says BT are NOT breaching GDPR but the automatic opt in could be considered bad and could be implemented better.

TBH, I doubted a company as large as BT would allow themselves to fall foul of something like GDPR. The risk of getting sued by every one of their customers or whatever the penalties are wouldn't make it worth it.

Member
Joined:
Posts: 739

(Thanks for your input RR: No offence but we'll see what Weasel Words BT use and the ICO think about what happened to me:
GDPR is currently widely open to interpretation and as stated before the definition of Personal Data is very wide; I have actually
consulted on new EU Directives myself and it is interesting to see the current wide difference in interpretations between Companies and
Individuals/Customers' so I will wish her well with it !)

Sorry Morat, but I can’t allow you to keep being overly selective like this either, as that approach is now beginning to sound like a clear (and possible deliberate) misunderstanding of the Law (!).....

Lpgc 1) I have now posted up – several times – various links (and the GDPR text itself) stating how their Personal Data definitions clearly include both LOCATIONAL and ADDRESS information; Please contact the folks on those links (and the EU) and tell them just how they are ‘misleading people’ etc !

(As an aside here it may also help to call it Personal Data rather than just personal data in your responses to make the necessary disctinctions)

Lpgc 2) It you had followed his example yes he is/was referring to a Published List of Ferrari Owners who absolutely would be victims of a GDPR breach.

As already stated we will see how BT and the ICO view my ‘Legal’ Case and I will post that up here

You completely missed the point with Google Maps (and not just that like BT WiFi where I PAY for their ‘service’): It’s not a very good example but if somewhere hidden in the Google Ts&Cs it said ‘folks can park on your drive occasionally but it is OK you can park on theirs too…. (followed by “what’s that – you didn’t you see where we added that on our website etc ) I would be equally displeased.....

Now I am not sure what you do in ‘Real Life’ Morat – and I am not asking (it would be an intrusion of your Privacy) but you seem to have a very liberal opinion on what (currently) constitutes Personal Data; I would advise you to tread carefully……! :-)

Member
Joined:
Posts: 739

RE: Vigin Hotel WifI...

https://www.virginmediabusiness.co.uk/applications/wifi-solutions/virgin-wifi/public-wifi/

At leas we agree on that ! It probably depends on how their Consent Forms are (specifically) phrased Morat but I'll ask then too !

Member
Joined:
Posts: 739

For anyone requiring a quick summary here this might provide it:-

https://www.gdpreu.org/the-regulation/key-concepts/personal-data/

Member
Joined:
Posts: 2448

<quote? I have now posted up – several times – various links (and the GDPR text itself) stating how their Personal Data definitions clearly include both LOCATIONAL and ADDRESS information;</quote>

You're looking at it backwards. To qualify as personal data, whatever data you're processing has to relate to an identifiable individual living Human. Once the Human has been identified THEN the location, address, inside leg measurement etc becomes personal data.

Locational Data of a Hot Spot, a Range Rover, a House or a Whale is irrelevant to GDPR. None of those things are humans and therefore their Locational Data is not personal data.

LPGC's first example clearly did not include the identity of any individual therefore: Not Personal Data.
My opinion on what is PD is based on training given to me by solicitors and barristers who specialise in Data Protection law.

Also, online threats just make you look a bit foolish.

But you still haven't answered your homework :)
HINT: GDPR applies equally to BT FON and Google Maps. The fact that one service is free is irrelevant when considering Data Protection

Member
Joined:
Posts: 739

?? Did you read #111 before replying Morat ?? Please feel free to share your opinions with them/ tell them they are wrong too !

Solicitors and Barristers ? Hilarious ! ( I have dealt with a few, and as you know they love this kind of ££nonsense/conflict)

Tell you what: Other than simply ridiculing what I wrote post up a few Official Links of your own to substantiate your theories: Prove It !
Not the patronising stuff about Whales and Google Maps; post up on here where a reputable body say PD is not as those Links I have
posted up numerous times now and I might begin to take some notice....

As for 'Online threats' ? Seriously ? You mean...... what (currently) constitutes Personal Data; I would advise you to tread carefully……! :-)

  • Yes, that's a smiley face at the end there. and it was intended as a joke response to your 'advice' not to tangle legally with BT & etc:
    Looks like you are quite adept at misinterpreting other things than GDPR too then ? 'Feel foolish' yourself now ? I await your apology !

Finally I am not talking about 'Free' services in that way; You know how with SN "if you are NOT paying the YOU are the product"
HINT: If we ARE paying then we really should expect better than to have our privacy invaded by an idiot in a van etc....

Member
avatar
Joined:
Posts: 8093

davew wrote:

Sorry Morat, but I can’t allow you to keep being overly selective like this either

So stop doing the exact same thing. The Google Maps is a very good example, you can look and see that there is a pub in a certain location but does it give any Personal Data of the Landlord or any other identifiable individual? No it doesn't, so is not in breach of GDPR. You could argue (and you probably will) that the location of a pub is a benefit to, and has probably been encouraged by, the Landlord so he has directly or indirectly given his consent. So how about Filllpg.co.uk then? That uses Google Maps to display the locations of LPG filling stations but the locations are added by the users, for the benefit of other users, and not by the owners of the filling stations. Again, it doesn't give any Personal Data for the owner just the location of a service. Is that any different to the BT Hotspot map?

So, stop confusing the location of a service with the location of a person, they are not the same. Even then, the location of a person alone is not enough to identify that person so is not Personal Data.

Member
Joined:
Posts: 739

?? Being selective ?? Please just read the links I provided, including #111

I am simply quoting what all the major pundits are saying and yet I have not, as yet, read one that anyone else has posted up on here stating specifically that PD is NOT ‘LOCATION’ and/or ‘ADDRESS’ & etc

It’s not up to me to prove they are it’s up to you to prove they are NOT ! (ie. Stop 'shooting the messenger' !)

Again it is more about invasion of privacy and how a person can be profiled by such data, that’s (partly) what the GDPR is there for 'obviously'

And, with respect Gilbertd you just answered your own question: A pub is a ‘service’ and (presumably) it wants to be found… if there were kids causing a nuisance outside the landlord can call the police………………… and pn that not, I’m calling the ICO !

Member
avatar
Joined:
Posts: 8093

davew wrote:

And, with respect Gilbertd you just answered your own question: A pub is a ‘service’ and (presumably) it wants to be found… if there were kids causing a nuisance outside the landlord can call the police………………… and pn that not, I’m calling the ICO !

and so is a BT FON Hotspot, it's a service that can be used by other BT customers, and if there are kids outside causing a nuisance the resident being affected can also call the police.

Call the ICO so we can put an end to this. Or will you just argue that they don't know what they are talking about either?

Member
Joined:
Posts: 739

What ? My BT FON HOTSPOT is a public service ?? Great - I'll reinstate it and start charging punters to use it today !

If there are any kid problems i can always turn it off - as it only takes 7-28 days to implement this....

(PS: Before someone starts BT specifically stops you from charging for 'their' FON 'Service' via your hub
it's hidden away in their On-Line Ts&Cs - if you missed it !)

No doubt anything the ICO say will be 'measured' and refer to specific parts of the GDPR
I am agreeing with the ICO's position on all this, regardless, in case you missed it !

In the meantime I am simply spreading the word about BT FON and what their 'free' really means.....

Member
avatar
Joined:
Posts: 8093

davew wrote:

What ? My BT FON HOTSPOT is a public service ??

Of course it is. It's providing a service to all BT customers who are already paying for it through being customers of BT.

Member
Joined:
Posts: 739

Well actually that was sarcasm followed by the 'charging for it' joke

Besides it isn't a Public Service since I (sensibly) opted out

But wait,.... we are paying for it, so why do they say it is FREE ??
/sarcasm off again

EDIT: Just Had a quick rumage around for official interpretations of PD that said NOT LOCATION and ADDRESS............ Happy Hunting !

Member
Joined:
Posts: 995

What personal info does the location of a hotspot give?

If I look at a map of hotspots all I can glean from is that there is an internet connection there.

I don't know the name of the person who lives there, I don't know their gender, colour, race, religion, I don't know how many kids they have, I don't know their bank details, I don't know where they work. I don't know anything about them other than they have BT broadband.

I know no more about them than I would know about someone driving down the road in a Ford. All I know about them is that they drive a Ford.

I don't have BT internet so I can't use the app but the screenshots shown on the app page don't even show the addresses of the spots on the map. There looks to be a text list of "premium" hotspots with addresses but those all look to be businesses. So, as far as I can see from the limited access I have to screenshots, it doesn't even look as if they're giving away the address.

But even so, an address alone doesn't give me any personal information to work out the name of the person living in that house.

As far as I can see all the presence of a hotspot tells me is there IS a house there - but that's a fact that's already given away the second I can see the large pile of bricks, mortar and glass at the side of the road.

Are phone books still a thing? When I was a kid we had a big book that had everyone's name, address and phone number in it. No one was up in arms about that and that gave away a lot more information than a WiFi hotspot seems to.

The hotspot IS a service, for paid up BT customers. If people don't know they're hosting them then they should read the terms and conditions of their BT contract instead of blindly clicking yes. Not understanding or knowing something isn't the same as not being told something, regardless of how indignant they are when you tell them.