GDPR, your WiFi and the problem with uniqueness

WiFi is a powerful and effective way of initiating conversations with customers based on time and location. It shouldn’t require email or necessarily any data collection but it should create value and compliment the wide range of online activities that your organisation already undertakes.


As we have been tracking the progress of GDPR compliance, it seems curious that many organisations are looking to simply shoehorn their existing business process into a quasi-compliant state and then claim they are working on it.

We feel that the world is moving on and specifically with the provision of WiFi, venue operators should be asking themselves why they need customer information in the first place? The answer usually falls into 2 areas:

  • We give WiFi away for free and think that we should collect customer data because it can be monetised/we can use it for CRM and marketing.
  • We have a legal obligation to know who is using the WiFi in case someone needs to “access logs” in the future.

Neither of these responses really stand up to any scrutiny, the easiest to defend is perhaps the internal use for marketing.


“Our customers visit our stores and when registering to use WiFi we start a conversation.”

For this to be true you need to have a CRM system where you can identify each customer. Walk ups in a coffee shop will never be captured in CRM. If you have loyalty program, perhaps customers have already registered for something and exist in a platform. Think Club Card or Nectar, Boots or Costa Coffee. This is a good start, and you could ask customers for their loyalty card number when signing up for WiFi – this would allow you to know that James Jones on the WiFi is the same James Jones that spends £150 a month, lives in Reading and so on…

How many times have you been asked for a loyalty card number to register for WiFi?

If not using a unique customer identification number, perhaps the problem could be approached using email? – which is also unique, like a mobile phone number. This is a plausible approach but to be effective really needs the operator to check the customer’s email BEFORE letting them use the WiFi. This type of validation is common when signing up for online services and prevents users from claiming to be In the public WiFi context however, it creates friction which leads to people giving up. To usefully identify customers based on email, it is vital that you collect their email addresses in the course of your normal day-to-day business AND that users use the same email when signing up for WiFi.

Although it is plausible to integrate your WiFi service into a wider customer engagement/conversation, it is extremely difficult to execute with a useful degree of accuracy. In which case the data is mainly “stand alone” in its own silo. Most marketing activities that we see are based solely on WiFi events eg: registration or physical return visits as these are reliable trigger events. Currently, almost all event based communication is via email, with 70% of UK consumers claiming to receive too much email, some savvy operators are looking to new ways to engage customers with instant messaging – considered the single most important means of communicating with 16-24 year olds.

Lastly, the collection of data on the basis that it may have value to a 3rd party is not only wrong READ MORE HERE but becoming increasingly insulting…. we will sell your data in exchange for using our free WiFi.


Finally, as a venue operator you have no obligation to collect customer data for legal or regulatory purposes. IT IS A COMPLETE MYTH