General Data Protection Regulation GDPR (EU)
In the EU, we have data protection regulation for personal client data (MAC, Device-Name, etc). I have to inform my client how long access log data is stored. Unfortunatly I'm unable to find this information in the documentation?!
The Omada Contoller needs to have some kind of client privacy features:
- Automatically delete client data after a (adjustable) period of time
- Option to delete data of a single client
Otherswise it's impossible to use it regulation confom in the EU.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello,
Thank you for your feedback.
The OC200 is in compliance with the EU regulations and we have got through many knids of certification.
You say you cannot find the information in the documentation. What information do you want to find?
You want to delete the information of the client devices. Could you please tell us what information you want to delete?
- Copy Link
- Report Inappropriate Content
Luckily I was able to find the information ('Controller Settings' > 'Historical Data Retention') how long the client access data is keept in the logs. So my first Question is answered.
But for my second point I still haven't find a satisfying solution.
The General Data Protection Regulation of the EU states in Article 17:
Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay
How can I fullfill this requirentment in case one of my clients ask me to erase his personal data record?
For this case, there should be a 'Delete' button for clients in the 'Insight' view (Next to 'Block' and 'Edit').
- Copy Link
- Report Inappropriate Content
Hello,
@vonTinzenberg , thank you for your feedback.
1. The OC200 complies the law of EU. All TP-Link devices don't record the clietns' information.
2. When some clients connect to the AP, we can see some information of these clients. But after they disconnect from the AP, the information of these clients will be disappear. We can also find the information in the log, but the manager can delete them.
- Copy Link
- Report Inappropriate Content
EAP Controller doesn't collect personal data. Hostname/MAC-Address of the host is not the personal data. Personal data can be collected, when you auth via SMS or maybe facebook, etc.
- Copy Link
- Report Inappropriate Content
vonTinzenberg wrote
The General Data Protection Regulation of the EU states in Article 17:
Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay
A MAC address alone is not a personal data record. See https://www.bundestag.de/resource/blob/538890/3dfae197d2c930693aa16d1619204f58/wd-3-206-17-pdf-data.pdf
But even if you regard a MAC address as a personal data record, the rules set forth in §28 BDSG apply: If you record the MAC address to fulfill a private business' (as opposed to a governmental agency's) purpose, it's allowed to store MAC addresses as long as you don't record other personal data, which can reveal a person as the device's owner or certain aspects of a person's behavior by using the MAC address to look up this person.
Since Omada Controller does not store names or addresses or emails of WiFi users when their MAC address is logged, it is perfectly o.k. to store the latter, especially on public hotspots where ten-thousands of MAC addresses show up each day.
Read the document linked above, it discusses the legal use of WiFi surveys at public places for mass tracking with MAC addresses being stored and looked up to prevent multiple accounting of the same device. It does not violate the BDSG law or the GDPR directive (it's NOT a law, the EU is NO state!).
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1797
Replies: 5
Voters 0
No one has voted for it yet.