Privacy
Q&A ABOUT PRIVACY AND THE GENERAL DATA PROTECTION REGULATION (GDPR)
WHAT IS THE CURRENT SITUATION CONCERNING THE GENERAL DATA PROTECTION REGULATION (GDPR)?
The GDPR took effect on 25 May 2018. The GDPR supervises the processing of all data that can be traced to a person (personal data). The Dutch Data Protection Board (Autoriteit Persoonsgegevens: AP) oversees compliance with these legal rules. The AP published a further explanation of the standards on 30 November 2018. For example, the AP explicitly states that the GDPR does not apply to anonymized data. The CityTraffic method only uses anonymized data.
We put the privacy of the citzens first and we follow all privacy guidelines. Only the amount of passers-by are counted. So we do not have personalized data.
WHAT IS THE DIFFERENCE BETWEEN WI-FI TRACKING AND FOOTFALL COUNTING VIA WI-FI?
In the case of Wi-Fi tracking, individuals are followed, consecutively in time and place. A footfall count aims to count groups at a particular moment in a specific area. So, pedestrians are not followed. Where they’re going and which stores they enter is not measured, for example. The Bureau RMC and the CityTraffic method never engage in Wi-Fi tracking and only measure footfall.
HOW DOES THE CITYTRAFFIC METHOD COUNT FOOTFALL?
The CityTraffic method counts footfall with sensors. These sensors are located in shopping areas, on beaches or at events. The sensors can take measurements continuously and generate averages of footfall countings per half hour, day, week, month and year.
Footfall is counted based on Wi-Fi signals. Only with Wi-Fi enabled on your device, will you be counted. Your device transmits various types of data, including the Wi-Fi address or the so-called MAC address. You will be counted based on this address. The MAC addresses are the only data that our measuring system sees. They are immediately anonymized. The Citytraffic counts are comparable to the method used to measure traffic jams in the Netherlands.
HOW DOES THE ENCRYPTION OR ANONYMIZATION WORK?
To prevent this MAC address from being traced to one specific device, it is immediately converted by the sensor to another randomly generated number. As a result, the sensors never send MAC addresses to the server where the measurements are processed. Bureau RMC only works with these randomly generated numbers. As soon as this number arrives at the server, it is anonymized. So it is changed for the second time. After that stage, we can never trace the number to one device.
WHAT DO CUSTOMERS DO WITH THE RESEARCH DATA?
We carry out countings on behalf of retailers and cities who need information about footfall. We deliver our clients insights in aggregated countings and we do not have insights in behaviour of individual visitors. Thus, cities can determine whether their policies and strategies have had an effect. They can also investigate the impact of events on the footfall, and they can use the insights for adequately solving issues such as parking, safety, and accessibility. Based on these countings, retailers can determine whether they are still located in the right spot and whether their shops are performing well at these locations.
DOES MY CITY MEASURE FOOTFALL IN ACCORDANCE WITH THE GDPR?
Yes, Bureau RMC complies with the GDPR.
CLIENTS RECEIVE AN INDEX WITH INSIGHTS. ARE THEY STILL ALLOWED TO RECEIVE THIS DATA OR DOES IT CONTAIN PERSONAL INFORMATION?
We don’t have personal data. So no product provided by Bureau RMC contains any personal data. You can, therefore, continue to receive our data, in full compliance with the GDPR.
I LIVE IN THE CITY CENTER; WHAT HAPPENS TO MY DATA?
The CityTraffic method counts footfall in shopping streets. Therefore, the sensors have an automatic filter to prevent residents from being included in the counts. The signals from residents are filtered out by removing any signals that are picked up both before and after store opening times. So, if you live near a sensor, you will not be included in the counts.
WHAT MEASURES DOES BUREAU RMC TAKE TO BE GDPR COMPLIANT?
We are fully GDPR compliant. Of course, we follow all developments closely.
The AP (Dutch Data Protection Board) also explicitly stated in its latest press release that the GDPR does not apply to anonymized data. The AP has also indicated what exactly is meant by anonymization. We ensure that our data is not traceable to one unique MAC address, and thus meets the anonymization requirement of the AP.
If other requirements are set, we will certainly follow these.
HOW CAN I PREVENT MY DEVICE FROM BEING COUNTED?
You can do this in two ways: you can disable your Wi-Fi when you are in a shopping area, or you can indicate in our opt-out register that you no longer want your device to be counted. You will need your MAC address for this. Find out where to find the MAC address here.
CAN THESE SENSORS CAUSE MALFUNCTIONS OR INTERFERENCE WITH OTHER EQUIPMENT?
The sensors only detect the presence of Wi-Fi signals from mobile devices. They do not send signals. As far as we know, it causes no interference or malfunction of other (medical) equipment.