Since January 2014 the Dutch Data Protection Authority has observed that snack chain Febo, through its use of the Bluetrace data tracking system, was violating its patrons’ privacy by collecting information without their permission, according to the Personal Data Protection Act. And after several warnings, nothing has changed, but the agency is pissed off enough to fine Bluetrace if they don’t clean up their act within the next six months.
According to Bluetrace’s website, they claim to “respect the privacy of persons”, since “after 24 hours, all anonimized data is being erased from our systems”. However, that “anonimizing” they carry out is apparently very easy to undo, so basically nothing at all has been done to protect people’s privacy for quite some time.
Febo also has to make sure that they don’t collect personal data of people who live nearby, make sure they tell people explicitly that their data is being collected, and tell them how long their data will be stored, etc., which they don’t. Dutch law states that “the processing of any personal data requires the data subject’s unambiguous consent,” like a sign at Febo that warns people. Bluetrace has said that they place signs, but that’s not the case in the 30 or so Dutch municipalities where their system is operational.
Turning off your phone was a retarded Dutch government answer, because even when your phone is off, it could still be giving out information through radio signals and possibly with malware, if Edward Snowden has taught the world anything.
Febo is just an example, as many other companies and towns who use Bluetrace are also violating the law, and I’d dare say, even flaunting it, since 2014. Why the authorities are only getting serious now remains a mystery.