How do I ensure that my WiFi hotspot service is legal?


The growth in use of WiFi enabled devices such as laptops, tablets and smartphones has resulted in an increased demand for public wireless internet access in hotels, cafes, restaurants, bars and similar premises.

To cater for this demand (and provide a valued customer service) it is common for the owners or operators of public premises to offer a wireless internet access service to the general public. Such services are known as wireless (or WiFi) hotspot services.

If you are already providing a WiFi hotspot service from your business premises (or if you are just thinking about it) then you should be aware of the legal implications of doing this.

When providing a WiFi hotspot service there are three main areas where there are legal issues to consider:

  • contravention of your Internet Service Provider’s terms & conditions;
  • liability for loss of data or damage to third party equipment & software; and
  • compliance with statutory legal obligations.

Contravention of your Internet Service Provider’s terms & conditions

The first thing that you should consider before making your internet connection available to the general public is whether your Internet Service Provider’s terms & conditions allow your internet connection to be used in this way.

For example, if you have a BT residential internet service then you are prohibited from allowing the general public to use your internet connection.

BT’s terms state clearly that “You may only use the service for your own personal use and enjoyment”.

You would need to have a BT business internet connection in order to offer a WiFi hotspot service to the general public.

However, even if you have a BT business internet service its terms of use state “Where the Service allows access to the internet the Customer understands and agrees that the use of the internet is at the Customer’s own risk”.

This means that if your internet connection is used for illegal activities (eg copyright infringement, child porn or planning a terrorist attack) then it is you that would be liable for the legal consequences as set out in various statutory Acts and Regulations

[Compliance with statutory legal obligations is discussed a few paragraphs below this.]

Every service provider has their own terms & conditions, but these are likely to be similar to BT’s.

Liability for loss of data or damage to third party equipment & software

We strongly recommend that you should take the necessary technical and procedural steps to ensure that your wireless hotspot service is as safe and secure as possible when used by the general public.

However, it is a fact that wireless networks are inherently insecure and that the users of your hotspot service are vulnerable to data hacking and malware attacks.

It is common practice to put a notice in a car park which states that the owner of the car park accepts no liability for loss or damage to a parked vehicle or its contents.

We recommend that the providers of WiFi hotspot services should take a similar approach by displaying a notice that makes it clear to potential users that the use of the hotspot service is at their own risk.

We would also recommend that this message is reinforced by advising potential users of the hotspot service that they should be careful about transmitting sensitive information over the wireless connection and that they should ensure that their wireless device is protected with an appropriate firewall.

Compliance with statutory legal obligations

Many providers of public wireless hotspot services give little consideration to their statutory legal obligations and the serious implications of contravening the relevant legislation.

At present the relevant legislation is:

  • The Digital Economy Act of 2010;
  • The Data Retention Regulations of 2009; and
  • The Data Protection Act of 1998.

There is also the probability of new legislation being introduced that is designed to prevent access to on-line pornography via public WiFi hotspot services. This is likely to require an “opt-in” process similar to that proposed for private internet connections.

The Digital Economy Act of 2010 is concerned about copyright infringement. It is still being challenged in the courts, but according to the law as it stands, if you have “allowed another person to use the service…” (ie your internet connection via your public WiFi hotspot) “… and that other person has infringed… copyright by means of the service” then it is you that would be legally responsible.

To solve this problem you would need a firewall to prevent (as far as possible) access to copyrighted materials and some means of identifying the guilty party by keeping records of who connected to your WiFi hotspot service.

Another consideration is that when you invite the general public to use your internet connection you become a public telecommunications provider and you must comply with the requirements of the Data Retention Regulations of 2009.

The aim of these Regulations is to enable the authorities to trace individuals that have used public telecommunication services for illegal purposes such as planning a terrorist attack, or downloading illegal material or material that infringes copyrights.

To meet the requirement of the Data Retention Regulations you need to keep the following records:

  • user name and address;
  • connection and disconnection times;
  • allocated IP addresses; and
  • timestamped log of online resources and services accessed (eg website addresses).

All of this information should be stored securely and should be inaccessible to unauthorised persons and must be kept for no longer than one year.

After one year the information must be deleted unless you have a legitimate reason to keep it longer.

Furthermore, because you are storing information about individuals, you will also have to comply with the Data Protection Act 1998. This should not be a problem as long as personal information is stored securely and for no longer than is required.

However, the Data Protection Act also requires that you must provide a copy of information that you have stored about individuals should they request it. This implies that you must have systems and procedures in place to comply with such requests.

Also, depending on the type of organisation that you are you may need to register with the ICO as a data controller. Information on this is available on ICO website.

Fortunately there are WiFi hotspot management solutions available that enable a hotspot provider to comply with their statutory legal obligations.

These solutions typically manage access to the WiFi hotspot through a portal which requires a log-in process. It would then log and store details of each website that the user visits.

One benefit of using a WiFi hotspot management solution is that the portal enables the hotspot owner to charge for the use of the service by a credit card or prepaid ticket. It is also possible to obtain revenue in other ways through advertising on the portal.

If you operate a public WiFi hotspot and you want to know how you can minimise risk and meet your legal obligations then you should use the contact button on the left to get in touch with Premitel.

Premitel offer a range of professional services for the design, configuration and installation for wireless networks, including public wireless hotspot networks.

In addition to ensuring that our proposed solutions meet our clients’ coverage and service requirements, we would also advise on how our proposed hotspot solutions should be configured to ensure compliance with statutory legislation.

Click on the contact button to the left if you have a specific requirement or if you wish to discuss how your business could make better and more cost-effective use of its existing telecommunications and internet infrastructure and services.