For many visitors, but also employees or third parties, it is a real added value to ensure accessibility: a guest WLAN. For the respective company, this means a “goodie” for those affected, but at the same time unresolved liability issues, data protection obligations and technical challenges.
We explain the background so that you too can offer such a service with peace of mind – in case of doubt with legally compliant terms of use and a privacy policy behind you.
Initial situation
Opening up the possibility of using a guest WLAN usually means that guests, employees and third parties can use part of the company network for private purposes. Registration is generally not a mandatory requirement. This makes it clear at first glance that the separation between guest WiFi and the rest of the company’s IT infrastructure should be as insurmountable as possible. Otherwise, neither data nor IT security can be guaranteed. In any case, precautionary measures should be taken against misuse, system damage or data leaks. It is often advisable to only grant Internet access without system access and to restrict bandwidths. Terms of use and data protection information are also required.
Data protection
By granting Wi-Fi access, companies, as data controllers under data protection law, process data relating to visitors, employees or third parties as data subjects. To enable access, for example, the IP address/MAC address of the user is processed. Data protection law stipulates a number of information obligations for this, which are usually fulfilled by means of data protection declarations. As with the operation of a website, such data protection information is therefore a minimum requirement. Data protection law also requires a new processing directory in order to properly document data processing internally.
Failure to comply with the data protection requirements would result in a fine and possibly also claims for damages.
Liability issues
In addition, the granting of access constitutes a contractual relationship that requires regulation – for example with regard to the operator’s liability in the event of legal infringements by the user via the access point. Terms of use will therefore be required to regulate the legal relationship. These are usually accepted via a captive portal and therefore form part of the contractual relationship. A manually signed declaration is therefore not required.
Liability in the external relationship is otherwise regulated by Art. 4 of the EU Digital Services Act (DSA), after Art. 8 of the German Telemedia Act (TMG) has expired. However, the regulatory content remains similar: the mere provision of internet access does not lead to liability for third-party infringements. However, according to the likewise new Section 8 of the Digital Services Act (DDG), rights holders can also oblige network operators to block users or content in such cases.
Practical implementation
A guest WLAN not only offers employees the added value of saving data volume – especially as regulations for the use of private devices should be in place anyway. Customers and third parties can also use an isolated access point to display content in meetings or access external sources. The guest WLAN is therefore more than just a pastime – it contributes to digitalization in the company.
At best, a captive portal offers simple access in this respect with a confirmation checkbox for the strongly recommended terms of use and privacy policy and a text such as “I agree to the terms of use of the guest WiFi and data protection information [Link] “.