IP:, Resolution: , Time (de):
Open Source Hardware Firewall
Currently: English

WiFi Hotspot GDPR & data retention

WiFi hotspot & GDPR
Sylbek Hotspot Server with integrated or supplied access points can be viewed as a simple WLAN, such as home WiFi from the point of view of GDPR.
Users do not register, but receive access authorization in the form of:
Username & password, password only, or solely by agreeing to the terms and conditions.
A WLAN provider can register users, but do not have to, according to the Court of Justice of the European Union.
Further information über WiFi hotspot & GDPR

EU Legislation
On 8 April 2014 the European Court of Justice has declared that the directive is incompatible with the Charter of Fundamental Rights.

Legal directives for data retention (Directive 2006/24/EG) make it mandatory for EU member states to pass national laws that require data that is produced through the provision and use of electronic communication services to be retained by the service provider for a minimum of 6 months.

Implementation in Germany
Germany's highest court (Das Bundesverfassungsgericht) has rejected on 2010/03/02 a controversial law requiring communications data to be stored for six months for possible use by law enforcement.

The data retention law requires service providers to save electronic communication data to support criminal proceedings.
All telecommunication traffic data, email, telephone or internet, must be saved and stored for 6 months.

Traffic data that should be stored for all internet connections:

- users assigned internet protocol (IP) address
- the unique identifier of the account that uses the connection
- the start and end time for the session of the IP connection

Communication content and sites visited should not be stored

What data can be stored in Sylbek Hotspot Server?
The MAC-address, IP-address, unique username and session time will be stored. There are many TXT-Files (around 1MB), which you can download through FTP. See below for an example of a user log.
User access logging
User access logging. Enable under /System/Logging/hotspot, consider GDPR

Sites visited will not be stored.
In brief only the time that a user logs on and off will be recorded. Users can log themselves off (user request) or they can be logged off by the system due to in activity (idle timeout). If a non unique user name is used, for example 'anette.schick', then additional information about the user such as home address should be stored externally.
MAC-address and private IP addresses can not be seen as unique properties.

Due to the inquiry to save more user activities, we offer Firewall-Logging. With it can be stored additionally further data as source- and destination- IP, protocol and port. Therefore you should be informed about the data retention legislation in Your Country.
Firewall-Logging (optional)

What should a hotspot provider take into account?
Choose as username a unique property such as an email address or customer number from your system.
If you print access cards in prior then make a note of the customers name when you hand over the card.