Seems irrelevant taking into account you don't expose your MAC address when you connect to the Internet (unless the access point is compromised, as is the case).
The owner of the AP can track you by MAC; if the advertisers have agreements with WiFi providers and software that works with the AP hardware to track by MAC then they can definitely track someone that way. Sounds like something Google would do...
I'm not an expert on GDPR but if PII is being collected and distributed/sold without explicit consent that sounds like it should be a legal liability. What is the per-violation fine for things like this under the GDPR?
Correction: the _maximum_ fine is 4% of annual income or €20 million, whichever is greater.
There is also no guarantee of any fine, see vertex-four's comment. For something like this I expect they will simply be warned to fix their WiFi and won't actually be fined unless they continue being in violation.
There isn't really a per-violation fine - their country's information regulator should investigate and fine them for their illegal practices in general. The regulator has fairly wide remit to pick an amount of their choosing for the fine, or to simply tell them to fix their practices and not fine them.
6 comments
[ 4.8 ms ] story [ 23.7 ms ] threadThere is also no guarantee of any fine, see vertex-four's comment. For something like this I expect they will simply be warned to fix their WiFi and won't actually be fined unless they continue being in violation.