Spain: Published AEPD Guidelines for Processing Incorporating Wi-Fi Tracking Technologies

On 7 May 2024, the Spanish Data Protection Agency (AEPD) published the Guidelines for Processing Incorporating Wi-Fi Tracking Technologies. The Guidelines provide an analysis of the technology's implications, highlight key risks, and offer a set of recommendations for responsible usage in compliance with data protection regulations. Wi-Fi tracking technology enables the identification and tracking of mobile devices through Wi-Fi signals, facilitating the detection of device presence in specific areas and the identification of movement patterns. According to AEPD, the use of this technology may entail the processing of personal data and, as such, must adhere to the principles, rights, and obligations outlined in the General Data Protection Regulation. Moreover, the AEPD listed the privacy risks associated with its use, as it could potentially enable the tracking of individuals' movements without their knowledge or consent and without a valid legal basis. Consequently, the AEPD noted that due to the inherent risk factors and considerations, it is generally necessary to conduct a Data Protection Impact Assessment (DPIA) prior to undertaking such processing activities.