Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Internal captive portal for internet access - GPDR compliance

This thread has been viewed 0 times

  • 1.  Internal captive portal for internet access - GPDR compliance

    Posted Jul 20, 2017 05:35 AM

    Hello everyone,

     

    Just a quick question about internal captive portal on a 7205 controller (running on 6.5.1.4).

     

    To be compliant to the new regulation GPDR, we have now to keep track of every guests accessing to Internet through our free hotspot.

     

    My goal is to have the guests enter their email adress (fake or not) on the captive portal webpage and to keep a track of it for one year. The best way I see to keep a track of the email adress is that the email adress would appear in the logs (After I will be saving them with a syslog server).

     

    Is this possible with the controller only?

     

    I am aware that the clearpass solution answers this needs. I just want to be 100% sure that this is not possible without it.

     

    Thanks for the reading and your future answers,

     

     



  • 2.  RE: Internal captive portal for internet access - GPDR compliance

    EMPLOYEE
    Posted Jul 21, 2017 02:57 AM

    Hello,

     

    I have been reading into GDPR as well, but could not find such a requirement to log e-mail addresses (or identity) for guest users. As I have heard people thinking that GDPR requires such logging, can you tell me where you found that obligation?

     

    What I have found so far on GDPR, is that IF you log e-mail addresses THEN you need to protect them and describe how you process them. In case you don't log, there is no personal information available, so GDPR is not even in scope from what I found. If such a logging requirement would exist, it would be a big pain for shops, bars, restaurants to provide guest access; and I'd expect to have heard more about that topic from such clients.

     

    I'm only aware of legislation in Russia and France where anonymous internet access is forbidden, and network operators should register who is accessing the network. In Russia plans were to require real photo-ID validation. Form my last visits to France it seems to have relaxed over time., as I don't need to register anymore at places that I visited. If such legislation exists, I can imagine that GDPR applies to that recorded data. I just have not found the rule that you should record that data.

     

    I'm not a laywer, and I only read summaries of GDPR till now; so hope you have more information.

     

    Please note my vision above is my personal view and observation as seen from an engineer perspective and should NOT be seen as an official legal statement by HPE or HPE Aruba.



  • 3.  RE: Internal captive portal for internet access - GPDR compliance

    Posted Jul 24, 2017 04:59 AM

    Hello,

     

    Thank you for your answer.

     

    You are totally right, I mixed up two different things. My bad.

     

    GPDR is about data protection and how to implement it.

    My concern is specific about France where there is this article of law : Article L34-1

    It specifies that it is mandatory to keep information about users to whom you give access to internet for 1 year.

     

     

    Thus, my question is the same, does someone know if there is a way to do this without a clearpass just with the controller?

     

    Thanks,