Since late 2016, the Transport for London has been running a pilot scheme, providing wifi to passengers while logging and retaining all the wifi traffic coming in and out of its access points, compiling a massive dossier on every tube-rider who had wifi turned on for their devices, whether or not they ever accessed the wifi service.
In a document obtained under a Freedom of Information request, TfL plans to make £322m “over the next eight years by being able to quantify asset value based on the number of eyeballs/impressions and dynamically trade advertising space.”
A TfL spokesperson also refused to rule out selling “aggregated customer data to third parties.” While the UK has some good data protection laws thanks to the EU, it also inherited the EU’s train-sized loophole, which is that companies that collect customer data can do anything they want with it, so long as they “de-identify” it first — though the EU Directive does not establish what it means to de-identify a data-set, nor do many computer scientists believe that this is possible (with very good reason)…
TfL worked with the Information Commissioner’s Office on the scheme and said that user data was anonymised. But privacy experts have cast doubt on the implementation.