Five Bar Owners Arrested In France For Not Logging Internet Use By Patrons Using Bars' WiFi Connections
from the what-even-the-fuck-but-in-French dept
A seldom used mandate from France’s 2006 anti-terrorism law is being wielded rather conspicuously in a single French city to lock up small business owners.
At least five bar owners in Grenoble, France have been arrested for providing WiFi at their businesses without keeping logs. The bar owners were arrested under a 2006 law that technically classifies WiFi hotspot providing establishments as ISPs, and require them to store one year’s worth of logs or connection records for anti terrorism purposes.
France has a long and inglorious history of forcing ISPs to log user activity, but this is the first time data retention laws have been used against business owners who allow customers to connect to their WiFi. In 2011, the law was expanded to demand the logging of user login info and passwords, thus ensuring service providers would always be tempting targets for malicious hackers.
The new and sudden enforcement of a nearly 15-year-old law seems pretty weird, considering it only targeted five bar owners in one city. This suggests Grenoble law enforcement might have a bit too much time on its hands. It doesn’t appear to be part of a larger sweep across the country to (harshly) remind small business owners of their data retention obligations.
The bar owners — who were all released after questioning — said the hospitality section union (UMIH) never made them aware they needed to retain 365 days of customer internet activity, despite holding several conferences and seminars on running hospitality business. UMIH responded by saying it’s not the union’s fault members don’t read UMIH junk mail.
Umih admitted that the training doesn’t mention WiFi logging but noted that Umih members should have known about this important requirement because it was mentioned in a newsletter.
Dystopia — well, more of it — has come to Grenoble, France. Five bar owners are now more than fully aware of their data retention obligations. Since these arrests have made international news, it’s safe to assume customers are also now fully aware their internet activity is being logged and stored every time they connect with a bar’s hotspot.
Not that staying home helps. Bar patrons face the same harvesting of data whether they stay in or go out. ISPs — which includes anyone offering a “public” connection — are under the same obligations. Failing to do so could net bar owners (or cable company employees) a 75,000 Euro fine and up to a year in prison.
And, in a damned if you do/damned if you don’t twist, there’s a good chance this kind of logging — especially without explicit consent from patrons — violates the far-more-recent GDPR. But few bar owners will have the money needed to challenge France’s law or have the ability to run this by the EU Commission for a second look. That leaves it up to the local cops, who appear to have found a new way to make things periodically miserable for the community they serve.