Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
“Free” Wi-Fi in Public Places Collects Name, Email, and Browsing Habits. LGPD Imposes New Rules and Changes How Your Data Can Be Used on These Networks.
The use of free Wi-Fi in shopping malls, airports, bus stations, and cafes has become part of the routine for millions of Brazilians. However, the convenience of connecting without using mobile data hides a detail that many people never notice: most of these networks only grant access after the user provides personal data such as name, email, phone number, and, in some cases, even CPF. According to the General Data Protection Law (LGPD), any collection of this kind must follow strict rules, and this obligation is changing how public networks operate in the country.
Transparency and Mandatory Notice About the Use of Data in Places with “Free” Wi-Fi
The National Data Protection Authority (ANPD) clarifies that any company that offers Wi-Fi and requests personal information to grant access must inform clearly:
– what data will be collected
– why it is being collected
– how long it will be kept
– who will have access to this information
– whether there will be commercial use, advertising, or sharing with third parties
-
The most feared warplane of the United States is over 70 years old, carries 32 tons of explosives, flies 14,000 kilometers nonstop, and has just been sent to the United Kingdom amid escalating tensions with Iran.
-
Satellites and radars revealed, beneath 2 kilometers of ice in Antarctica, a lost world the size of Wales, with rivers, valleys 1,200 meters deep, and plateaus sculpted by water, frozen for 34 million years, when the continent had temperate forests and was part of a supercontinent that included South America.
-
A 2 kg exoskeleton with an 800-watt motor and artificial intelligence that predicts movements in 2 milliseconds reduces the load on the legs by up to 30 kg, increases strength by 40%, and allowed an 84-year-old woman to climb mountains without falling behind.
-
The Senna Tower in Balneário Camboriú is using stakes considered unique in the world that go down 40 meters and are driven 5 meters into the hardest rock on the planet, with technology approved by the same engineer who designed the Burj Khalifa.
In other words, by requiring a simple email for registration, the shopping mall becomes a data controller and becomes legally responsible for the security of this information.
Official digital security guides, such as those from Sebrae and CERT.br, already warn that public networks often collect more data than consumers realize, especially when logging in via social networks.
The Hidden Risk: Profile Creation Without the User Noticing – Cookies, Tracking, and Online Behavior
In addition to registration, many Wi-Fi systems incorporate tracking scripts that record:
– time spent in the mall
– stores visited (via antenna triangulation)
– pages accessed during browsing
– purchasing preferences
– interactions within the network
This information can be used for targeted advertising, behavioral studies, and even data sales, something that the LGPD now severely limits. To be legal, the mall must guarantee explicit consent—and the user must have the option to say “no” without losing access to the basic service.
Sharing with Commercial Partners
Companies providing public Wi-Fi used to pass collected data to partner retailers, marketing agencies, and behavioral analysis firms. With the LGPD, this can only happen if the user is clearly and objectively informed.
In past audits, the ANPD identified that a significant portion of these terms of use hid important information in lengthy and hard-to-understand texts.
Today, this violates the law and can result in fines of up to 2% of the company’s revenue, limited to R$ 50 million per infraction.
What Changes for the Consumer? Starting with LGPD, Nothing is Really “Free”
The connection remains free, but the data collection needs to be transparent. The LGPD reinforces that the user has the right to:
– know what is being collected
– refuse data collection without punishment
– request the deletion of their data
– know who accesses and why they access their information
Furthermore, cybersecurity experts warn that public connections present extra risks: man-in-the-middle attacks, data interception, password capture, and session cloning. The LGPD does not prevent scams but requires the network provider to ensure a minimum level of security and to clearly inform what is done with the collected data.
What to Do Before Connecting? Practical Recommendations to Avoid Surprises
– use a VPN whenever possible
– do not log in to banking apps on open networks
– be suspicious of networks that ask for sensitive data like CPF
– read (even if quickly) the privacy notice
– do not authorize sharing with third parties unless necessary
Even with the LGPD, the user remains the primary line of defense.
The Era of More Transparent Public Wi-Fi
In the coming years, experts believe that the ANPD will be stricter with public networks, especially in large commercial centers that collect large volumes of data. For many shopping malls, it will be necessary to reformulate the entire privacy policy, improve security systems, and limit user tracking.
The convenience remains the same, but the rule is now clear: when the Wi-Fi requires personal data, the consumer needs to know exactly what they are giving and to whom.
Seja o primeiro a reagir!