Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
“Free” Wi-Fi in Public Places Collects Name, Email, and Browsing Habits. LGPD Imposes New Rules and Changes How Your Data Can Be Used on These Networks.
The use of free Wi-Fi in shopping malls, airports, bus stations, and cafes has become part of the routine for millions of Brazilians. However, the convenience of connecting without using mobile data hides a detail that many people never notice: most of these networks only grant access after the user provides personal data such as name, email, phone number, and, in some cases, even CPF. According to the General Data Protection Law (LGPD), any collection of this kind must follow strict rules, and this obligation is changing how public networks operate in the country.
Transparency and Mandatory Notice About the Use of Data in Places with “Free” Wi-Fi
The National Data Protection Authority (ANPD) clarifies that any company that offers Wi-Fi and requests personal information to grant access must inform clearly:
– what data will be collected
– why it is being collected
– how long it will be kept
– who will have access to this information
– whether there will be commercial use, advertising, or sharing with third parties
-
Comet 3I/ATLAS has departed, but it left behind a chemical enigma: James Webb found methane, CO2, and water vapor in unusual proportions, reinforcing that the interstellar visitor came from a place very far from the Solar System.
-
Second cyclone of the week is already scheduled to arrive in Brazil and bring rain to 10 states.
-
‘Better alone than in bad company’: science reaches a conclusion on the statement after following 12,000 people for years; results challenge popular beliefs about relationships, happiness, emotional well-being and reveal significant differences between men and women.
-
NASA unveils mysteries of the interstellar comet 3I/Atlas and finds unexpected clues in only the third visitor from outside the Solar System, an object that traveled billions of years and mobilized James Webb, Hubble, and ALMA.
In other words, by requiring a simple email for registration, the shopping mall becomes a data controller and becomes legally responsible for the security of this information.
Official digital security guides, such as those from Sebrae and CERT.br, already warn that public networks often collect more data than consumers realize, especially when logging in via social networks.
The Hidden Risk: Profile Creation Without the User Noticing – Cookies, Tracking, and Online Behavior
In addition to registration, many Wi-Fi systems incorporate tracking scripts that record:
– time spent in the mall
– stores visited (via antenna triangulation)
– pages accessed during browsing
– purchasing preferences
– interactions within the network
This information can be used for targeted advertising, behavioral studies, and even data sales, something that the LGPD now severely limits. To be legal, the mall must guarantee explicit consent—and the user must have the option to say “no” without losing access to the basic service.
Sharing with Commercial Partners
Companies providing public Wi-Fi used to pass collected data to partner retailers, marketing agencies, and behavioral analysis firms. With the LGPD, this can only happen if the user is clearly and objectively informed.
In past audits, the ANPD identified that a significant portion of these terms of use hid important information in lengthy and hard-to-understand texts.
Today, this violates the law and can result in fines of up to 2% of the company’s revenue, limited to R$ 50 million per infraction.
What Changes for the Consumer? Starting with LGPD, Nothing is Really “Free”
The connection remains free, but the data collection needs to be transparent. The LGPD reinforces that the user has the right to:
– know what is being collected
– refuse data collection without punishment
– request the deletion of their data
– know who accesses and why they access their information
Furthermore, cybersecurity experts warn that public connections present extra risks: man-in-the-middle attacks, data interception, password capture, and session cloning. The LGPD does not prevent scams but requires the network provider to ensure a minimum level of security and to clearly inform what is done with the collected data.
What to Do Before Connecting? Practical Recommendations to Avoid Surprises
– use a VPN whenever possible
– do not log in to banking apps on open networks
– be suspicious of networks that ask for sensitive data like CPF
– read (even if quickly) the privacy notice
– do not authorize sharing with third parties unless necessary
Even with the LGPD, the user remains the primary line of defense.
The Era of More Transparent Public Wi-Fi
In the coming years, experts believe that the ANPD will be stricter with public networks, especially in large commercial centers that collect large volumes of data. For many shopping malls, it will be necessary to reformulate the entire privacy policy, improve security systems, and limit user tracking.
The convenience remains the same, but the rule is now clear: when the Wi-Fi requires personal data, the consumer needs to know exactly what they are giving and to whom.
Be the first to react!