Since late 2016, the Transport for London has been running a pilot scheme, providing wifi to passengers while logging and retaining all the wifi traffic coming in and out of its access points, compiling a massive dossier on every tube-rider who had wifi turned on for their devices, whether or not they ever accessed the wifi service.
In a document obtained under a Freedom of Information request, TfL plans to make £322m "over the next eight years by being able to quantify asset value based on the number of eyeballs/impressions and dynamically trade advertising space."
A TfL spokesperson also refused to rule out selling "aggregated customer data to third parties." While the UK has some good data protection laws thanks to the EU, it also inherited the EU's train-sized loophole, which is that companies that collect customer data can do anything they want with it, so long as they "de-identify" it first -- though the EU Directive does not establish what it means to de-identify a data-set, nor do many computer scientists believe that this is possible (with very good reason).
Maria Farrell, internet policy consultant at the Open Rights Group, told Sky News: "What they told people at the time was we're going to use this data to improve services. But now thanks to [Sky News] investigative reporting, we find out that it's partly to improve the services, but also it's to exploit people's data for revenue, doing advertising."
TfL worked with the Information Commissioner's Office on the scheme and said that user data was anonymised. But privacy experts have cast doubt on the implementation.
Paul-Olivier Dehaye, the cofounder of PersonalData.IO, told Sky News: "TfL don't seem to understand what 'anonymised' means in data protection terms. While the pilot was running, the data was merely pseudonymisation, while retaining the technical capacity of easily combining this data with external datasets.
"In essence, the value and dangers of this data are still fully there, but TfL has merely constructed a fiction that the individuals were not identifiable and conveniently assumed that would free them from the legal safeguards."