Skip to main content

More Data Retention Issues for Hotels in EU?

Hotels in the Netherlands may soon be deemed Internet Service Providers (ISPs) if they offer free Wi-Fi to their guests.  The Dutch Telecommunications Authority (OPTA) has received an "unspecified complaint" leading to the recent announcement that registration as ISPs may be required under the Dutch Telecommunications Act.   Registration as an ISP would certainly subject hotels to the more stringent EU rules on data retention that are applicable to ISPs and telecom providers.   Application of the Data Retention Directive to hotels would require them to retain data to trace and identify the source, destination, date, time and duration of communications for up to two years and could require hotels to track what guest is logging on to Wi-Fi and when. 

The European Commission has not commented on the legality of the move, although questions are likely to be submitted for review.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.