Media Contact

NYCLU Press Office, 212.607.3372

March 17, 2017

CityBridge, the company behind the kiosks for the city’s public Wi-Fi network LinkNYC, announced today that it has greatly improved LinkNYC’s privacy policy. The improvements follow the letter sent by the New York Civil Liberties Union raising concerns about the previous policy.

“We applaud the city for being so responsive to our concerns and now New Yorkers have significantly improved privacy protections when using public Wi-Fi,” said NYCLU Senior Staff Attorney Mariko Hirose. “Internet access is a modern-life necessity and public WiFi should be designed in partnership with the community to minimize the privacy risks of data collection and maximize the benefits to the public.”

LinkNYC, which was publicly launched in January of last year, will eventually become a network of as many as 7,500 to 10,000 public kiosks offering fast and free Wi-Fi throughout all five boroughs. In March of 2016, the NYCLU sent a letter to the Office of the Mayor warning that, under the previous privacy policy, CityBridge, the company behind the LinkNYC kiosks, could potentially retain a vast amount of information about users – often indefinitely. The NYCLU contended that this gave CityBridge the ability to build a massive database that could pose a risk of security breaches and unwarranted NYPD surveillance. The NYCLU further contended that the policy also left open the possibility that data collected by cameras at the LinkNYC kiosks might be available to the city or NYPD.

Under the old policy, users had to submit their e-mail addresses and agree to allow CityBridge to collect information about what websites they visited on their devices, where and how long they lingered on certain information on a webpage, and what links they clicked on. The privacy policy only offered to make “reasonable efforts” to clear out this massive amount of personally identifiable user information, and even then, only if there was 12 months of user inactivity. That meant that New Yorkers who used LinkNYC regularly could have had their personally identifiable information stored for a lifetime and beyond.

The new policy announced today makes the following improvements:

  • Clarifies that browsing history from personal devices will not be stored.
  • Sets the retention period of most technical information for individual sessions to 60 days from the end of their last activity.
  • Clarifies that disclosure of information will occur only as required by law and that there will be notice.
  • Additional limitations on camera use and disclosure of data.