[hexadec]

I do appreciate the fine and the fact that the city will stop tracking citizens but I have to play devil's advocate: is this actually a privacy risk?

I have been playing around with passive wifi tracking for a personal project and found that most devices (including iOS and recent Android) all have MAC randomization turned on. Even in mesh wifi like this, the MAC rotates when a new base station is picked up. So while annoying and against GDPR rules, I am not sure if this is a true loss of privacy.

[fjfaase]

I understand that a truncated hash of the MAC address was stored in a database of the company City Traffic and that people investigating the database were able to establish that every night (between 4AM and 5AM) one and the same device was traveling through the city center. They have not been able to identify the person who might be carrying the device. Anyway, the Dutch Data Protection Authority concluded that for the purpose of counting the number of people in the city center it is not allowed to track them according to the Dutch law implementing the GDPR. If City Traffic had just stored the number of unique MAC addresses picked up by one of the ten 'MAC address sniffers' for some time interval, they might not have violated the law.