UP coming GDPR 25 May EU

HI all
one issue that might come up is the up and coming GDPR in the EU
in that a persions location can be found (co ordinates)
and so that personal data needs to be stored securely
also it needs to have been where the user has given consent for that location information to be made public

just something to be aware of (and I know WeatherFlow are aware of this issue and are looking into ways best to deal with it)
and maybe something other developers need to be aware of (e.g when you show a persons location on a map or similar)

Don’t confuse the meaning of “your” location with that if an “object” of which one has set the location.

I do agree with @weather-display this device is marketed as a smartHOME extension, so most of people are placing the unit at their residential address.

Also explanation and consent how collected data is used and stored should be disclosed. There should be clear privacy settings available and option to opt out from sharing any data without consent.

Hi @lasse.soininen

Explanation of how data is collected and used is here: https://help.weatherflow.com/hc/en-us/articles/360005036994-Privacy-Policy-for-Smart-Weather

User opt out to share data publicly is simple and within the app. App > settings > Stations > [select station] > then toggle ‘Share Publicly’ to off

For those who are ultra private, there is a local only mode (no data via internet) whereas data is only broadcast from the HUB locally via UDP. Operation in local only mode will report the raw data to your receiving UDP system, but none of the additional awesomeness that our backend systems deliver (auto-calibration, forecasts, automatic firmware updates, derived data, archived data) is accessible because WeatherFlow won’t have the data from the station.

1 Like

@WFmarketing, Thanks for the clarification. However link provided was more than about the personal data. Not about the data collected by WF stations.

When you decide turn share publicly off, data can’t be accessed by unauthorized 3rd party. Fine. But the data is still sent to WF servers, question is for the sake of transparency - is WF team using data collected from all stations, even the ones that are not shared by publicly? :thinking: And more further how this data is used? Is it sold? Is it used for forecasting?

Do you have more details about the ultra privacy/stealth mode? Is there away to set custom remote reporting server on our hub?

Weather data is not “personal” data. WeatherFlow does not collect any personal data.

1 Like

They actually do, name, email etc. is considered as personal data. Which is clear and specified in privacy policy. Question is really about weather data ownership and the transparency behind it as it is saved under our personal accounts which disclosed GPS locations and much more.

I thought we were discussing GDPR and what constitutes Personally Identifiable Information.

think your going to get this more and more gary as you just publish your map with stations online without any consent to be used on that page itself , your taking weatherflow stored data which most will give consent but your not requesting consent its the trust factor as most will trust a brand over a end user page . to me its makes no difference but the amount of skeptical paranoia based on GDPR about you will get these questions and concerns .
you need to come up with a solution that gives the end user an option and that may mean you collaborate with weatherflow and implement an option. .
until,you get the consent you dont publish
that option has to be very very made aware of because unless they are aware of your map thing then they will never have had the option to consent thats where you may hit teething issues .hence collaboration.

you may find this all rather unnecessary but i have two clients who spent thousands last month adressing these concerns just because the law now requires some form of consentional use .

you have to view it from outside your own back door and privacy has become very very topical and often media will,exaggerate the problems to get the readership , people,believe what they read regardless of source .

right now you dont have many europeans online with the hardware but in due course that will change and you may find this skeptical view more common.

Brian, I don’t publish any PII that is obtained from WeatherFlow… in fact I don’t obtain any PII from WeatherFlow.

ok gary you will have to explain to us all in clear english or clean terminology how you obtain that data and know for example,32 units went online… this is not for my benefit i dont give a dam but im trying help,you avoid these teeting issues arising. that means produce an idots guide explanation.

how do,you as the website owner obtain that consent to publish the data ,

None of that is Personally Identifiable Information.

The big misunderstanding is “What constitutes collection of Personally Identifiable Information?”

looks like you are just not getting point and defensive, by all means carry on , but im asking you yourself has the website owner how do you,obtain consent to publishing the location on the map , nothing to,do,with weatherflow im asking you,yourself as the website owner who publishes the page.

i’m not suggesting your doing anything malicious but unless you put that consent as an option prior to publishing some end users will raise the point over and over again. no consent no publish… its about you yourself and how you obtain and use the data because your the website owner …

may seem all rather pointless but thats basically what needs to be known in this day and age of privacy paranoia.

I get the point. I think you don’t get the point.

The data published is not identifiable to any individual.therefore no consent is necessary.

waste of time trying to help,you,gary never mind … carry on good luck…

The only data that WeatherFlow collects in connection with your WeatherFlow account is an email address. That email address is linked to an account that can be accessed by any number of users. An email address is considered public information by itself does not personally identify any one individual. One can easily create any email address for use with WeatherFlow that has no connection traceable to any one individual.

I can use google maps and see addresses. Does everyone at every address have to give me consent before I use google maps? The weather station ID and the associated weather data are no different than a street address in terms of the type of information. Neither can be used to identify someone unless that person has already provided that info.

Now if I collected names to go along with address and populated a map view with that name/address association, I’d be collecting personal information and need to have the individuals consent. Same thing for Gary, if he collects weather station owners and adds the owners name to the map for each station, he’d need consent.

But a map that shows a weather station at a location is no different than a map that shows a tree at a location or a bird house at a location.


Hi Lasse. The answer to your specific question is that we do not currently use data collected from any station (public or private) for any purpose other than internal analysis to facilitate individual station QC and auto-calibration as well as general improvements to sensor hardware and data processing.

That said, we do intend to use anonymized (non-personally-identifiable) data collected from the smart weather network in other data products such as forecasts, hindcasts and nowcasts. But we will only do that with consent from the individual station owner. Regarding personally-identifiable information (PII), and ways to share your data while maintaining your privacy, please see the discussion here: Station Privacy and PII Concerns


That seems very reasonable and acceptable.


Thank you @dsj for the clarification :slight_smile: It seems very reasonable, consent part is very important and I’m glad to hear that this has been considered.