No, pubs are not legally required to offer WiFi. But the moment you do offer it, a set of legal obligations come into effect that many landlords are unaware of. Getting this wrong can result in significant fines under data protection law, and in serious cases, liability under the Digital Economy Act.
This guide explains what UK pub and bar owners need to know about offering guest WiFi legally and responsibly.
The short answer
Providing WiFi in your pub is entirely optional. There is no UK law that requires a licensed premises to offer internet access to customers.
However, once you switch the router on and let customers connect, you become a data controller under UK GDPR – and that creates obligations around how you handle the data generated by that WiFi network.
What is UK GDPR and does it apply to pub WiFi?
UK GDPR (the UK’s retained version of the EU General Data Protection Regulation) governs how businesses collect, store and use personal data. It applies to any organisation that processes personal data , including pub landlords who offer guest WiFi.
When a customer connects to your WiFi, data is generated. At minimum this includes:
- IP addresses assigned to connecting devices
- MAC addresses (device identifiers)
- Connection timestamps
- Browsing data, if your router or network software logs it
IP addresses and MAC addresses are considered personal data under UK GDPR because they can, in combination with other information, identify an individual.
If your WiFi system collects email addresses at login (via a captive portal), you are collecting personal data directly and additional obligations apply.
What does UK GDPR require you to do?
Tell users what data you collect You must have a privacy notice that explains what data your WiFi network collects, why you collect it, how long you keep it, and whether it is shared with third parties. This does not need to be a lengthy document, but it must be accessible — ideally linked from your WiFi login page.
Have a lawful basis for processing Under UK GDPR you need a lawful basis for processing personal data. For guest WiFi the most commonly used basis is legitimate interests — you have a legitimate interest in operating a secure network, and users have a reasonable expectation that connecting to a business WiFi network involves some data processing. If you are collecting email addresses for marketing, you need explicit consent.
Only collect what you need You should not collect more data than is necessary for the purpose. If you only need to provide internet access, you do not need to collect email addresses unless you are using them for something specific.
Do not keep data longer than necessary Connection logs should be deleted after a reasonable period. There is no fixed rule, but retaining data indefinitely is not compliant.
Secure the data you hold Any data stored by your WiFi system must be kept securely. If you use a third-party WiFi management platform, check their data processing practices and ensure you have a data processing agreement in place with them.
The Digital Economy Act and illegal downloads
The Digital Economy Act 2010 creates liability risk for businesses that provide internet access. If a customer uses your WiFi to download or distribute copyrighted material illegally, you could in theory face a claim.
In practice, enforcement against pub landlords for customers’ actions is rare — but the risk is real and documented. A pub owner was fined £8,000 after a customer downloaded copyrighted content over an open, unmanaged WiFi connection.
The practical protection is simple: use a managed WiFi system with a terms-of-use screen that customers must accept before connecting. That acceptance, logged with a timestamp, shifts responsibility to the user and provides you with a clear record that access was granted under agreed terms.
Do you need a captive portal?
A captive portal is the login page customers see before they can access your WiFi — the screen that asks them to agree to terms, enter an email address, or confirm they accept your usage policy.
You are not legally required to use one, but it is the most practical way to:
- Present your terms of use and obtain acceptance
- Collect the consent you need if you want to market to customers later
- Log who connected and when, which provides protection if your connection is ever implicated in illegal activity
- Separate your guest network from your business systems
For most pubs, a simple captive portal with a one-click terms acceptance is sufficient. Anything more complex like email collection, social login, marketing opt-ins, requires you to be clear with customers about what you are collecting and why.
Do you need to register with the ICO?
If your pub collects and processes personal data — including WiFi connection data — you are likely required to register with the Information Commissioner’s Office (ICO) and pay the annual data protection fee. Most businesses that handle personal data need to do this, with limited exemptions.
The fee is typically £40-60 per year for small organisations. You can check whether you need to register and complete the process at ico.org.uk.
Separating guest WiFi from your business network
This is a legal and operational matter. Your EPoS system, card terminals, and back-office computers hold sensitive business and payment data. Customers connecting to your guest WiFi should never be on the same network as these systems.
A properly configured pub WiFi installation uses separate networks — one for customers, one for business operations — so that a customer on your guest WiFi cannot access your payment systems or internal network. This is also a requirement under PCI DSS if you process card payments, which almost every pub now does.
If your current WiFi setup does not separate guest and business traffic, this should be addressed as a priority. A professionally installed pub WiFi system will configure this correctly from the outset.
What about RIPA — the Regulation of Investigatory Powers Act?
RIPA governs how public authorities can access communications data. For pub landlords, the practical relevance is limited — but if law enforcement agencies ever request information about activity on your WiFi network, you may be required to provide it. Using a managed service provider means this obligation is handled at the provider level, rather than falling directly on you.
A practical compliance checklist for pub WiFi
Use this as a quick check against your current setup:
- Guest WiFi is on a separate network from tills, card machines and back-office systems ✓
- A privacy notice explaining your WiFi data practices is accessible to customers ✓
- Customers see and accept terms of use before connecting ✓
- If you collect email addresses, you have explicit consent for any marketing use ✓
- Connection logs are stored securely and deleted after a reasonable period ✓
- Your business is registered with the ICO if required ✓
- Your WiFi provider has signed a data processing agreement with you if they handle personal data ✓
Getting the setup right from the start
Most compliance issues with pub WiFi come from systems that were set up without any thought for data handling — an unmanaged router under the bar with a password on the chalkboard. If that describes your current setup, you are probably not compliant.
A properly managed pub WiFi installation handles most of this automatically. Terms acceptance is built into the login flow, networks are separated, and the provider takes responsibility for the infrastructure layer.
See how Click Telecom’s pub WiFi installation works in practice — or get in touch to discuss your venue’s specific requirements.
