Home > General Administration > Privacy and Security > GDPR - Data Privacy and Protection

GDPR - Data Privacy and Protection

Cisco Meraki is committed to protecting the data that our customers entrust to our cloud-hosted service. The General Data Protection Regulation (GDPR) introduces specific requirements that apply to companies established in the EU, or located anywhere in the world when processing personal data in connection with offering their goods or services to persons in the EU. For Meraki organizations hosted on the Meraki EU cloud service, Meraki has made improvements to its cloud-hosted service.

 

Our EU Data Privacy statement can be found on our privacy page.

Requesting Network User Consent

Meraki splash pages allow you to create a custom consent message, enabling administrators to notify end users that their data may be collected if they connect to the network. This custom splash page message can also be used to refer users to tools they may use to opt out of certain data collection services.

image.png

It is the administrator's responsibility to provide notice to, and obtain any necessary consents from, your network users regarding collection, processing, and storage of their data. Be sure to review applicable law for consent requirements in your location if you rely on consent to collect and process personal data.

To create a custom consent message:

  1. In the dashboard, navigate to Wireless/Security appliance > Configure > Splash page
  2. Select the desired SSID/VLAN from the SSID/VLAN drop-down menu at the top of the page
  3. In the Customize your consent message region of the page, select "On"
  4. Enter your custom message, which users must consent to in order to use your network
  5. Click Save changes at the bottom of the page

Note that this Custom Consent Message is not compatible with/will not be displayed with the Fluid Theme, and must be used with the Modern theme.

Additionally, 'Cisco Identity Services Engine (ISE) Authentication,' 'Systems Manager Sentry enrollment,' and 'Sign-on with Facebook Wifi' are not supported with this Custom Consent Message because Meraki does not render the splash page for those splash-types. For the listed options, the splash pages are rendered through a 3rd party service.

Organization Data Storage

Data Storage Region Selection

When creating an organization, you are required to select a region where your organization will be hosted on Meraki's servers. Please take special considering when selecting this option to ensure that your data storage region choice complies with your country's legal requirements for data storage, and that it satisfies your personal/company's needs, given that the region may affect performance with dashboard latency, relative to your actual location.

Additionally, if a region is selected that does not match your browser's detected IP address during organization creation, you will be presented with a warning notification.

image.png

If you are presented with this notification, please ensure that you are sure of your selection, in order to best serve your network.

EU region organizations have some special data hosting considerations which should be noted. Learn more about EU region hosting in our EU Cloud Configuration Guide.

 

Verifying Data Storage Region

The region your organization is hosted on can be viewed at any time in the dashboard in the bottom-middle of every page.​​​​​​​

Features Disabled by Default for EU Organizations

Certain features are required by EU regulations to be turned off by default, if they are not directly instrumental to the performance or outcome of the product. These features are not necessary for the networking/primary purposes of the product to function.

The following features are disabled by default for organizations stored on EU servers:

  • Location Analytics
  • Client Tracking
  • Location Heat Map

These features can be enabled under the Privacy section in your organization's settings (Organization > Settings).

Note that if you are providing network service to end users in an EU region and have these features turned on, it is not required, but may be worth mentioning if using a Custom Consent Message as described above.

API Endpoints

In order to enable network administrators to comply with and satisfy data protection/data privacy requests, Meraki has built out several API endpoints to help facilitate privacy requests. More information on how to use the Meraki dashboard API can be found in our Dashboard API article. There are three types of API endpoints relevant to customer data privacy and GDPR compliance.

  • Data Deletion
    • Customers can delete dashboard data, either for themselves, or in response to requests from users of their networks.
  • Restriction on Processing
    • In Meraki’s dashboard, data can be identified, hidden, and removed upon a verified request to restrict processing.
  • Data Access and Portability
    • To honor customers’ requests to export their information, Meraki has built functionality to enable accessibility and export of dashboard data.

The API endpoints available are all documented in our API documentation, and can be found in the PII, SM and Client sections. Additional documentation and examples these endpoints can be found in our Postman collection

Data Deletion

Using the user provided PII key (MAC, iPv6, IMEI, email or username), to get the relevant networks and associated PII keys on each of those networks, use:

GET /organizations/[id]/piiKeys

If information for the provided PII key is found, use the following endpoint to delete information related to the PII key. 

POST /networks/[id]/pii/requests

The datasets by applicable to each type are: mac (usage, events, traffic), email (users, loginAttempts), username (users, loginAttempts), bluetoothMac (client, connectivity), smDeviceId (device), smUserId (user). To delete all applicable data for a specific piece of PII, select all datasets. 

Restriction on Processing 

Using the user provided PII key (MAC, iPv6, IMEI, email or username), to get the relevant networks and associated PII keys on each of those networks, use: 

GET /organizations/[id]/piiKeys

If information for the provided PII key is found, use one or both of the following endpoints to restrict processing. 

POST /networks/[id]/pii/requests
POST /networks/[id]/pii/requests

 

To lift the restriction, use one or both of the following endpoints:

DELETE /networks/[networkId]/pii/requests/[id]

Data Access and Portability Requests 

Using the user provided PII key (MAC, iPv6, IMEI, email or username), use the GET /organizations/:id/piiKeys?mac=:endUserMac to get the relevant networks and associated PII keys on each of those networks. If information for the provided PII key is found, use one or all of the following endpoints to collect the end-user data. 

GET /networks/[id]/clients/[mac]/
GET /networks/[id]/clients/[mac]/events
GET /networks/[id]/clients/[mac]/usageHistory
GET /networks/[id]/clients/[mac]/trafficHistory
GET /networks/[id]/clients/[mac]/securityEvents
GET /networks/[id]/merakiAuthUsers/[email_or_username]
GET /networks/[id]/splashLoginAttempts
GET /networks/[id]/bluetoothClients/[bluetoothMac]

For Systems Manager

GET /networks/[id]/sm/users
GET /networks/[id]/sm/user/[id]/deviceProfiles
GET /networks/[id]/sm/user/[id]/softwares
GET /networks/[id]/sm/[id]/deviceProfiles
GET /networks/[id]/sm/[id]/softwares
GET /networks/[id]/sm/[id]/networkAdapters
GET /networks/[id]/sm/[id]/wlanLists
GET /networks/[id]/sm/[id]/securityCenters
GET /networks/[id]/sm/[id]/restrictions
GET /networks/[id]/sm/[id]/certs
GET /networks/[id]/sm/[id]/cellularUsageHistory
GET /networks/[id]/sm/[id]/performanceHistory
GET /networks/[id]/sm/[id]/desktopLogs
GET /networks/[id]/sm/[id]/deviceCommandLogs
GET /networks/[id]/sm/[id]/connectivity

Checking Data Protection Request Status

The status of any requests for data deletion or restricting processing can be viewed in the Meraki dashboard from Help > Data protection requests.

data_requests1.png

This page displays a list of all protection requests, their scope, type status, and other relevant information.

data_protection_requests.png

MV Camera Data Privacy Features

Several data privacy features were built specifically for Meraki's MV cameras to satisfy data privacy requests.

Export Video

  1. Navigate to Cameras > Monitor > Cameras

  2. Select the desired camera from the camera list.

  3. On the Video tab, click Export.

  4. Select start and end time and date for the export. Alternatively, use the timeline slider to chose the export duration.

  5. Click Submit to start the export.

Note: The current minimum time allowed for a single export is 1 minute and maximum time allowed for a single export is one hour. The download link for an export is good for one hour at time of page load. Refreshing the dashboard page generates a new download link. 

Mark Video/Pause Processing

Video that needs to be set aside or marked for further review can be set under the Export menu on the Camera Status Page or Video Wall

Video can be marked and paused by selecting the arrow next to Export > Pause processing for GDPR. A slider will appear that allows you to select a time section to pause. Once a section has been selected, click Pause Processing at the top-right section of the video screen. The paused selection will be added to the Paused clips list.

Pause_Processing.png

Paused clips will not be viewable in the stream and will not be processed until 'Unpaused.' These clips will be stored and will not be overwritten. Each paused clip can be up to 24 hours long.

Note that paused video clips are stored locally and will consume space on the internal storage of the camera. Storing large amounts of video in Paused clips may impact video retention times, as the internal storage of the camera will not overwrite paused clips and will not be able to use the storage they consume while paused.

Delete Video

Video that needs to be permanently deleted can be deleted under the Export menu on the Camera Status Page or Video Wall

Video can be deleted by selecting the arrow next to Export > Delete. A slider will appear that allows you to select a time section to delete.

Delete1.png

Once a section has been selected, click Delete Video at the top-right section of the video screen. The deleted selection will be permanently removed, and will no longer be marked as green on the timeline slider.

Delete2.png

Note that video which has been deleted is permanently lost and cannot be recovered. Meraki cameras store all video on local storage and Meraki does not keep backups of camera video.

 

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 7190

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community