Each MAC is supposed to be unique, so it's going to be hard for this not to be Personal Data.
It's possible that a different number could be assigned each time an MAC enters a station, and used in the tracking records, so that the tracking data for a device can't be combined across multiple visits. That might work and be legal without having to get permission.
As a very occasional visitor to London, I'm not that bothered. But anyone thinking an MAC address isn't personal isn't thinking this through. And that's what worries me. Just a hand-wave about de-personalising the data isn't enough. Did the people planning this know enough?
(I know enough about law and technology and stats to ask awkward questions around the intersection. It's a little worrying that I might know more about MAC addresses than the lawyer, and more about the law than the techie.)
Biting the hand that feeds IT
