According to a survey by cloud-based social WiFi company Purple WiFi, 82% of 3,349 global WiFi venues believe they are legally compliant, but were actually in breach of legislation. More than 2,000 venues also confirmed that they were running completely open networks or handing, indicating the venue has no way of tracking internet access back to the user. This leaves the network open to criminal or terrorist use and such venues would be culpable.
These elements are crucial for public WiFi legal compliance, which differs slightly by country in accordance with various local laws, but the main common premise is the ability to track activity on a network back to the user.
In the UK for instance, legislation for public WiFi includes the Data Protection act, European Directive for Data Retention Regulations 2009, the Code of Practice (Anti-Terrorism, Crime and Security Act 2001), Regulation of Investigatory Powers Act 2000 and Digital Economy Act 2010, for which the venues are liable.
In other words, check your WiFi supplier is compliant with these regulations otherwise your content may be compromised by baddies.