Shared spaces and privacy intrusion: what you need to know from our data privacy expert, Lucas Atkin
In the shared space sector, be it property guardianship, co-living or co-working, greater surveillance and real-time information sharing is likely to become the “new normal” as we learn to co-exist with Covid-19. This is the price of doing business in the shared space sector.
The UK Government’s recent U-turn to belatedly join forces with Google and Apple to create a UK contact tracing app is not the only Whitehall tech initiative aimed at easing lockdown restrictions while maintaining public safety. We also understand progress is being made with another app targeted specifically at the real estate sector.
The app will essentially function as a daily “building health index”, which will provide users (like residents or employees) information like air quality; number of building occupants compared to restricted maximum occupancy; busy areas of the building and reports of how well social distancing is being observed. If the building, or a particular section of the building, shows a low health rating, then users can take evasive action accordingly.
This is in addition to implementing other risk-mitigating technology, such as contactless sensors instead of buttons and switches (for example, for lights, lifts and plugs) and temperature check / fever screening cameras.
Clearly, much of the technology being used depends on the collecting and use of information. A significant amount of that information will be personal data. It is not possible to implement these measures effectively and sustainably without considering the impact of the GDPR and other data privacy law (which still applies as normal, as confirmed by both the Government and the ICO).
If you operate in the shared space sector, these issues are likely to affect your business. There are a number of key requirements to consider:
- Transparency: your privacy notices should be updated to explain your measures and their impact on individuals’ privacy;
- Documentary compliance: at least one documentary privacy-specific risk assessment is required;
- Software/hardware providers: will likely be considered processors under the GDPR, meaning strict contractual terms are required;
- Surveillance technology: the ICO has specific rules about the use of CCTV and similar technology; and
- Information management and sharing: organisational protocols should be put in place to ensure that only the minimum amount of personal data is used and that it is only shared and accessed on a strict “need to know” basis.
Our data privacy specialist, Lucas Atkin, who has been working with some of our property guardian company clients and is now firmly embedded within our specialist property guardianship team, is available to provide any help you might need.Back to Our Thinking →