Is consent the hallmark of ethical data use in a real estate context? Read the RED (Real Estate Data) Foundation discussion paper.
As the world we live, work and play in becomes ever smarter and more digital, the property sector has a responsibility to collect and use people’s data responsibly and ethically. There is little question that the growing collection of data allows buildings and spaces to be more efficiently managed for the benefit of all, but how do we make sure that we have appropriate consent to collect that data? How do we comply with regulation and make sure that we act in an ethical way when collecting data?
In essence, consent is generally understood to mean the giving of permission or agreement for something to occur. This simple concept presents a multitude of challenges as we attempt to apply it to the acquisition and use of data in the context of real estate. This is ethically problematic, in particular in the public realm, as (unlike when interacting with online services) an individual cannot readily "opt out" of the built environment if they do not agree to the use of their personal data. Those challenges can be exacerbated by a misguided belief that consent is the only basis on which personal data can be processed.
The proliferation of data and the demand to utilise it to optimise design, decision-making, management and profit is neither new nor unique to real estate and the built environment. Technologies and techniques once confined to the analysis of retail assets have been extended into the wider built environment. The real estate sector, like almost all parts of the economy, has been permeated by “dataism”, a term coined to describe the belief that the world can be captured and processed as a series of dataflows. The industry is more alive than ever to the opportunities presented by the adoption of new technologies, which are almost invariably coupled with the processing of ever-increasing volumes of data.
The introduction of the GDPR sharpened focus on the protection of personal data and individuals' rights in respect of it. It represented a strong move towards empowering individuals to protect themselves against a fast-evolving industry where data is seen as an asset that can be commercialised.
Organisations must identify a lawful basis for processing personal data under the GDPR. Within the real estate sector (and elsewhere), consent is often thought of as the most data subject-friendly and, arguably, the most ethical lawful basis, not least because it must be freely given and informed in order to be valid. However, it is not the only lawful basis available (in most cases) and many businesses choose not to rely on it, as compliant consent processes are difficult to implement and consent must be as easy to withdraw as it is to give (a shaky foundation on which to base processing operations).
In the run-up to the implementation of the GDPR, real estate organisations raced to apply compliant processes to mitigate against exposure if and when data subjects looked to exercise their legal rights. Many did so with great success and side-stepped consent in the process. However, it is arguable whether such processes truly complied with the spirit of the regulation and as data becomes ever-more prevalent, wider equalities and human rights issues are also relevant.
Transparency and fairness
Transparency and fairness are core tenets of the GDPR, operating as key data protection principles and important ethical principles more generally. These principles are reflected in the requirements for consent to be informed (i.e. transparency) and freely given (i.e. fairness). Facilitating the exercise of individuals’ rights and giving people greater control over their personal data involves informing them, in a transparent and fair way, how and why their data will be used. The way that information is made available to data subjects often does not meet this standard.
This scenario highlights the point that consent will not be freely given (and, therefore, not valid) if no alternative is presented. It also highlights the essential role that transparency and fairness play in the ethical use of personal data. If we truly understood what uses (and profit) were being made from the collection and use of our personal data, would we click "Accept"? If we are informed but not given the option to reject the collection and use of our data, would we choose not to enter the shopping centre or refuse the free WiFi on offer? In such circumstances, fair use of data and transparency are essential.
Promoting ethical behaviour
Aside from legal considerations, notably the need to be fair and transparent, there are good business reasons why it makes sense to process data ethically. Since the implementation of the GDPR, society has become increasingly data-conscious, with greater emphasis placed on consumer experience, transparency and individual empowerment. Expectations for personal data use differ across a range of generations: from baby boomers who are used to minimal automation to millennials (and beyond) who are somewhat immune to sensory overload, expecting services to be delivered to their mobile devices and managing their experience through wearable and biometric technologies, while at the same time being conscious of the value of their user data.
The use of track and trace technology across the globe in the wake of COVID-19 demonstrates how attitudes to consent and the use of data go beyond regulation. Societal and cultural norms in this space can change drastically across geographies and time. While well-intentioned, track and trace, potentially at least, enabled state-level tracking of individuals' movements. Use of such tracking technology and resultant data is heavily controlled in western countries, but this has arguably created a barrier to its success as a health intervention. This strategy has been much more successful in Asia, where tracking of identifiable individuals is less regulated.
As biometric technology continues to evolve, forming an increasingly significant part of our day to day lives, the issue becomes more complex, particularly for real estate organisations with an international base. An international service provider may grapple with the issue of how to maintain local market competitiveness while also building a reputation as a fair and transparent data user in an international landscape with such varying requirements or levels of acceptability. For example, is it acceptable to track an individual in Country X when you would not do so in Country Y?
The reality is that consent is a highly individual and contextualised concept. We would all support the use of facial recognition technology to find a lost child or locate a criminal, while few of us like the idea of being “seen” by sophisticated technology everywhere we go. We would sign up to the use of our location data if we were sure it could help manage pedestrian safety, while none of us want it used to predict our retail needs. This only highlights the need for consent to be taken seriously by built environment professionals so that it makes places more, and not less, desirable to live, work, play and shop in.
Ethical considerations are also relevant to the use of non-personal data. Fairness and transparency remain essential, particularly where data is obtained through use of a required app in, for example, a new build to rent scheme, and then monetised. Is it fair to improve your product, adapt your property or increase charges on the basis of (non-personal) data obtained from users or tenants without their knowledge? And any business exploiting data in that way should consider whether data subjects or data vendors are appropriately compensated for the benefit that the business derives from the use of that data.
While freely given, fully informed consent may arguably represent the pinnacle of ethical behaviour, it is often difficult to obtain in practice and, as such, is often overlooked by industry. In any case, ensuring that data subjects and data vendors are treated fairly and that data usage is transparent may be even greater indicators of ethical behaviour. Perhaps the focus, therefore, should be on prioritising transparency, whether or not relying on consent to use certain data.
The RED Foundation has devised a set of six data ethics principles aimed at improving standards within the real estate industry. These are: accountability, transparency, proportionate collection of data, privacy and confidentiality, lawfulness, and security.
This discussion paper raises a range of points about the topic around consent and data privacy. It is written by the authors listed below, but this does not necessarily reflect their individual views or those of the companies that they represent, nor the RED Foundation. For the avoidance of doubt, this should not be considered as advice or legal guidance.
For further details on data and data ethics in the real estate sector, please visit www.theREDFoundation.org.
Ian McKenzie – Associate Director, Osborne Clarke LLP
Dr Sue Chadwick – Planning Advisor, Pinsent Masons
Tamara Quinn – Partner, Osborne Clarke LLP
Yusra Ahmad – Director of Global Data & Internal Technology GWS, CBRE