Data protection and real estate – more topical than ever before
The combination of the terms "data protection" and "real estate" may not seem obvious at first glance. The advancing digitalisation in the real estate industry and the effects of the new data protection law will change this.
What is data protection and what is not?
There is no regulation on the handling of factual data, such as the use of defined data formats or specifications on data consistency in construction projects. Unfortunately, such a regulation is largely lacking today, ultimately to the detriment of property owners. The Data Protection Act (DSG) regulates the processing of personal data by private individuals and companies, among others. In principle, every person should be able to determine the use of their data themselves. Swiss data protection law is designed in such a way that the processing of personal data by private individuals is generally permitted, provided that the principles laid down in the FADP (e.g. purpose limitation, data minimisation) are observed. The revised FADP will enter into force on 1 September 2023. In a real estate cycle, there are numerous starting points for handling personal data. Some areas are highlighted below:
Marketing by estate agents
Through their activities, estate agents come into contact with interested parties whose customer and personal data they process. Brokers are therefore now legally obliged to draw up a data protection declaration. In it, they must inform the data subject, among other things, about what data is collected or processed for what purpose, what the processing modalities are and what rights he or she is entitled to. The declaration can be published on the website or in the GTC. If tenant profiles are used for the sales process, caution is required. Either personal data must be blacked out or the tenants must explicitly agree to the disclosure to prospective buyers or the tenancy agreements contain clauses that allow the disclosure in the sales process.
Management data
Data is often processed as part of the management process: Tenant checks before conclusion of the contract, user data on the operation of a property, data from access controls (outside the property or to the tenant unit), network data, electronic concierge or smart solutions offered by the landlord (such as tablets in rented rooms, smart homes, etc.). The DPA creates an obligation for every service provider to account for the data they process and to ensure that it is handled in accordance with the law. It is therefore recommended to conduct an individualised data protection analysis. Such an analysis must take into account, among other things, the specific circumstances and data flows, the type of data and service provision, as well as the storage locations. The tenants must be informed of all processing of their personal data, unless there is a corresponding basis in the tenancy agreement.
Offer abroad
If offers for sale are also made to persons in the EU area, the provisions of the European Data Protection Regulation (GDPR) must be observed. These are much stricter in some points than the regulations of the DSG. If necessary, the use of geo-blockers should be examined.
Seidel & Partner Rechtsanwälte AG specialises in legal issues for construction, planning and real estate. Our focus is on value-added and solution-oriented support for SMEs, investors, cooperatives and authorities. We strive for economically sensible solutions; litigation typical of lawyers is only a last resort for us.
Contact
Dr. Wolf S. Seidel &
Lic. iur. Simon Kohler
Seidel & Partner Rechtsanwälte AG
Balz-Zimmermann-Strasse 7
8302 Kloten
Phone 044 590 20 12
www.seidelpartner.ch