Part of the reason this gap exists in the first is because PropTech as an industry still doesn’t have a firm definition of what a “smart building” is. In the absence of firm goals for developers to aim for in terms of building automation, the collection of personally identifiable information (PII) is often seen as a prerequisite for implementing advanced “smart building” features. Even worse, the industry sometimes seems to default to the most invasive of all possible data collection paradigms.
New building automation solutions often collect so much data that publications like this one often host great articles about how to manage it. Even in situations such as HVAC management, where the value of granular data to the end user or tenant is obvious, it’s unclear why buildings themselves need to store anything but high-level summaries.
And of course, in the mobility space, where we start to link smart buildings together, even the most seemingly-trivial data like bike GPS info can create huge privacy—and national security—threats.
These privacy risks are not inevitable, but stem from specific design choices in how PropTech and adjacent firms create, store, and use data. To propose a solution, we first need to differentiate between cases when data collection is necessary, and when it is optional or even counterproductive.
Luckily for most of us in the PropTech space, hyper-granular, real-time data of the type used in smart speakers and smart cities is normally not necessary for our products to provide customer value. The key to a strong data management strategy is to first define the specific features that data will enable within the context of a new PropTech product and compare it to the type of data that a solution could collect. Only the data that is absolutely necessary for a feature should be collected by default. While there is value to collecting additional data that could potentially future-proof a solution, each additional dataset should be evaluated for its potential to invade privacy before it is included in a product.
Analyzing specific products and features shows why this approach can be a win-win for both customer experience and customer privacy: In security, we often see logs tied to individual behavior or access cards. Rather than store such granular data, security providers can improve privacy and reduce data storage costs by moving to role-based permissions, rather than unique credentials for each employee.
There is also potential to improve privacy by changing where data is stored, rather than eliminating data collection altogether. To continue with the HVAC example above, there is no reason that detailed data can’t be stored on a customer mobile or IoT device, with building management only limited to summary data. Such a solution maximizes customer experience while virtually eliminating privacy concerns, and, as above, reduces data storage costs for building management.
Luckily, PropTech is well-positioned to lead the way on data privacy. Unlike other tech spaces such as social media, the real estate industry has a long history of being extremely privacy-conscious. A great recent Propmodo piece points out how open data in commercial real estate is still far off. While a lot of PropTech professionals have mixed feelings on the lack of CRE data, the current situation shows that the culture of real estate has the potential to influence PropTech in a positive way on data privacy. Rather than trying to champion data openness in the real estate industry, PropTech innovators are well positioned to bring a more nuanced voice to the overall social conversation around privacy.
In the future, some new technologies are inevitably going to require collecting deep PII on building occupants. Just to pick one example, truly mobile co-working is likely going to require tracking customer preferences across sites. In these situations, traditional concerns about data security and privacy are required. But if PropTech innovators build from a privacy-first perspective, customers will have comfort knowing that their data is safe, which will make them more open to adopting the technologies where data collection is truly necessary.