Exploring the Most Transformative Trends in Commercial Real Estate | PROPMODO METATRENDS 2023→
Barbed wire - Industry

Privacy-First PropTech Doesn’t Have to Suck

The world is on the cusp of a reckoning about the value and sensitivity of data. In Europe, GDPR is causing companies to think more about how they store and manage data, especially across borders. Even in the United States, long the Wild West of data privacy and regulation, high-profile voices are starting to call for regulation. In the context, we’re starting to see top PropTech commentators talk about data, but the conversation is often oddly limited: In the PropTech space we have detailed discussions about data management and governance, but forget to ask if we should even be collecting as much data in the first place.

Part of the reason this gap exists in the first is because PropTech as an industry still doesn’t have a firm definition of what a “smart building” is. In the absence of firm goals for developers to aim for in terms of building automation, the collection of personally identifiable information (PII) is often seen as a prerequisite for implementing advanced “smart building” features. Even worse, the industry sometimes seems to default to the most invasive of all possible data collection paradigms.

In the security space, where my firm operates, we have seen a rush of venture investment and customer interest in facial recognition, even though it remains unclear what the specific value-adds of the technology are to private landlords. At the same time, facial recognition is about as controversial as it’s possible for a new technology to be, making the ROI extremely unclear for the private organizations that adopt it.

New building automation solutions often collect so much data that publications like this one often host great articles about how to manage it. Even in situations such as HVAC management, where the value of granular data to the end user or tenant is obvious, it’s unclear why buildings themselves need to store anything but high-level summaries.

And of course, in the mobility space, where we start to link smart buildings together, even the most seemingly-trivial data like bike GPS info can create huge privacy—and national security—threats.

These privacy risks are not inevitable, but stem from specific design choices in how PropTech and adjacent firms create, store, and use data. To propose a solution, we first need to differentiate between cases when data collection is necessary, and when it is optional or even counterproductive.

As we’ve seen in the smart speaker space, sometimes data collection is inevitable, and in such cases managing the data is critical to customer experience and the continued success of a product. Similarly, as smart cities initiatives continue to mature, we’ve seen how data governance can be the key to maximizing both the volume of data collected (which is closely tied to the value of smart city tech) and public support for them. While some news outlets are spinning Google’s recent data governance deal with Toronto as a “reining in” of smart cities tech, the deal seems like a prudent compromise for all parties involved.

Luckily for most of us in the PropTech space, hyper-granular, real-time data of the type used in smart speakers and smart cities is normally not necessary for our products to provide customer value. The key to a strong data management strategy is to first define the specific features that data will enable within the context of a new PropTech product and compare it to the type of data that a solution could collect. Only the data that is absolutely necessary for a feature should be collected by default. While there is value to collecting additional data that could potentially future-proof a solution, each additional dataset should be evaluated for its potential to invade privacy before it is included in a product.

Analyzing specific products and features shows why this approach can be a win-win for both customer experience and customer privacy: In security, we often see logs tied to individual behavior or access cards. Rather than store such granular data, security providers can improve privacy and reduce data storage costs by moving to role-based permissions, rather than unique credentials for each employee. 

There is also potential to improve privacy by changing where data is stored, rather than eliminating data collection altogether. To continue with the HVAC example above, there is no reason that detailed data can’t be stored on a customer mobile or IoT device, with building management only limited to summary data. Such a solution maximizes customer experience while virtually eliminating privacy concerns, and, as above, reduces data storage costs for building management.

This isn’t a new perspective. Collecting the minimum data required for a feature is turning into a best practice across all tech verticals, but as we’ve seen with data breach after data breach, the tech industry has been slow to adapt. 

Luckily, PropTech is well-positioned to lead the way on data privacy. Unlike other tech spaces such as social media, the real estate industry has a long history of being extremely privacy-conscious. A great recent Propmodo piece points out how open data in commercial real estate is still far off. While a lot of PropTech professionals have mixed feelings on the lack of CRE data, the current situation shows that the culture of real estate has the potential to influence PropTech in a positive way on data privacy. Rather than trying to champion data openness in the real estate industry, PropTech innovators are well positioned to bring a more nuanced voice to the overall social conversation around privacy.

For those of us in the industry, taking a privacy-centric view on data also can have huge benefits for our businesses, especially by increasing sales and deal velocity. Across B2B, data security and compliance are always key discussions points during a sales process. All B2B tech providers have a data security report they drop on customers, but such artifacts rarely end the discussion: Buyers are becoming savvy to weak promises on data security, and nothing eases CIO concerns like knowing the data a vendor does store isn’t high-risk, and doesn’t contribute to their data debt.

In the future, some new technologies are inevitably going to require collecting deep PII on building occupants. Just to pick one example, truly mobile co-working is likely going to require tracking customer preferences across sites. In these situations, traditional concerns about data security and privacy are required. But if PropTech innovators build from a privacy-first perspective, customers will have comfort knowing that their data is safe, which will make them more open to adopting the technologies where data collection is truly necessary.

Image - Design