:quality(70):focal(1290x525:1300x535)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/KJDRFOBRYFGZXBVMWPETKD7MFA.jpg)
Can a property agent for an owners’ management company (OMC) force residents to use an app for parking? The background is, we receive two permits (one allocated space, one visitor permit) per property as per the agreement when we purchased our home. We are owner-occupiers. The signage on site states that if you have additional visitors, you have to send the car’s details by SMS.
The parking enforcement company wants to cease the SMS service and force everyone to use a smartphone app. I have two issues. Firstly, the signage which remains on site states a vehicle can use the service three times in a seven-day period, but the notification received via email states this has dropped to two instances in a seven-day period. Residents weren’t consulted about this change; I’ve attended every agm for over a decade. Secondly, the on-site signage doesn’t mention the requirement for a smartphone app, just the SMS option.
I’m cautious about what apps I install on my phone. The smartphone app doesn’t comply with Apple or Google Play’s privacy requirements as the app developers haven’t updated the app in more than 3 years and so neither app store has details of the data collected by the app. There is a second link to the parking enforcement company’s privacy policy, but when you click on the link, it’s broken/lands on a 404 error. I visited the parking enforcement company’s website directly and looked at the privacy policy on the website. It states they will use your information for marketing purposes and will share your information with third parties. You cannot “opt out” as by downloading the app, you accept the privacy policy, but you cannot park without the privacy policy.
Our permits are due for renewal, and I’ve been directed to a web form to apply. I cannot obtain our permits without accepting the use of the parking app, but I don’t believe it’s GDPR [General Data Protection Regulation] compliant. If I was parking in a council space, I have the option of paying cash, but I’m being forced into using an app as it’s the only option for parking.
:quality(70):focal(2225x1920:2235x1930)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/LBOUKD4VKBBNBM54RMVLBVXR4U.jpg)
:quality(70):focal(598x228:608x238)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/PWCU46BHXVEMPEIGM7FWJIPWZM.jpg)
:quality(70):focal(895x570:905x580)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/Z7EGD53NHNBQZMJHM24XEENXOU.jpg)
:quality(70):focal(1330x1100:1340x1110)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/WLCIMWZQI5HCLATCYAHVRNAGYE.jpg)
I’ve tried raising my concerns with the agent, but I’ve been ignored. Is there a legal basis for forcing a non-GDPR compliant smartphone app on to residents?
Without all relevant information and supporting documentation, it is difficult to provide a comprehensive answer. You are an owner-occupier in what sounds like a multi-unit development. As such, you are likely a member of the OMC that operates according to a governing lease agreement – the OMC constitution – and has various statutory obligations. The OMC appointed a property agent, something that I would expect to have been approved at an agm and the terms of which should be made available to all members of the OMC for review.
You refer to the property agent and a parking enforcement company and it is not clear if these are one and the same. I will assume for the purpose of your query that they are. The parking enforcement company now seeks to cease the SMS service that has operated heretofore and mandate the use of a smartphone app by residents. This smartphone app will use car registration numbers, your name and your address which are, for the purposes of GDPR, “personal data” (article 4[1]).
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/43QMEYQGA5GKBDNGWG5YWECT4M.jpeg)
GDPR places an obligation of lawfulness, fairness and transparency on all legal persons in the management of your personal data (articles 5[1a], 6, and 13-15). This includes the OMC and the parking enforcement company. Under the terms of GDPR, these parties would be deemed “data controllers” and have specific obligations toward you and your visitors (article 4[7]).
You indicate that the smartphone app does not comply with either Apple or Google Pay’s privacy requirements, and that the app has not been updated in over three years. This is evidence that the app’s security is poor and would place your personal data at risk.
Under GDPR you have the right to have your data processed and managed in a secure manner (article 32). By forcing you and your visitors to use an insecure app, the OMC and the parking enforcement company, as data controllers, are committing a breach of GDPR.
This consent is not informed because you are not told before you hand over your data, what the parking enforcement company will do with your personal data
By virtue of GDPR, you and your visitors also have a right to data protection “by design and default”. This means that your OMC and its parking enforcement company are required to implement appropriate technical and organisational measures to ensure data protection principles are integrated into the processing activities. Again, the fact that neither Apple nor Google Pay will accept this app on to their platforms is evidence of poor design of the app.
You have a right to have your data processed in a transparent manner. As the application developer does not have any accessible privacy policy, you have no way of knowing what the application developer is going to do with your data. This is not transparent.
Your consent to the use of personal data must be valid and informed (article 7[1]). Car park users and their visitors must use the smartphone application and provide valid consent. Since the app lacks an opt-out feature, users are compelled to surrender their GDPR rights to park their cars, constituting a clear breach of GDPR due to the absence of valid consent.
You also state that the parking enforcement company’s website details that the company can use the information gathered for marketing purposes and that it will share your information with third parties.
[ Can I claim my management service charge as an expense against my rental income? ]
This consent is not informed because you are not told before you hand over your data, what the parking enforcement company will do with your personal data, who your personal data will be shared with, or for what purposes the data will be shared.
In summary, there is no lawful basis for forcing a non-GDPR-compliant smartphone app on to residents’ phones.
You say that you have raised your concerns with the property agent and you have been ignored. I would recommend that you now write to the property agent/parking enforcement company by registered post: (1) outlining your concerns regarding the GDPR compliance of the smartphone app; and (2) requesting that you be afforded an alternative means of obtaining your permits, failing which you will have no option but to exercise your rights under the GDPR before the Data Protection Commission. This letter should be copied to the OMC at its registered address.
You could also raise your concerns with the board of directors of the OMC in the usual manner at the next agm.
Sean Foley is a solicitor with P O’Connor & Son solicitors in Co Mayo
Do you have a query? Email propertyquestions@irishtimes.com
This column is a readers’ service. The content of the Property Clinic is provided for general information only. It is not intended as advice on which readers should rely. Professional or specialist advice should be obtained before persons take or refrain from any action on the basis of the content. The Irish Times and it contributors will not be liable for any loss or damage arising from reliance on any content
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/6BDEAESQEJH4BHNFRSVZH3W4TM.png)