In recent years, there’s been a revolution in attitudes towards the privacy of personal data.  As consumers we have become aware of how much data is created about us by organisations we encounter. After years of concern, legislation like GDPR and ‘Right to Erasure’ has shifted power back to individuals and away from corporates looking to exploit data for commercial gain. 

As yet we haven’t had the same debate about the data generated by various organisations about our homes.  For most of us a home is not just the most expensive asset we will ever own, but its also deeply personal and private place that we would normally guard carefully. 

However the property data industry has begun to display the same disregard for homeowner rights as they did for personal rights before GDPR.  It is increasingly common for data created about our homes by professionals in the property industry to be kept for their own use or sold on to data brokers for commercialisation. Which raises the question of whether we need an approach like GDPR to protect data privacy around our homes.

The problem is that the problem arrives as the result of separate, seemingly innocuous initiatives.  Like boiling a frog we haven’t spotted the problem as it has been heating up around us.   

For instance, the RLBA has long lobbied for estate agents and portals to remove records of homes that have recently sold from their websites.  Internal photos and layouts should not remain in the public gaze once a property has sold. However, the intellectual property rights for images and floorplans remains with the estate agent who commissioned them.  So a homeowner has no equivalent to the personal ‘right of erasure’ for photos or plans of the interior of their home however detailed.

It has also become standard practice for the mortgage industry to allow the detailed contents of the valuation surveys it commissions on our homes to be sold to data brokers. The surveying company retains the IP for  the survey and the brokers aggregate the data and sell it on to portals and other proptech companies.  The mortgage industry began selling surveys without any public discussion about the rights to the content they contain.  No homeowner is given the option to keep the contents private, or to assume ownership of the data.  There are no opt-outs from commercialisation. None of this mattered in a world of paper, or even PDFs when all data was hard to find, hard to share and often out of date.  But with machine readable, shareable data, a new world of commercial exploitation has opened up without any debate about the ethics or the rights of homeowners to prevent sale of information on their home. 

The EPC Register was made ‘public’ when it was established, to enable simple access to a home’s rating, to support the needs of the conveyancing community.  Initially the information was public but had to be paid for.  Without much discussion, this access was extended to include the detailed data about our home used to calculate an EPC rating. This includes details on heating systems, window quality, types of lighting, energy use and more.  So rather than just a simple data point - your EPC rating - being made public, we have ended up with the details of a reasonably intimate survey of your home and its energy performance being shared whether you, as the homeowner, like it or not. According to DLUHC's licensing information, the domestic EPC data is re-usable under the Open Government Licence (See Owen Boswarva’s very good blog on this here).   It has also never been explained why the status of your windows or your light fittings should be made public and it’s not possible to order an EPC and request the data isn’t published and sold.  A reasonably competent sales person will know far more about your home than you do when they cold call to sell you new windows or a solar panel.

Like boiling a frog, this process is slowly being extended to other data without recourse to the rights of homeowners.  Smart meter data is the next data asset being considered for public access.  The companies, trade bodies and academics that make up the ‘Retrofit community’ are pressing for as much of the smart meter data as possible to be put into the public realm, using a ‘public good’ argument.  The only discussion is about granularity - how much half-hourly detail can be put into the public sphere without revealing homeowner behaviour or habits (eg ‘they only shower on Wednesdays’). Smart meter data is covered by the ‘Smart Meter Data Access and Privacy Framework’ (the DAPF) which does actually define smart meter data as ‘personal data’. 

The DAPF currently allows suppliers to access half-hourly consumption data only with the consent of the customer (i.e. the customer must “opt-in”) but there appears to be zero consumer awareness of this. Energy suppliers can access daily or less granular data without customer consent, but they must give a clear opportunity to opt-out from that access. It is unclear how a homeowner would know about this or what constitutes a ‘clear opportunity’ to opt-out.  Finally, suppliers can access monthly or less granular consumption data without customer consent, and without offering an opt-out, if the consumption data is required for billing, fulfilling a statutory requirement or fulfilling a (so far undefined) licence obligation.  The Information Commissioners Office have already raised concerns about these processes in a response to an OFGEM consultation (see their submission here) stating their concerns that the vague approach will result in suppliers having full access to half-hourly consumption data without customers’ consent, or potentially in conflict with a direct refusal to give consent.

Once again this raises a question of the rights of a property owner to control the data created about our homes. Smart meters are just the beginning.  Our homes are also interconnected with a wide variety of public and private systems, which all generate data and for which data privacy rules have not been established.  As we add more intelligent systems to our homes, particularly those that are connected to wider networks (eg CCTV, solar panels, utilities) we need to establish the ownership of the data that these systems create.  The boiled frog theory would suggest that we will just roll over and allow external organisations to capture and exploit it unless there is a regulatory framework put in place to manage ownership and control.

Part of the challenge is that this is not a new problem.  We started boiling this frog a long time ago.  Local Authorities have long published full details and drawings of Planning Permissions and Building Control decisions on the open web. This includes publishing the full case file and detailed drawings for every decision. This barely mattered when files were buried in council filing cabinets. But with open web systems the details of your home is open to any predatory person whether stalker, burglar or data salesperson. This data is also now being extracted from council systems by data companies and sold on the open market.

Most homeowners are horrified when shown how much data the organisations in the buying & selling ecosystem have on their home.  They would be equally horrified to know how it is traded on the open market.  The RLBA believes that we need to move to a presumption that property data belongs to the property and is only shared with homeowner permission.

Not only do we NOT have this presumption at the moment, but often the homeowner doesn’t even have rights of access to any data held by publicly funded bodies on their home.  For instance, Land Registry charges a homeowner to access the information they hold about their own home. While Trustmark, who hold certification and Retrofit data on a million homes don’t have any mechanism to share the certification and installation data they hold with homeowners.

We have to remember that homes are not normal assets.  Their configuration and use is deeply personal and private and the property data industry needs to respect that. 

The GDPR has a chapter on the rights of data subjects (individuals) which includes the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated processing. But these cover  data that can be clearly defined as ‘personal’. While some data about our home has been classified as ‘personal’ most hasn’t and there is no clear precedents for homeowners exerting their rights. 



The RLBA believes that many of these rights need to be extended to our properties. The starting assumption for any data set should be that it is a digital asset related to our home and is the property of the homeowner.  The homeowner should be in control of the data created ‘by, for or about’ their home and they should have control of when and who it is shared with.  This is particularly true if data creates value - if data has value then it is value that belongs to the homeowner.

The county is about to embark on the biggest national programme for house renovation ever attempted as we attempt to Retrofit 25M homes for new NetZero standards.  We will not get the public to join us in this endeavour if they sense that any information created by surveys, EPC assessments and Retrofit plans will immediately be sold to the highest bidder.  The RLBA believes that we need a new approach to data privacy in the property industry.