Why is data protection important in buildings?

When using digital applications in the building and neighborhood sectors, various data sources related to indoor climate, energy consumption, or even basic building information often allow conclusions to be drawn about the behavior of individuals or groups of people. If this data relates to an identified or identifiable person, national or European data protection laws apply, along with the full range of legal obligations for the data controller. 

The aim of data protection law is to protect individuals from risks caused by data processing and thereby grant them the fundamental right to decide on the extent and management of these risks. 

What does this mean for the use of digital technologies in the building and neighborhood sectors?

For those legally responsible for data processing, even the question of whether data processing falls under the scope of data protection law can become a challenge. The central European regulation - the General Data Protection Regulation (GDPR) - is linked to the very vague concept of personal data. The scope was deliberately defined broadly by the legislator and is interpreted widely by the courts to ensure the most comprehensive protection of individuals against the risks of various data processing activities. 

This is because even seemingly purely technical data such as machine data, geodata, or building data can provide insights into individuals' behavior when linked with other datasets. 

The following privacy overview explains, with various examples, how data protection risks can arise from processing building-related data and when the scope of the GDPR is triggered. It also illustrates how these risks can be controlled through the implementation of technical and organizational protective measures..