No-one wants their rental property to be trashed by a party animal, complaints from disgruntled neighbours or – even worse – the police. But when does due diligence become something more sinister?
Have you ever looked at social media for an insight into a potential tenant’s lifestyle? Sneaked a look at Facebook for photo- graphic evidence of late nights and rowdy behaviour? Checked Twitter for offensive comments or extreme views?
No doubt you wouldn’t be the only one, but now the Information Commissioner’s Office has warned that what you consider a normal part of the screening process could be breaking the law.
The news comes after the ICO warned companies ‘excessive monitoring’ of job applicants and employees on Facebook and Twitter could fall foul of privacy rules that limit how companies may process personal information.
The Article 29 working party of European data watchdogs said that “employers should not assume that merely because an individual’s social media profile is publicly available they are then allowed to process the data”.
And the ICO says the same applies to landlords. Processing includes collecting data, using it or storing it.
According to the recruitment website CareerBuilder, 70 per cent of employers use social media to check candidates. More than half have decided not to hire candidates based on their online profiles.
Although the RLA does not hold data for the number of landlords who check out tenants on social media, anecdotally it seems it is standard practice for some.
One landlord said: “I always check prospective tenants out on Facebook – I wouldn’t feel like I was doing all I could to protect myself and my property otherwise. I have even asked them questions about things that they have posted on social media.
“To my mind if they have posted information or photographs in the public domain then there is no reason that I shouldn’t look at them.”
The authorities, however, do not agree. Landlords must not assume that because a prospective tenant’s social media profile is publicly available that they are allowed to use the data.
Steve Doohan, of the ICO said that although the Article 29 guidance was written with employer and employees in mind, the office would give similar advice to landlords.
He said: “The key point is that personal data can’t be processed for any reason, just because it has been put on social media.
“For example, an individual may have put details on social media with the intention of sharing it with friends and family.
“This wouldn’t mean that they have a reasonable expectation that their post will be used by a prospective landlord to
make an assessment of whether to rent a property to them.”
Is it ever justified to check someone’s social media? Under the Data Protection Act, any processing – such as using data to decide whether a prospective tenant is suitable or storing someone’s personal information – must first of all be considered ‘fair and lawful’.
It can, for example, be that the person processing the data (in this case the landlord) has a ‘legitimate interest’ in doing so and that processing is necessary and relevant to whether the proposed tenant will pay the rent, look after the property, and comply with the tenancy terms.
However, this would have to be balanced against the rights of the individual.
A landlord could try to argue they have a ‘legitimate interest’ in ensuring they let homes to people of good character.
At the very least it is vital a landlord must make it clear to prospective tenants when they advertise a property to let and if they have a website to tell prospective tenants this may happen.
A landlord who fails to do this will not have any chance of being able to justify looking at an applicant’s social media.
The fundamental problem for landlords in this situation is that when processing and assessing data for their business they must act fairly and in a proportionate way. They must minimise the use of data.
Assessing prospective tenants can be achieved by other means such as references, credit checks etc, so trawling through someone’s social media history may well not be ‘necessary’ or ‘fair’.
Rather, it could be seen as disproportionate and therefore a breach of data protection laws.
For more information about your obligations visit rla.org.uk/rpi-data-legislation
NEW DATA PROTECTION RULES
The General Data Protection Regulation (GDPR) will strengthen data protection laws when it is introduced in May next year. Issues affecting landlords and tenants include:
- Much more detailed requirements around the form of consents and how they areobtained, where they are needed in order to legally process data.
- A requirement for more detailed privacy notices to be issued out, e.g. notification totenants about what data can be used for and to whom it can be passed.
- A need for more detailed record keeping including details of how consents are obtained.
- Stricter penalties for non-compliance.
- The scrapping of the need to register with/notify the ICO that you are processing data.
- Wider controls for data subjects (tenants) over the data which is held, including the rightto withdraw consent.
- A requirement to report serious data breaches to the ICOs office.