Is it possible for a property representative of an owners’ management company (OMC) to coerce residents into using an application for parking purposes? To provide some context, our home acquirement contract provides us with two permits per house, one for our own parking space and one for our visitors. Owner-occupiers like us rely on signs and directives posted around the property to navigate such matters.
These signs mention that any additional visitors’ vehicle details must be relayed via text message. However, the parking enforcement authority is planning to shut down this messaging service, intending to make all residents use a mobile app instead. I am confronted with two problems regarding this. Firstly, the signs around the property allow a vehicle to use the parking thrice within a week, but a recent email notification says that it’s now limited to twice a week; no consultation or discussion with the residents took place before this change. I can vouch for this as I have been present at every annual general meeting for the past ten or more years.
Moreover, the signs do not mention anything about needing a mobile app, only the text message option. I am wary of downloading apps on my phone, especially when this particular parking app doesn’t even adhere to the privacy standards of Apple or Google Play as it hasn’t been updated for over 3 years. Therefore, neither store can provide any information regarding the data collection of this app. Even the parking enforcement’s privacy policy link is a dud, leading to a 404 error.
Upon visiting the company’s site and checking their privacy policy myself, it is clear that they misuse information by using it for marketing and sharing it with third parties. No option to opt out exists, and by downloading the app, one is deemed to have accepted these conditions, without which parking becomes an impossibility.
As we await permit renewals, we have been directed to fill a web form, but this is not possible without consenting to use the app, which, I doubt, complies with General Data Protection Regulation. Unlike when parking on council managed spaces where I have the option of cash payments, I’m being forced to use an app as the only alternative for parking.
Despite my numerous attempts to voice these concerns to the agency, my pleas have fallen on deaf ears. Therefore, I wonder, does forcing the residents to use a non-GDPR compliant app hold any legal grounds?
If you don’t have all the necessary details and relevant paperwork, it’s challenging to give a comprehensive response. It appears that you are residing in what seems to be a multiple-unit property, and as such, you would probably be a member of the Owner’s Management Company (OMC) which adheres to a regulatory leasing agreement, namely the OMC constitution and has different lawful responsibilities. The OMC has chosen a property agent, a decision I would anticipate to have been made in an annual general meeting, and the details of which ought to be shared with all the members of the OMC for perusal.
You mention a property agent and a parking enforcement company, but it’s uncertain if these two entities are the same. For the sake of your question, I will consider that they are the same. The parking enforcement company is now planning to halt the SMS service that was previously in operation and require residents to use a smartphone application. This application will use details like your car’s registration number, your name, and your address, which, under the terms of GDPR, is considered as “personal data” (Article 4[1]).
As per the GDPR, all legal entities are legally required to manage your personal data with transparency and fairness (Articles 5[1a], 6, and 13-15). This condition applies to both the OMC and the parking enforcement company. Under GDPR, they are regarded as “data controllers” and have certain duties towards you and your visitors (article 4[7]).
You’ve mentioned that neither Apple nor Google Pay’s privacy guidelines are adhered to by the smartphone app, and that it hasn’t been updated for over three years. This suggests that the application’s security may be questionable, posing a risk to the protection of your personal data.
GDPR entitles you to have your data managed and dealt with in a secure manner (Article 32). By forcing you and your visitors to use an unsecured app, both the OMC and parking enforcement company are violating GDPR as data controllers.
This uninformed consent occurs when you are not briefed about what the parking enforcement company plans to do with your personal data before you provide it to them.
Under the parameters of the GDPR, both you and your visitors are entitled to data protection “by design and default”. This stipulates that your OMC and its parking enforcement company must apply suitable technical and organisational methods to incorporate data protection principles into their processing endeavours. The refusal of both Apple and Google Pay to support this app on their platforms further indicates the app’s suboptimal design.
You are entitled to a transparent processing of your data. However, the absence of a visible privacy policy by the developer means you have no certainty of their intentions for your data – a clear lack of transparency.
Permission to use personal data must be fully informed and valid as per article 7(1) of the GDPR. For car park users and their visitors, it necessitates using the smartphone app and providing valid consent. While the app doesn’t offer an opt-out feature, users have no choice but to sacrifice their GDPR rights to park their vehicles. This is an obvious infringement of the GDPR as it lacks valid consent.
As per your report, the parking enforcement company’s website states they can use collected information for marketing and share your details with third parties. However, this consent is not adequately informed as you are not notified beforehand of what the company intends to do with your data, who it will be shared with, or the purposes of this sharing.
To conclude, there is no legal justification for imposing a non-compliant GDPR app on residents.
In light of your concerns being dismissed by the property agent, I propose that you put your concerns in writing to the property agent or the parking enforcement company by registered post. This letter should include your issues with the app’s GDPR compliance and a request for an alternative way to obtain your permits. If these terms are not met, you may need to assert your GDPR rights before the Data Protection Commission. Be sure to send a copy of this letter to the OMC at their registered address.
Alternatively, present your issues before the OMC board of directors at the following AGM.
The advice was provided by Sean Foley, a solicitor with P O’Connor & Son solicitors in Co Mayo.
This section serves as an informative resource for our readership about property-related matters. Please understand that the information offered in the Property Clinic is purely generic and is not structured as specific advice for our readership. In view of this, we suggest seeking professional or bespoke advice before deciding to act or not, based on our content.