Can a landlord share personal information.

Avatar MIA · 30-09-2018 6:25pm

I

Sleeper12 wrote: »

Yes & no

When you get a new tenant your new tenant should have agreed to your GDPR arrangements & both of you signed it. This should outline giving contact details to tradesmen. As of May 25th you should have this arrangement in place with existing tenants. I know some estate Agents get tenants to sign said agreement. This just to cover yourself

From what I understand, consent is not required if personal information will be processed under ‘legal requirement’, ‘contract’, ‘vital interest’ or ‘legitimate interests’, which pretty much covers the reasons for why landlords would process information while managing a tenancy, so we should be just fine without consent as long as we do our job as we’re supposed to.

So, that's a yes on consent being required.

It's not that straight forward, for the landlord to pass on details they need to be satisfied that the plumber is compliant with GDPR protocols on data storage.

By signing a n agreement the tenant cannot assign away their rights.

Sleeper12 · 30-09-2018 6:57pm

Avatar MIA wrote: »

I

So, that's a yes on consent being required.

It's not that straight forward, for the landlord to pass on details they need to be satisfied that the plumber is compliant with GDPR protocols on data storage.

By signing a n agreement the tenant cannot assign away their rights.

No consent is required

Consent is rarely required in business between supplier & consumer. You order goods from Amazon. They don't require your consent to give your personal date to the delivery company.

The landlord supplies the rental unit. Tenant is the consumer. No consent is required to share tenants data in the running of the business. (b) To fulfill contractual obligations with a data subject

landlord is required by law to repair things in a speedy manor. Landlord does not require consent.

Many landlords & estate agents have contracts where tenant gives consent. This is just to cover themselves because people have been running scared by GDPR. No one will be truly comfortably till a few test cases have been run

Lawful basis for processing

Unless a data subject has provided informed consent to data processing for one or more purposes, personal data may not be processed unless there is at least one legal basis to do so. According to Article 6, the lawful puposes are:[10]

(a) If the data subject has given consent to the processing of his or her personal data;
(b) To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract;
(c) To comply with a data controller's legal obligations;
(d) To protect the vital interests of a data subject or another individual;
(e) To perform a task in the public interest or in official authority;
(f) For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children).

If informed consent is used as the lawful basis for processing, consent must have been explicit for data collected and each purpose data is used for (Article 7; defined in Article 4). Consent must be a specific, freely-given, plainly-worded, and unambiguous affirmation given by the data subject; an online form which has consent options structured as an opt-out selected by default is a violation of the GDPR, as the consent is not unambiguously affirmed by the user. In addition, multiple types of processing may not be "bundled" together into a single affirmation prompt, as this is not specific to each use of data, and the individual permissions are not freely-given. (Recital 32)
Data subjects must be allowed to withdraw this consent at any time, and this process must be as easy as it was to originally opt in. (Article 7(3)) A data controller may not refuse service to users who decline consent to processing that is not strictly necessary in order to use the service. (Article 7(4)) Consent for children, defined in the regulation as being less than 16 years old (although with the option for member states to individually make it as low as 13 years old (Article 8(1)),[11] must be given by the child's parent or custodian, and verifiable (Article 8).[12]
If consent to processing was already provided under the Data Protection Directive, a data controller does not have to re-obtain consent if the processing is documented and obtained in compliance with the GDPR's requirements (Recital 171).[13]

Avatar MIA · 30-09-2018 7:03pm

Sleeper12 wrote: »

No consent is required

Consent is rarely required in business between supplier & consumer. You order goods from Amazon. They don't require your consent to give your personal date to the delivery company.

The landlord supplies the rental unit. Tenant is the consumer. No consent is required to share tenants data in the running of the business. (b) To fulfill contractual obligations with a data subject

landlord is required by law to repair things in a speedy manor. Landlord does not require consent.

Many landlords & estate agents have contracts where tenant gives consent. This is just to cover themselves because people have been running scared by GDPR. No one will be truly comfortably till a few test cases have been run

Lawful basis for processing

Unless a data subject has provided informed consent to data processing for one or more purposes, personal data may not be processed unless there is at least one legal basis to do so. According to Article 6, the lawful puposes are:[10]
(a) If the data subject has given consent to the processing of his or her personal data;

(b) To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract;

(c) To comply with a data controller's legal obligations;

(d) To protect the vital interests of a data subject or another individual;

(e) To perform a task in the public interest or in official authority;

(f) For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children).

If informed consent is used as the lawful basis for processing, consent must have been explicit for data collected and each purpose data is used for (Article 7; defined in Article 4). Consent must be a specific, freely-given, plainly-worded, and unambiguous affirmation given by the data subject; an online form which has consent options structured as an opt-out selected by default is a violation of the GDPR, as the consent is not unambiguously affirmed by the user. In addition, multiple types of processing may not be "bundled" together into a single affirmation prompt, as this is not specific to each use of data, and the individual permissions are not freely-given. (Recital 32)
Data subjects must be allowed to withdraw this consent at any time, and this process must be as easy as it was to originally opt in. (Article 7(3)) A data controller may not refuse service to users who decline consent to processing that is not strictly necessary in order to use the service. (Article 7(4)) Consent for children, defined in the regulation as being less than 16 years old (although with the option for member states to individually make it as low as 13 years old (Article 8(1)),[11] must be given by the child's parent or custodian, and verifiable (Article 8).[12]
If consent to processing was already provided under the Data Protection Directive, a data controller does not have to re-obtain consent if the processing is documented and obtained in compliance with the GDPR's requirements (Recital 171).[13]

If the information is required to conduct the business then yes. But, if the landlord is managing the process he can meet the trader or he can contact the tenant to contact the plumber and make arrangements. Passing on the tenants details without their consent is an extra step.

Sleeper12 · 30-09-2018 7:12pm

Avatar MIA wrote:

If the information is required to conduct the business then yes. But, if the landlord is managing the process he can meet the trader or he can contact the tenant to contact the plumber and make arrangements. Passing on the tenants details without their consent is an extra step.

You are making this up now.

It is not the landlords job to meet with tradesmen while tenants live in the property. It's the responsibility of the tenant to meet the tradesman. Landlord does not even have to live in the country. I personally have dealt with Irish landlords living in Australia, Canada, USA, UK, Austria to name just a few countries. I get emailed or texted Tennant contact details. I contact Tennant and tell them when they need to be there to let me in. I do my job email landlord invoice and they transfer the money to my account.

CeilingFly · 30-09-2018 7:38pm

Tiki90 wrote: »

I posted another thread giving more details. He shared my information with a subtenant.

He shared basic contact information with Your subtenant that was in HIS apartment without a subletting agreement.

And you think the landlord is the problem?

Find a mirror, look into it.

There's the problem.

angel eyes 2012 · 30-09-2018 8:02pm

Sleeper12 wrote: »

I don't suppose you'd like to wade in on the earlier debate about sharing public personal data from someone's Facebook page without consent?

It's all about context and having consideration for basic data protection principles at each juncture. For example, the Revenue Commissioners, An Garda Siochana and to a lesser extent insurance companies, can and do use personal data sourced from various social media platforms including facebook on a regular basis. They most probably have a legislative basis on which they can rely on in respect of the processing. Nonetheless, section 41 of the Data Protection Act 2018 provides for the processing of personal data by specific controllers for purposes other than purpose for which data collected. One of those purposes is fraud prevention.

In the context of general processing of personal data from facebook, the following information is taken from facebook's help page on privacy: "When you choose to share something with Public (ex: when you select Public from the audience selector), it’s considered public information. If you share something and you don’t see an audience selector or another privacy setting, that information is also public.

Stuff other people share: If other people share info about you, even if it’s something you shared with them but did not make public, they can choose to make it public". Even more reason to set your profile to private in my opinion.

Therefore, the use of personal information publicly available on facebook pertaining to the data subject featured on thread "Family of seven sleep in Garda station" is fair game in the context of discussions on a chat forum - once of course the discussions are legitimately within the forum's policies.

If however, for argument's sake, said data subject was to apply for an ordinary job in an organisation, the employer may only view her social media profile when the information found on her is “relevant to the performance of the job which is being applied for" and in this context consent of data subject and a contractual agreement would be prudent. An individual’s facebook profile that is used for private purposes is likely irrelevant to the job posting, but a professional or business-related profile like LinkedIn is likely a legitimate account most employer's will want to review when making hiring decisions.

Short answer, it's all about context!

Sleeper12 · 30-09-2018 8:05pm

angel eyes 2012 wrote:

Short answer, it's all about context!

Thanks for taking the time for the long & shot answer

Mrs OBumble · 30-09-2018 8:13pm

Avatar MIA wrote: »

if the landlord is managing the process he can meet the trader or he can contact the tenant to contact the plumber and make arrangements. Passing on the tenants details without their consent is an extra step.

Consent is typically gained when the tenant first contacts the LL for the repairs. At that point the LL doesnt know which plumber etc will take the job, so he says to the tenant "a plumber will contact you, ok?"

Adding more steps in just delays the repairs.

IHeartShoes · 30-09-2018 8:38pm

CeilingFly wrote: »

He shared basic contact information with Your subtenant that was in HIS apartment without a subletting agreement.

And you think the landlord is the problem?

Find a mirror, look into it.

There's the problem.

Seperate issues. The tenant can make a complaint to the DPC. The details about the tenantcy agreement are irrelevant, except to explain why the data had been collected and processed in the first place. The issue is sharing his personal data with a third party in the circumstances he described to us.

There’s a regularly quoted case relating to data protection. A burglar was identified as buglaring a house by means of CCTV footage belonging to a Neighbour who collected the image while monitoring his own home and the footpath etc in the environs. The burglar took a case and was successful. I cannot remember the exact decision. But the collecting or sharing of the burglars personal data (image) in this manner was unlawful. The fact that it was collected in the commission of a crime was not relevant.

goat2 · 30-09-2018 9:25pm

beauf wrote: »

I'm curious what the complaint is.

We are missing some part of this puzzle.

I think his complaint is,
The landlord found out that there was another person in the property instead of the person the landlord had an agreement to let his property, and the landlord wanted the property back.
And when the stranger that was on landlords property had a problem ,
The landlord told him that he should take that up with the OP as the landlord had no deal with the stranger on his property
The land lord gave the contact of the OP to the stranger on the property,

and the OP thinks that the land lord was wrong to do that

CeilingFly · 30-09-2018 10:19pm

The other question is why would the op sublet the apartment and not give contact details to the person he sublet it to?

Has / does he need to register the sub letting?

Is he charging more than he is being charged?

What has the op to hide?

beauf · 30-09-2018 11:00pm

wexie wrote: »

...This reads to me that the subtenant is complaining to the tenant rather than the tenant to the landlord. ...

Exactly.

I wonder did the op get a deposit from the sub tenant. So thought he had walked away from it all. Then the sub tenant located him (via the LL) so was made give back the sub tenant deposit. Which means the op is now out of pocket the original deposit. As the LL has retained it for breach of contract.

Perhaps that's all wrong. I'm baffled why the op sub let it at all. That bit makes no sense, unless it was just for vexation.

beauf · 30-09-2018 11:11pm

Avatar MIA wrote: »

.... for the landlord to pass on details they need to be satisfied that the plumber is compliant with GDPR protocols on data storage...

LLs need to do some GDPR courses and pay for someone to redraft their contracts for GDPR. I wonder where they will get the money for that...

Sleeper12 · 02-10-2018 8:58am

Avatar MIA wrote: »

I

It's not that straight forward, for the landlord to pass on details they need to be satisfied that the plumber is compliant with GDPR protocols on data storage.

In bold is true
However since GDPR came into effect in May I have not been asked once by landlord or estate agent for a GDPR statement showing I'm compliant. Never.

At the end af the day it's contact information about a tenant that most likely wont be there in 12 or 24 months time. Job done I never give them another thought nor have any interest in contacting them again.

beauf · 02-10-2018 9:32am

I think the GDPR angle while interesting isn't actually the core of the issue. Something else happened that kicked all that off.

Billgirlylegs · 02-10-2018 12:30pm

Dodgy "paperwork" from the start from the landlord.
Photocopies of lease agreements, and possibly (I am open to correction) not signed.
No evidence of registration with PTRB/Revenue or whoever ?
Therefore no evidence of contract?

On what basis is the landlord keeping the deposit?
Hard to believe that the landlord had the tenants details, and then the tenant withheld them from the sub let.
I think we got part of the tenant's version and none of either the sub let or the landlords version.

beauf · 02-10-2018 1:10pm

Tiki90 wrote: »

....He then said that If I leave before the lease is up. I won't get my deposit back.....

However, if you leave before the end of the agreed period, the landlord may keep your deposit, even if you have given notice. (You may also be liable for the amount of rent due until the end of the lease, depending on what is stated in the lease agreement.)

http://www.citizensinformation.ie/en/housing/renting_a_home/tenants_rights_and_obligations.html

If a tenant provides insufficient notice of their termination of the tenancy, or they terminate a fixed term tenancy before the end of the agreed term.

https://onestopshop.rtb.ie/beginning-a-tenancy/deposits/

Thats before you get into the issues of sub letting.

Sleeper12 · 02-10-2018 1:20pm

Billgirlylegs wrote: »

On what basis is the landlord keeping the deposit?
Hard to believe that the landlord had the tenants details, and then the tenant withheld them from the sub let.
I think we got part of the tenant's version and none of either the sub let or the landlords version.

Tenant left with two months left on lease and/or subletting without permission, I would think

runawaybishop · 02-10-2018 1:42pm

Graham wrote: »

Here's the opinion of the UK Information Commissioners Office:

More from the ICO

You don't become a data controller by merely reading Facebook.

Graham · 02-10-2018 1:53pm

runawaybishop wrote: »

You don't become a data controller by merely reading Facebook.

Agreed.

Can a landlord share personal information.

Comments