Evolving privacy laws present challenges for smart buildings | Massachusetts Lawyers Weekly
Smart buildings offer individuals, businesses and even cities better and more efficient ambient experiences. However, the connected technologies that make buildings “smart” tend to require processing massive amounts of data inputs, often including personal information.
The collection and use of personal information requires consideration of the data privacy and security risks to individuals, as well as the possible associated legal and compliance obligations of developers, managers and operators of smart buildings.
Smart technologies enable interoperability across networked devices to produce a desired or defined output. For smart buildings, these outputs span a broad range of capabilities, such as automatically adjusting the temperature of a room based on the number of occupants detected, or even designating individual work spaces based on daily calendars or ambient conditions. Generation of an output requires an input, and in the case of smart buildings the inputs tend to be data collected from sensors placed in and around the buildings, as well as from connected systems and devices.
Inputs that include data collected from or about individuals inherently implicate data privacy considerations. In recent years there has been a global privacy law push that has seen the enactment of comprehensive data privacy laws, such as the General Data Protection Regulation in the European Union, and the California Consumer Privacy Act domestically.
Historically in the U.S., privacy law is treated as a form of property right — i.e., a right to exclude, with privacy rights extending from the Fourth Amendment right against unreasonable searches and seizure where persons have a reasonable expectation of privacy. Accordingly, individual privacy rights typically do not exist where individuals do not have a reasonable expectation of privacy, such as in public spaces where individuals cannot exclude others — e.g., a commercial space.