Smart buildings in the light of COVID-19 pandemic

Slovenia

A smart building is not just a set of walls, but a dynamic organism that uses interconnected technology to share information about the building among different systems with the purpose of enhancing its efficiency and providing a better user experience for its occupants. Smart building goes beyond smart building management systems and smart home systems. Equipped with sensors connected to devices, these buildings can provide detailed information about consumption levels in real time, make automated decisions to optimize operations, and provide valuable information to each individual so that they can make better decisions to further improve the efficiency of the building, which may lead to lower energy consumption, optimal use of space, and lower environmental impact. 

Taking up of smart-building development is encouraged by the regulation on tackling climate change and this trend can be expected to intensify in the future, especially in the light of the European Green Deal. Moreover, new and additional boosts to smart building development can be anticipated in response to the challenges some asset classes face in having to adopt to COVID-19. The reason: smart-building technology can contribute to controlling and limiting the spread of infectious diseases. 

Real estate companies are feeling the impact of the global spread of the coronavirus SARS-CoV-2 in various ways, largely dependent on region and asset class. Real estate executives’ prevailing global concern at the moment is, however, how to preserve value and liquidity by retaining tenants and other occupants and ensuring their and their visitor’s safety, on the one hand, and minimizing the increased costs associated with cleaning measures, on the other hand. 

Some companies, especially those from the healthcare, leisure, retail, and aviation sectors, are already using certain types of smart building technology to help them identify COVID-19 infections and reduce their spread. For example, many airports, large malls and hospitals across the globe have installed infrared cameras to measure the body temperature, and some hospitals are using water sensors to track whether the employees and patients are washing their hands for long enough.

The COVID-19 pandemic has also increased the need for better air quality and more effective ventilation in buildings to minimize viruses’ survival rate. In the post-lockdown period, people will be more reluctant to touch light switches, elevator buttons, and thermostats, which will likely increase the number of buildings being upgraded with touchless technology such as hands-free doors, voice-activated elevators, and phone-controlled door locks.

Smart buildings can offer solutions to several challenges posed by the COVID-19 pandemic and investments in smart-building technologies are expected to rise significantly in the near future to help people better prepare for any future outbreaks. 

Should every hotel & leisure facility become a smart building?

The use of smart technology in the hotel and leisure sector is already familiar as it leads to a better guest experience and lowers operational costs. For example, lightning can be installed in a way to automatically adjusts the power to suit the light level in the room. Some hotel service providers today also offer the option to put rooms in a particularly sustainable mode, saving electricity and water, by simply pushing a button. 

Further, smart in-room technology can make the stay in a hotel more personalised and convenient. For instance, some hotels make it possible for guests to stream their Netflix through the television in their room. Many hotels also offer an app for hotel services with features such as direct reservations, express check-in and check-out, mobile spa and restaurant bookings, mobile room service and direct guest messaging.

Considering the new hygiene expectations and regulations for the tourism industry in the post COVID-19 period, hotel smart technologies will become even more important. With digital and contactless services becoming the norm, many hotels are already working on the (additional) digitalization of core operational processes such as online check-in and check-out, online bill payment and mobile-phone room keys. It is a safe bet that travellers’ changed expectations and habits will influence this trend into the future.

Should every hospital become a smart hospital?

The answer is straightforwardly affirmative if smart building technologies are guided by the philosophy of offering patient-centric care and comfort as well as adhering to operations of the highest quality. In comparison with the traditional hospitals, smart hospitals can also lower their operating costs and enhance workflow efficiency. Smart hospitals make smarter decisions about their energy use without compromising on patient comfort. With smart sensors, for instance, hospitals can decide on energy consumption depending on the critical room occupancy data. 

Due to the COVID-19 pandemic, hospitals’ priorities have become to lower infection risks, enhance security, improve air quality, optimize the workflow, and eliminate supply bottleneck situations. A smart hospital can tackle all these challenges demonstrably better than a traditional hospital.

However, like all advances and improvements, smart buildings have their downsides, which are and will continue to be a challenge for all stakeholders, including owners, asset managers, occupants, and legislators. In order to improve the general wellbeing and safety of their occupants, smart buildings must collect vast amounts of information on their occupants’ behaviour, which includes personal data. Managing personal data protection is thus one of the most important issues that smart building owners and operators need to address.

Can smart buildings and personal data protection go hand in hand?

Smart buildings do not only collect data on energy, humidity, heating, and water consumption, but can also gather data on their tenants and other occupants. The amount of data collected by smart buildings worldwide is increasing annually. Some statistics show that while in 2015, 7.8 zettabytes of data was collected globally [1], in 2020, smart buildings collected – through a range of sensors and smart and connected devices – more than 37 zettabytes of data globally.  Such data can enable the building owner to predict occupants’ behaviour. These predictions can lead to improved service levels, reduction of maintenance costs and can even help to fight infections such as COVID-19. However, collecting occupants’ data can also violate rules on the protection of personal data and breach privacy.

For this reason, smart technology solutions based on occupant monitoring such as desk monitoring sensors will, due to legal restrictions, be hard to implement in practice. At the beginning of the year, for example, Barclays bank introduced a computer monitoring system that tracked the time employees spent at their desks and sent warnings to those spending too long on breaks, but was soon forced to stop using it due to privacy and data protection concerns [2]

In line with the EU General Data Protection Regulation (GDPR) [3],  processing of personal data requires a proper legal basis, which must comply with the criteria of “meaningful consent”. Therefore, it is important that affected individuals are informed about data processing, especially about the purpose of the collection and how the collected data is used. Due to often unforeseeable multiple uses of data, it is often difficult to be completely transparent in privacy notices and statements. For this reason, building owners and tenants must consistently evaluate their compliance with GDPR as new types of use emerge.

Further, personal data can only be processed for specified and legitimate purposes. If the lessor or the building owner is using personal data to predict occupants’ behaviour or to make decisions about maintenance or how to use a smart building, this may, according to the GDPR, constitute profiling or automated decision-making.

The GDPR provides for stricter requirements to be complied with in case of profiling or automated decision-making. Data subjects must not only be properly informed but also have the right not to be subject to a decision based solely on automated processing if such a decision significantly affects them. Let us also not forget about the “right to be forgotten” and the right of a data subject to access and withdraw their personal data from registration.

To ease privacy and data protection concerns, smart building technology should be already built with privacy by design in mind to ensure its compliance with GDPR and national data protection legislation. 

One of the ways to mitigate the likelihood of GDPR violations is to minimize the amount of personal data collected. The larger the volume of data collected, the harder it is to ensure that it is processed in a compliant way and the greater the risks related to keeping the data secure. But is not that contrary to the idea of a smart building? For this reason, an interesting future question is how much collected data is enough?

What about cybersecurity risks?

When dealing with the concept of a smart building, we immediately think about its positive aspects, but often forget about the associated cybersecurity risks. As (smart) buildings are becoming more complex, with an ever-growing number of interconnected devices and cloud services, there is also a higher risk of cyber-attacks. Such attacks can have severe consequences: successful intrusions can prevent smart buildings from operating and can cause significant damage resulting in long periods of operational downtime, data loss, and financial damages and can even pose a threat to public safety. Therefore, a strong cybersecurity system should be an important part of any smart building and it should be incorporated in the initial building plans. In addition, it is important that building owners regularly update the software for all smart aspects of the building, including antivirus and firewall protection. Furthermore, employee or visitor access to smart building features should be authenticated, authorised, and monitored through a central system. 

However, considering the rate in which cyber-attacks are changing and growing, it is impossible to completely prevent a smart building from cyber-attacks that might result in a security breach. In the event of a cyber-attack on a smart building, the resulting data breach would be felt most directly by tenants or occupants, but building owners would be most likely be liable for compensation for any operational disruption, losses of profit or damage to brand reputations suffered by the companies located in their (smart) buildings. So far, cyber insurance has proved the best way to protect companies and mitigate the potential damages from cyber-attacks. For example, after a cyber-attack on the Marriott hotel group exposed the data of over 500 million customers, cyber insurance covered most of the costs associated with the breach [4].  

With smart buildings evolving and their number growing in the coming years, a clear system of liability for cybersecurity risks should be established. In this way, building owners, system developers, tenants and other occupants could be forewarned about their (eventual) liability for a data-breach caused by a cyber-attack, grounds for exemption from liability, and any limitation on or division of liability. This warning would also encourage them to place greater emphasis on addressing the security risks of modern technologies in smart buildings. 

Who pays for smart technology?

One of the most important questions related to the development of smart buildings is the allocation of costs for upgrading the building with smart technology. Should the costs be covered by the building owner or by the individual tenants and/or occupants who are willing to purchase and use such technology? Even if investment costs into smart technology are initially covered by the building owners, they will most probably pass them on the tenants and/or occupants by increasing the rent, which tenants and occupants may find unacceptable. Seeing that the use of smart technology can lead to lower energy consumption and lower utilities costs and can even help prevent the spread of infectious diseases such as COVID-19, we believe it would be desirable for national decision-makers and the European Union to support smart building implementation with a specific financial initiative support scheme. 

The legal aspects and questions presented above are only some of the issues arising in connection with smart buildings. Considering that the use and the importance of smart technology in the real estate sector are expected to grow, especially in the light of the COVID-19 pandemic, the regulatory environment will slowly have to adapt to the new trend.

______________________

[1] https://www.statista.com/statistics/631151/worldwide-data-collected-by-smart-buildings/, accessed on 29 October 2020.
[2] ‘Barclays scraps 'Big Brother' staff tracking system’, BBC News, 20 February 2020, accessed on 27 October 2020.
[3] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), OJ L 119, p. 1- 88.
[4] J. Frulinger, ‘Marriott data breach FAQ: How did it happen and what was the impact?’, CSO (2020) accessed on 27 October 2020.