How Minut works with GDPR
When GDPR, or the General Data Protection Regulation, was first introduced in 2016, at Minut we welcomed it enthusiastically, as it constituted a breakthrough in protecting the right to privacy, a cause we’ve championed since the company’s conception. However, despite its widespread impact over the past four years, its actual meaning and implications are still notoriously difficult to understand. Since privacy is so important to everything we do at Minut, Marcus Ljungblad, Minut Co-founder and company expert on GDPR, clarifies some of the most pressing questions on the subject.
What is GDPR?
According to Information Commissioner’s Office, the GDPR "sets out the key principles, rights and obligations for most processing of personal data".
The key here is that the regulation focuses on personal data, which pertains to individuals and can be used to identify them. The most obvious examples include names, photos, email addresses and any sort of personal identifiers assigned to an individual.
The purpose of GDPR is to protect citizens’ rights to manage any personal information they share with companies. Practically, it applies to a range of everyday commercial activity, requiring active opt-ins for email marketing and an easy way to revoke any data permissions, amongst other provisions.
Why is GDPR important to Minut?
On a broad level, GDPR regulates the relationship between individuals and businesses, making sure that there’s mutual respect on both sides. As the ICO puts it, “data protection is about ensuring people can trust you to use their data fairly and responsibly.”
At Minut, we appreciate that so many homeowners trust us with their homes, but we also recognize that with trust comes great responsibility, and we go to great lengths to make sure we never betray it by fostering a culture of transparency and honesty. That of course includes the way we process our users' data.
What is Minut’s take on privacy?
As Minut’s origins lie in seeking an alternative to costly and invasive security systems, we’ve always made privacy a crucial consideration in the design process, and it’s also a large part of our company culture.
That’s why the Minut smart home sensor is camera-free, and it uses edge computing that allows for monitoring sound levels without the personal data ever leaving (or being stored on) the device. You can read more on this topic here.
Minut has been pushing the boundary on privacy in the smart home tech industry from day one, and our commitment in this area remains strong as the company grows. To make sure we keep up to date, we conduct regular security audits, and constantly keep an eye out for things we could be doing better.
What kind of data does Minut process?
Minut processes three classes of data: personal, sensor and other.
Personal data includes all data that can be used to identify an individual. At Minut, this pool includes users’ first and last names, email addresses, GPS coordinates of the properties where Minut sensors are installed and users’ photographs, if uploaded in the Minut Mobile App. We treat this data with great care, and limit employees’ access to the few who absolutely need it.
Sensor data encompasses all the readings from the Minut smart home sensor, including temperature, noise level, and device telemetry data, such as battery information. An important distinction here is that sensor data cannot be used to identify a specific individual. While sensor data can be tied to the owner of the device, if there are guests staying in the property, there is no way for Minut (or anyone else) to identify who those individuals are from the sensor data alone.
It’s crucial to note that, thanks to our advanced edge processing and machine learning technologies, Minut sensors process a lot of data, but the large majority of it is never stored nor leaves the device. We’ve also gone to great lengths to separate sensor data from personal data internally, so that when we work to improve our algorithms personal data is never involved.
Other data describes data collected elsewhere; an example might be the Google Analytics cookie embedded on the minut.com site.
Does Minut store all the data that it processes?
While Minut does store some of the data we handle, a lot of it is discarded once processed, especially when it comes to sensor data, which primarily includes motion events, noise levels, temperature, humidity, pressure, device orientation, ambient light and battery level.
In fact, we typically store only 1 sensor reading per minute per sensor. For instance, the noise level graph in our app has a maximum resolution of 1 measurement per minute in decibels. And some of the other information, such as the battery level, is only stored once per hour.
Regarding personal data, Minut always seeks permission from our customers to store their details in their user accounts, and we never ask for more information than what is necessary to provide our service. We only keep this data on file for as long as the individual is an active customer, and, in accordance with the GDPR, users can always ask to have their data corrected or deleted.
Is it really possible to monitor a rental property without compromising on guest privacy?
Since Minut is camera-free, and no audio recordings ever leave (or are stored) on the device, guests’ privacy is never compromised. While some sensor readings are transmitted to our app, they cannot on their own be used to identify individuals. In other words, you can see when guests come and go and when the noise level rises, but no-one, not even Minut, can ever hear (or record) conversations.
Do I need to inform guests that there’s a Minut smart home sensor installed in my rental property?
At Minut, we value transparency, so we always encourage hosts to inform the guests that a noise monitoring solution is installed in the property. In fact, some short term rental platforms, such as Airbnb, require hosts to do so. Hence, when in doubt, it’s always a good idea to mention Minut in your listing in order to set the expectations right and have a better relationship with the guest.