Need to know
- Tenancy Information Centre Australasia (TICA) collects data from rental applications and sells it to real estate agencies
- In cases where a renter's data ends up on a tenancy blacklist, it must be deleted after three years
- TICA held on to a renter's data long after it was removed from a blacklist and was finally forced to delete it by the privacy commissioner
When CHOICE gave the third-party rental platform industry a Shonky award last year, we knew we were onto something.
Our research and investigations had all come to a similar conclusion: pressuring renters into giving away reams of personal information as a condition for applying for a place to live was unfair, unkind and shouldn't even be legal. We even coined a new term for this digital assault on renters' privacy – RentTech.
It had long been standard practice on platforms such as Ignite, 2Apply, Snug, tApp and others to demand information that goes well beyond what an agent or landlord would need to assess an applicant.
Four out of 10 renters we heard from were more or less coerced into using a RentTech platform
In April 2023, CHOICE released a major report on RentTech, revealing that four out of 10 renters we heard from were more or less coerced into using a RentTech platform, and six out of 10 were not comfortable with the type of information they were being asked to submit. Unfortunately, it's a situation that's still in play today.
But a larger question loomed over the whole issue. Were RentTech platforms using this information simply to enhance their business models, or to discriminate against applicants on economic or other grounds?
And what was happening to all the personal data surrendered by hopeful applicants, most of whom wouldn't have been approved? The privacy policies of the RentTech platforms were vague on the issue.
Privacy commissioner orders data deleted
One place that the personal renter information collected by RentTech platforms may have ended up is one of Australia's biggest tenancy databases, a private business called Tenancy Information Centre Australasia (TICA).
TICA collects and organises data extracted from rental applications and other inputs and then sells it to real estate agencies, presumably so they can pick and choose which applicants they like. One of TICA's partners, 2Apply, is one of the most commonly used RentTech platforms.
The virtual manager system appears to have been designed to get around the rules on data retention that apply to traditional 'blacklist' renter databases
Setting up such an operation is not illegal, but earlier this year the Office of the Australian Privacy Commissioner (OAIC) ruled that TICA's 'virtual manager' database violated the privacy rights of a renter whose rental activities were tracked for seven years.
The virtual manager system appears to have been designed to get around the rules on data retention that apply to traditional 'blacklist' renter databases, where the renter's data in the OAIC case was initially stored.
Application platforms such as Ignite, 2Apply, Snug and tApp demand information that goes well beyond what an agent or landlord would reasonably need.
Circumventing data retention rules
Legally speaking, a renter's data should only end up on a blacklist database if their bond doesn't cover the back rent they owe or they violate the terms of the lease in other ways, such as by damaging the property.
Real estate agents have to inform the renter and give them a chance to appeal before listing them. Once listed, though, renters must be removed from blacklist databases after three years.
The personal information of the complainant in the OAIC case was sent to the real estate agency through which she was trying to find a place to live, seven years after she ended up on a blacklist.
TICA claimed that its internal virtual manager database was exempt from the three-year rule, but OAIC didn't see it that way, ruling that the retention of the information was illegal.
The need for reform
"While we welcome the ruling against TICA, this also highlights the need to update our laws," says CHOICE senior campaigns and policy adviser Rafi Alam, who specialises in consumer data issues.
"Tenancy databases have been around for a long time, and governments have seen the need to regulate these on behalf of renters. But the RentTech market has grown exponentially, so we need new rules to protect renters from unfair treatment and breaches of privacy."
The RentTech market has grown exponentially, so we need new rules to protect renters from unfair treatment and breaches of privacy
CHOICE campaigns and policy adviser Rafi Alam
The data of the renter in question has reportedly now been removed from the TICA database by order of the privacy commissioner, but it's impossible to know what other renter data the business holds, what it's doing with it, and how long it has had it.
Alam says there's an urgent need for privacy reforms across all sectors of the economy. The focus should be on preventing privacy breaches, "not just punishing the few instances that make it to court".
"With privacy laws currently stuck in the 20th century, CHOICE looks forward to government plans for a major overhaul later this year, including imposing new obligations on businesses to only use personal data in fair and reasonable ways," he says.
Stock images: Getty, unless otherwise stated.
