A European Union law governing data privacy that takes effect today has left real estate brokerages and associations in the U.S. uncertain about its impact. The General Data Protection Regulation, known as
GDPR, makes it a crime to collect data on any resident of the 31 E.U. countries without getting their permission. It also requires businesses to delete information about Europeans if they request it, among other things.
But how relevant is it for U.S. companies? Does it apply if data collection on Europeans is incidental to a company’s operation?
Although no formal guidance for compliance has been issued yet by the GDPR’s advisory group, known as the Article 29 Working Party, the group has indicated it has no plans to go after American companies unless they target Europeans and the bulk of their online traffic is European.
“It’s a good practice to get permission upfront before you collect data on people who visit your site, but as far as GDPR is concerned, it doesn’t look like it affects most brokerages and real estate associations unless they specifically target Europeans and Europeans make up a large part of their traffic,” says Finley Maxson, NAR senior counsel.
Once official guidance is received from the Article 29 Working Party, NAR will release additional guidance. Visit
NAR’s privacy policy, which spells out how and why NAR uses website visitors’ data to better serve our members.
—REALTOR® Magazine