Those who live in condominiums know well how the issue of arrears can create tension between neighbors and create embarrassing situations.
However, the need to recover debts cannot be turned into an instrument of public shaming towards those who delay payments. The GDPR, the decisions of the Court of Cassation and the recent guidelines of the Guarantor on the protection of personal data have reshaped the framework of the rules applicable to condominiums, imposing precise limits on the circulation of debt information.
What many managers and suppliers often do, such as posting lists of defaulters or sending communications to all condominium owners, may today constitute unlawful processing of personal data with countervailing consequences.
GDPR also applies to condominiums: privacy and arrears are not incompatible
The condominium is not an island outside of European privacy law. GDPR applies fully to the processing of condominium owners’ personal data, including information of a financial nature such as condominium debts. The basic principles to be observed are those of purpose limitation and data minimization: information on the status of payments may only be circulated to the extent strictly necessary for administrative management.
This means that the administrator can consult and use data about defaulters to send reminders, prepare repayment plans or take legal action, but cannot disseminate it indiscriminately or make it accessible to anyone who does not have a legitimate interest in knowing it.
An emblematic case concerns the meeting agenda: it is not necessary to disclose the full payment history of a condominium if the meeting has to decide only on a single accounting aspect.
Stop social pressure: using neighbors as leverage on debtors is prohibited
A particularly widespread and at the same time illegal practice concerns the behavior of certain condominium service providers, such as companies that supply energy or manage system maintenance. When a condominium accumulates delinquent debts, these companies often resort to sending out communications addressed to all owners, citing missed payments and urging each condominium owner to put pressure on their delinquent neighbors.
The Data Protection Ombudsman has made it very clear that this practice is illegal: the creditor has as its sole interlocutor the condominium in the person of the administrator and cannot involve the individual owners in putting reputational pressure on the debtor. Similarly, the Court of Cassation has repeatedly held that the public display of infringers’ names through bulletin board notices, entryway postings, or circular notices constitutes an invasion of privacy that confers a right to damages.
The protection of the debtor’s personal dignity never gives way to the creditor’s interest in recovering what is owed through public humiliation, and the Guarantor’s new 2025 guidelines further reinforce this orientation, making trustees directly responsible as custodians of the entire building’s privacy compliance.
