Does privacy and data protection law apply to the inside of your home?

I am speechless. It is outright insane. I can not see how this can be legal? Though I have zero knowledge of UK laws (living in Scandinavia). I have previously rented an apartment for 15 years. With one inspection at the end of the rent. And that inspection was after I had moved out.

You're asking the wrong question. It's not up to you to prove the unlawfulness, it's up to them to prove the lawfulness (which is clearly not given if the contract expressly mentions only damage photographs).

The next time this happens, simply tell them that they have no right to photograph beyond what was agreed, and instruct them to cease immediately. If they feel differently, it is up to them to demonstrate on what grounds they may photograph.

Unless an England-based lawyer is lurking on HN, I don't think you're going to get an overly useful response from HN itself.

You should contact a lawyer or the ICO [0], the UK's data protection office.

[0]: https://ico.org.uk/

Even if it's legal I wouldn't put up with that, and something that extreme would need to be detailed thoroughly in the lease agreement. If it's not, you didn't agree to it, and I'd be telling them to leave or you'll be calling the police to have them arrested for trespassing. Then I'd be moving ASAP and suing them for breach of contract and a return of previous rents.

Generally, at least in the US (every state differs slightly) a landlord or their agent can enter your apartment only in an emergency circumstance or with your explicit permission after requesting. The only time they'd take photos is after you've moved out to photograph damages for evidence if they with hold any part of your deposit. Your landlord should not be snooping around your house every 90 days, that's ridiculous. In the US, it's common to change the locks on the door after renting and then turning in the new keys when you leave.

This situation is covered by GDPR. GDPR has a "household activities" exemption, which does not apply here because it's the business activity of your landlord. The data is certainly personal data because it's connected to you (even if indirectly, via your apartment number).

Per GDPR, they have an obligation to inform you what data is being collected and for what purpose (Article 14). If they only mention damage photographs, then any photographs that aren't about damage would have been collected unlawfully and you can request they be deleted (Article 17, in particular part 1-d). You also have the right to receive a copy of all data about you (Article 15), and I doubt that any of the usual exceptions apply to this case.

While you can infer so-called Special Category data (sex, sexuality, health conditions), I'm not sure it technically counts as Special Category data on its own. However the inferability of Special Category data should have been part of the consideration of whether this data collection is acceptable.

If the data is transferred to a cloud service, they are obligated to inform you. If this transfer is international, they are obligated to inform you what is the legal basis for the international transfer (but not the actual destination country). If they have told you neither, they are only compliant if the data is entirely on-device or on-premise.

You can file a complaint with ICO, the regulator for the UK.

Move. You should not be tolerating such behaviour, nor should you be condoning/encouraging it.

Pretty sure this is standard practice in England. All of my estate agents have done it too. I assumed the purpose was to prove to the landlord that they actually checked for damage in each room?

This is unacceptable, in my opinion.

Most of the properties I've rented in the UK have only have only had an inspection at the end, although one has had a mid-tenancy inspection, where they took photos of the (previously) damaged part only.

Personally, I'd start off by raising a Subject Access Request under GDPR (it's part of British law, not just EU) as well, as well as asking how they asking how they process and store the data.

If they're using the data incorrectly (e.g, if they claim to collect data to check for damage, but there is no damage), you could make a complaint to the ICO.

If you're not familiar with your rights under GDPR, I'd recommend reading the UK Information Commissioner's Office guide for this (https://ico.org.uk/your-data-matters/your-right-to-get-copie...).

Hell no, even if this was legal under GDPR or the UK's own data protection law (which it definitely isn't) it would probably be illegal under basic law. Not an expert on UK law but in Germany there's the concept of "Unverletzlichkeit der Wohnung" (inviolability of your home), which I think is also a legal principle in the UK. Taking high-resolution photos of your living quarters is definitely a stark violation of your privacy and you should not tolerate that. If you're uncertain how to approach this I'd recommend to seek advice with a renter/tenants union, as they'll know how to handle this. Maybe it would be good to collect some futher evidence first, e.g. make a photo/video of the agent photographing your rooms and ask them about the app and how your data is being processed.

Firstly England and Scotland have different laws so you need to be more specific about where you live.

Secondly I would advise contacting a helpline and asking them - Shelter or citizens advice bureau.

Does the letting agent have a privacy notice? What does your agreement say about damage and inspections for damages?

What is the app? Does the app have a privacy notice/policy?

I would reach out to a lawyer and also a private investigator to figure out what app and where your data is going.