Privacy, Data Management, and Risk Mitigation
While no clear definition or requirements of a “smart city” exist, the general consensus is that it is an innovative development initiative that combines urban planning with creative digital infrastructure. Areas of focus often include reducing traffic congestion, improving sustainable energy use, and making public spaces more accessible and adaptable to its residents’ needs and desires. To achieve these goals, these initiatives incorporate innovative methods of data collection to improve service provision for local residents, however this innately sparks concerns surrounding consent, privacy, and data protection.
When Sidewalk Labs announced its interest in developing a 12-acre property along Toronto’s eastern waterfront to be North America’s most advanced smart city neighbourhood, many people were concerned about what kinds of data would be collected and how it would be used. Sidewalk Labs is a subsidiary of Alphabet Inc., the parent company of Google, so there is no doubt that this project could bring both incredible innovation as well as possible data exploitation or breaches. This said, the project developers have been vigilant in consulting with the community and releasing updated data privacy frameworks to calm tech-induced fears.
An exciting aspect of smart city development is the opportunity to build new collaborations between municipal and provincial governments, innovation hubs, entrepreneurs and their startups, research institutions, the leading educational institutions, and local residents. When combined, these various actors and organizations can collectively source the innovative ideas, design thinking, policy frameworks, and financial investment required to ensure that new ideas take hold.
Past and potential future efforts include:
- Partnerships with mobile apps that map out traffic congestion, motor vehicle accidents, and other on-road incidents (Toronto/Waze);
- Providing free Wi-Fi in public spaces to connect residents (Vancouver);
- Improving innovation procurement through research and entrepreneurial partnerships (Guelph/MaRSDD);
- Establishing a network of digital and physical engagement and innovation hubs targeted for youth (Ottawa); and,
- Building a technology-enabled “Circular Food Economy” (Guelph/Wellington County).
There are many approaches to planning and developing a smart city project, but all projects involve basic issues: privacy, data management, and risk mitigation.
Multi-Domain Privacy Impact Assessments
The combination of information sharing initiatives and innovative approaches to service delivery, such as smart city projects, has led to a growing need for multi-institutional and multi-jurisdictional PIAs. Guidelines from the Office of the Privacy Commissioner recommend that such PIAs include a clear business case for information sharing, a common communications strategy to inform the public of information sharing, and a set of expected privacy practices shared by all institutions participating in the data sharing initiative.
Our unique approach builds on these basic requirements to define a clear, seven-step process that we use both to guide our clients as they develop privacy policy prior to developing a smart city project, and to conduct PIAs after a smart city project has been completed.
1. Purpose: We begin by defining the reasons for which smart city projects collect, use, retain and disclose personal information.
2. Custodianship: A key next step to ensuring private information is protected is to adopt a custodianship model. In the context of a smart city initiative, a custodian will be designated to review and revise policies, processes, and procedures to ensure any sensitive information is shared securely.
3. Liability: In order to establish liability, we help to define the roles, responsibilities, and accountabilities of smart city project participants. We define different participants’ right and ability to manage (collect, retain, disclose, and correct) personal information.
4. Data Management: We define policies for management of data quality, records management, assurance of accuracy, retention and archiving, and secondary use of data.
5. Controls: We define policies for the application of legislative requirements, including management of information safeguards, compliance auditing, identity validation and management, implementation of consent rules, breach management, and proactive and reactive monitoring of technology assets. Controls also include frameworks such as provider agreements, resident disclaimers, and mandatory and discretionary requirements that define the roles of smart city participants.
6. Process: We apply privacy policy to workflows and interactions throughout service delivery processes, including service model, delivery model, management of consent, reporting procedures, incident management, and resident feedback mechanisms.
7. Adoption: In this final step we develop instruments for the implementation of privacy policy during the planning and ongoing development of the smart city project, such as provider agreements, resident disclaimers, mandatory and discretionary requirements, and system feedback.
Recommendations for Smart City Risk Mitigation
Given the opportunities and challenges associated with developing a function and advanced smart city project, we recommend planners and project managers consider the following six areas of risk and mitigation.
- Role of AI: Artificial intelligence is still very much uncharted territory, meaning there are abundant opportunities for leading edge technological development, but there is also a policy void. Governments, software developers, and researchers will need to collaborate and actively engage with each other’s sectors to gain a better understanding of their goals, practices, and needs to will help foster secure but innovative development.
- Handling Personal Information: The policies and practices that guide how personal information collected by smart city initiatives are fundamental for maintaining the trust of community members and ensuring the initiatives do not violate privacy laws. The data that the new smart technologies collect and analyze come from many sources including sensors and cameras. These technologies may be able to interact with people or their personal devices without any positive action required by the individual (i.e. consent) or an opportunity to out.The vast amounts of data that can be collected could lead to negative practices (or suspicions of such practices) such as surveillance, profiling, or using personal information for difference purposes than originally stated, either without consent or without public input. This practices are to be avoided wherever possible, and so whatever body is responsible for smart city data management must be vigilant in data-minimization practices by only collecting, using, or disclosing personal information where it is necessary for the initiative’s outcomes and there are no other alternatives. Lastly, smart city operations should have meaningful consent agreements where required by law and/or opt-out opportunities to ensure participants are able to make informed decisions.
- Privacy Governance and Oversight: Technology has thus far kept a faster pace than the policy regulating it. Smart city initiatives must be supported by updated data governance and privacy management policies. These policies should address a wide range of privacy and security requirements, including: appoint a privacy lead; monitoring and auditing for regulatory and legal compliance; responding to and maintaining transparency during breaches; and contractual protections and accountability frameworks for all the diverse actors and organizations involved in the initiative. This last requirement is particularly important for encouraging strong partnerships as it helps mitigate the risks of entering into the collaboration at the starting point.
- Transparency and Public Notice: For smart city projects to be most successful, a thorough level of community engagement will be required to not only collect and make use of residents’ experiences and ideas, but to also maintain proper feedback channels and project transparency. Project goals and practices should be transparent and made easily understandable so that community members will understand how they might be affected.
- Privacy Impact Assessments: Collaborating partners responsible for the security of smart city data must conduct privacy impact and threat risk assessments to ensure privacy and security risks are identified and adequately addressed in the design and implementation of new technologies and programs.
- Safeguarding Data: Any smart city endeavours that make use of data collection must include appropriate measures to secure all personal information. Given the diverse formats of implemented technology in the smart cities context, it is especially difficult to establish effective safeguards. Generally speaking, more points of data collection, processing, and access also mean more points of vulnerability and therefore greater risks of a security breach. To mitigate this serious risk, smart city data systems must de-identify personal information at the earliest stage in the collection process as possible and reduce the risk of re-identification that is inherent with connected devices. Lastly, smart cities should only retain, use, and disclose de-identified information, particularly in an aggregated format when possible.
Smart cities offer an incredible opportunity for exercising creative design thinking and harnessing the entrepreneurial spirit. However, government policy must be in line with the best interests of the public, particularly those who will be directly impacted by the programs and new technologies introduced by these innovative initiatives. Two-way, open and transparent discussions and partnerships between the innovative research and design sectors and the government and affected communities will be required to ensure smart cities are designed and implemented in a way that advances technology and urban planning while improving the lives and experiences within the communities. It is clear that following privacy and security best practices are absolute paramount for the success of these initiatives.