Smart Privacy for Smart Cities
By Katherine Sainty, Director, Sainty Law
Smart Cities’ invest in technology to make urban areas more efficient, more sustainable and more liveable. Smart cities harnessed the power of data and technology to build a more efficient city for their citizens to flourish. The number of smart cities is rising exponentially and are expected to become the norm by 2025.
As citizens, we accept technology that tracks and monitors us because it makes our cities more intuitive our lives easier. But how does our exchange of personal data in return for smart city advantages play out? Is our surrender of personal information necessary for Smart Cities, and are we being led to believe that efficient cities and information privacy are mutually exclusive?
Trade off ? No
Governments and organisations are responsible for building smart cities that use information and communication technology to increase contact between citizens, governments and services. Examples of smart cities are those that use id cards to access government services, cameras to manage traffic, and sensors to automate and customise street lighting.
The opportunities for improving our urban areas through such developments are astonishing. But these initiatives rely on ubiquitous technologies to connect our devices and routinely collect and process our personal information.
This raises privacy concerns. Concerns about the recording of our daily activities, our right to opinions and autonomy, and about the appropriate use of the data collected about us. How can we be sure that, while harnessing the benefits of a data-rich society, governments and organizations will manage the competing risks to our privacy?
An increased amount of personal data in circulation increases our exposure to cyber threats and the risk of our suffering serious harm from a data breach.
Governments and organizations must take steps to ensure the information privacy of citizens remains a core consideration of smart cities. They must act with integrity to ensure that data is collected and used in line with relevant privacy and cyber laws.
‘Smart Privacy’ can assist. Smart Privacy is privacy that imbeds ‘privacy by design’ in the creation of smart cities. Privacy by design is a concept created by Dr Ann Cavoukian, Ontario’s former Information and privacy commissioner. Privacy by design makes individual privacy rights central during the development phase of all aspects of project including technology. It is internationally recognised as an essential component of fundamental privacy protection. An example of privacy by design the use of data minimisation in which processing and storage of data is limited to the specific purpose for which it was collected. Limits are placed on the scope of personal information collected, its uses and how long it is held.
Other privacy by design concepts include ‘anonymization’ meaning the irreversible de-identification of personal data and ‘pseudonymization’ where personal data cannot be attributed to a specific person.
As well as limiting collection of data, data destruction or de-identifying processes need to be in place so records are permanently deleted when no longer required.
Smart Privacy must be conceptualised and adopted in the early design stages of a smart city. As the technology is deployed it is important that all the data handling questions have been considered through a privacy prism.
Another framework that can be used by governments and organisations to ensure Smart Privacy is the ‘Five Safes Framework.’ This framework sets out an approach to managing data disclosure risk. Each of the five safes i.e. Safe People, Safe Projects, Safe Settings, Safe Data and Safe Outputs, refers to an independent but related aspect of disclosure risk. The framework poses specific questions to help assess and describe each risk. This allows the data collectors to place appropriate controls on the data, how it is accessed, used and shared.
Community Expectations of Smart Privacy
Technology offers great opportunities for improving life in urban areas. But governments and organizations cannot expect citizens to surrender their privacy rights for these benefits.
Rather, citizens of smart cities must be reassured that their privacy rights will be respected, and personal information protected.
Smart Privacy can be embedded within the design of smart cities. Governments and organisations must incorporate the privacy of citizens as an essential feature of smart cities from the outset and ensure advances in technology do not distract from legitimate community expectations of data privacy.
Rise of Smart Cities [CASE STUDIES/EXAMPLES]
Shanghai has embraced the rise of Smart Cities with the government supporting a free mobile app to allow Shanghai residents to access over 100 essential government services. Residents can pay for utilities and traffic fines, enquire about medical insurance, pension, tax and healthcare records. Approximately 7 million residents (equivalent to a third of Shanghai’s population) have begun using the platform to access essential public and community services.
Despite the convenience and efficiency of a technologically driven city, there are concerns that the data collected will feed into the government’s plan of establishing a Social Credit System, which could ultimately create a Smart City of mass surveillance. This would involve the compilation and sharing of data regarding an individual or company’s compliance across sectors. Offenders may have domestic or international travel restricted, denied placement at education institutions or face exclusion from hotels or prestigious work.
Quayside is a 12-acre smart city joint venture between the Canadian government, Waterfront Toronto and Sidewalk Labs. This is the largest attempt in North America to create a sustainable, affordable and mobile smart city. Initiatives include a centralised identity system to access public services such as library cards and health care. However, parties to the Quayside venture do not have a compulsory obligation to neutralise the data collected, which is concerning when building a Smart City of Privacy. Ann Cavoukian, Ontario’s former privacy commissioner, resigned from this project due to security concerns that the data collected will not be de-identified or anonymized.
Wellington Smart Capital, New Zealand
Smart Wellington aims towards having an engaged community and business sector to work towards four goals by 2040 - people centred city, connected city, eco-city, and a dynamic central city. Leading by example, Wellington has already implemented:
• an internet of things foundation to simplify the installation of sensors;
• a platform facilitating cooperation across various community agencies;
• machine learning systems to process and analyse insights on issues within the city; and
• virtual reality engagement platforms to open access to data.
Brisbane, Smart City Australia
Brisbane is championing the Australian Smart City domain by being the first Australian city to implement a large-scale Bluetooth monitoring system. One initiative was the investment of $5 million to establish a start-up innovation hub showing the city’s commitment in harnessing better technology, data and innovation.