Whatever else it may bring, 2019 will be a breakout year for online privacy, as…
In 2014, according to the United Nations, 54 percent of the world’s population lived in cities. By 2050, the UN expects this figure to rise to 66 percent.
City living can be a great experience. Humans are social animals and a city allows us to live, meet and work alongside other humans in a hopefully nice environment. As our world population grows and as city-dwelling becomes the norm, our cities are coming under enormous strain.
To meet the needs of a busy modern city, we have to turn to smart technology. Technology such as the Internet of Things (IoT) and artificial intelligence (AI) is being increasingly applied to the problem of smart city sustainability. “Smart” in the form of smart sensors and connected technologies that utilize big data analytics are being put to work in our urban areas. Smart technology is being applied to transport, health, energy, water, workplaces, and our homes to improve our lives and optimize our city service use.
As our cities become smarter, is the use of personal data also smart? Is privacy being driven from the city walls to be replaced only by efficiency and convenience?
Related Post: 2019 will be Privacy Rights’ Break Out Year
Disclaimer: This blog article was written by our compliance experts for general information and does not claim to provide legal advice. To understand the full context of your organization, please consult with a privacy compliance and/or legal professional.
Data and the Smart City
Smart cities need data to work. Much of this data is personal and/or highly sensitive. The data is collected, stored, and analyzed across a multitude of different areas. There are many examples of smart city projects across the world. Here is a small taste of some:
SideWalk Toronto is a smart initiative backed by Waterfront Toronto and Google sister company SideWalk Labs. The project aims to mix great urban space design with digital technology to create sustainable living.
The original view of data used in this smart project was that it would only be held if it was used to improve life quality and never be sold for marketing purposes.
However, recently, Ann Cavoukian, ex Privacy Commissioner for Ontario and advisor for SideWalk Toronto, has left the project. Dr. Cavoukian quit the project on hearing that, although SideWalk Labs would be ensuring the privacy of any data they collected, they could not guarantee third parties would do the same.
The iCity project in Barcelona is a project bringing companies of all sizes and developers together to create smart city systems. The initiative is based on public information in the form of Open Data. The resultant iCity platform will use these public data, accessible by all participants in the program; as well as Barcelona, this includes Bologna, Genova, and London. Barcelona has a focus on mobility and data.
The service is used to improve city parking and congestion (and ultimately pollution) via a smart app. The app being used by drivers to find available parking spaces. The data collected by the app has the potential to violate privacy by tracking the location of drivers.
However, Barcelona is actively working to prevent privacy violations by using a “people-first” approach to data governance.
Smart Nation is about transforming the whole of Singapore using smart technology. It encompasses a number of initiatives to improve smart city living and working. Health is an important area covered by Smart Nation. Singapore is concerned by the aging population and the demographic change, meaning fewer young people to support the elderly.
The Singaporean telehealth project allows remote consultation which includes the use of remote sensors. These sensors, within patient wearables, allow remote monitoring of patient health. They play an integral part in tele-rehab for postoperative patients or after a major health event. The health data collected by the devices and shared with healthcare workers is sensitive data.
Keeping Things Private: Options for Privacy-Enhanced Smart Cities
Cities like Singapore have been heavily criticized for rushing ahead with innovation in smarter urban living without serious thought for the privacy of the data collected.
But the benefits of smart cities are compelling. As we generate more waste and use more energy, we must use smart technology to optimize our footprint on the planet. Privacy can be built into these smart systems, but we need to engage various considerations to do so, which include:
1. Data Minimization
Data Privacy 101 is to only collect and process the data absolutely needed to perform a given task. Minimizing the type, amount, and detail of data processed, and using a “Minimum Data Set” (MDS) approach, will help to manage privacy issues across the data lifecycle.
2. Anonymization/ Pseudonymization
De-identify data wherever possible. This is, of course, easier said than done.
For example, the Harvard University Data Privacy Lab demonstrated the ease of identifying individuals simply by matching publicly-available data with news items about hospitalizations. In another study, which looked at the use of big data and mobility in smart cities, researchers at MIT were able to find matches from large data sets.
However, technologies are improving in this area. Identity systems, for example, can provide verified but pseudonymized identity and data-masking and blurring are techniques used to de-identify data.
In addition, various frameworks exist to help in the de-identification process. The HITRUST De-Identification Framework, for example, offers guidance on effective de-identification as a process.
3. Data Governance
The governance of data is a vital step in encouraging and even enforcing privacy protection of personal data. Malcolm Crompton, ex-Privacy Commissioner for Australia tweeted on the subject, summing it up:
“Lack of data governance THE #privacy (& security) issue in #SmartCity thinking (& for far too much in #bigdata). Governance to prove you’re doing what you say you’re doing; governance to ensure remediation; governance to show how you decide to evolve in a fair minded way. And more.”
4. Privacy by Design in the City
Ann Cavoukian was the architect behind the ideology of Privacy by Design (PbD). In her treatise on the matter, she set out 7 principles to use when designing systems that use personal and sensitive data. The principles are about having a positive and proactive approach to privacy, with security at the heart of the design of a system. Using Dr. Cavoukian’s principles, when designing smart city initiatives, data privacy should be a foundational goal of any smart city developer.
Having a proactive and knowledgeable approach to smart city development, with privacy as a remit, is key to making our cities people-centric and privacy-enhanced.
- Personal Information & Data Privacy in Canada: PIPEDA 101
- 2019 will be Privacy Rights’ Break Out Year
- GDPR: Privacy by Design
Privacy Equals Smart Citizens
The energy used, the waste removed, even the drive to work, has to operate at an optimum to make cities worth living in as the global population rises. The data needed to inform the optimization of services will come from ourselves and what we do on a daily basis.
But we should not accept that privacy should suffer for smart city living. A report by The Economist, Intelligence Unit found that 93 percent of consumers place privacy and security as a top concern. As smart city designers and developers, we have to put people first and let the technology fit the purpose – data privacy being part of that.
Personal data is just that, personal, and should be respected as such.
By designing with privacy as a remit you are not only creating privacy respectful services, but you are building trust. The cities we live in now and in the future have to be sustainable, but we have to trust how they operate. Smart cities need to be populated by happy citizens. And happy citizens need to feel safe.