Setting her sights on Toronto’s Quayside plan to convert 12 acres of former industrial and docking land into a community that is connected from the ground up, Ann Cavoukian envisions a “smart city of privacy, not a smart city of surveillance.”
Setting her sights on Toronto’s Quayside plan to convert 12 acres of former industrial and docking land into a community that is connected from the ground up, Ann Cavoukian envisions a “smart city of privacy, not a smart city of surveillance.”
The concept presented by its steward, Waterfront Toronto, is to transform the lakeside land and its conventional infrastructure into Canada’s first open-access, ultra-high-speed broadband networked community allowing for the development of web-enabled technologies and applications from the ground up.
Cavoukian, who leads the Privacy by Design Centre of Excellence at Ryerson University, is adamant that all the data collected through networks of sensors in a connected community needs to be protected. And she draws on a concept of hers called “privacy by design,” which aims to embed privacy into the design specifications of the technologies, infrastructure and business practices. She developed this concept during her 17-year tenure as Ontario’s privacy commissioner. It’s a framework that has since been adopted or referred to internationally.
While some smart cities already exist in the world, protection of data often comes as an afterthought. Smart initiatives in Silicon Valley have been referred to as “surveillance capitalism” while the Chinese model is largely considered dystopian.
Barcelona implemented smart city programs using sensor networks on services such as transportation, energy use, noise levels and irrigation, driving data to the city as well as private sector partners. Finding that the approach compromised individual rights, Barcelona started changing its control of the flow of data. In the interim, the European Union introduced new safety and privacy practices through its General Data Protection Regulation, further restricting how data is used, which resulted in the implementation of more protections in Barcelona.
Last summer, the European Commission highlighted concerns in its study, “Reclaiming the Smart City — Personal data, Trust and the New Commons.” It identified risks to privacy through large-scale surveillance of citizens, where people have few opportunities to say how their personal data is collected and municipalities face many uncertainties in this new information age. The study then demonstrated some policy changes that some communities made to address these issues.
There are examples closer to home of how protecting data is sometimes forgotten in the rush to take advantage of new technologies. Last year, after Infrastructure Canada issued its Smart Cities Challenge dangling $50 million in financing for the winning project, the federal and provincial privacy commissioners wrote a joint letter to the feds pointing out the importance of privacy in this area, adding that some smart cities projects have failed “in part because of their impact on privacy rights or because the public trust in the systems was lacking” and urged that privacy be a major consideration through a threat risk assessment. A privacy impact assessment and consultation with local privacy commissioners was then made a requirement for the five finalists of the Infrastructure Canada initiative.
Planning of the Toronto project through Alphabet, Google’s parent company, is taking place, while cities around the world address data protection and governance. Cavoukian sees it as an opportunity to provide an example to the rest of the world of how to properly address issues related to privacy by de-identifying information and scrubbing it at source. But she says she was disappointed through her first attempt as an advisor to Sidewalk Labs when Alphabet decided to create a civic data trust that would only encourage and not enforce the practice of privacy by design. She then quit as its privacy advisor. “We could do privacy and smart city.
. . . And now it wasn’t going to happen,” she says.
Then she was approached by Waterfront Toronto. The governing body of the Quayside project that gave Sidewalk Labs the contract to develop the proposal was on board with her desire to have data de-identified at source and asked her to become involved. She jumped at the chance, and she is now advising pro bono, without any formal title. “I want to make it happen. . . . We have the legislation we need; I just want to go further than that.
“I asked Waterfront Toronto to put out a statement that says anyone that’s going to play with us on this board, anyone who’s going to work with us must agree to de-identify data at source. Full stop. That’s the price of admission so to speak. And they agreed to that,” she says, hoping that she now has a better chance of seeing her vision realized than when she was working with Sidewalk Labs, which may or may not end up with the contract for the smart city implementation project.
The Civil Liberties Association, meanwhile, is seeking legislative assurances “from the risks of surveillance capitalism on our streets” and is insisting that the project be put on hold until all three levels of government deal with issues related to the collection, ownership, use and storage of personal information generated in the project. In announcing its notice of application in April, the rights organization stated that the project’s conception puts many of the rights valued by Canadians at risk by embedding multiple kinds of surveillance technologies into infrastructure.
Privacy laws, it adds, were introduced before much of the technology was developed and data now has a different value. The association isn’t satisfied that promises by developers to stay within certain data protection guidelines are enough. And it argues that the agreements at the heart of Sidewalk Labs are in violation of administrative constitutional law.
As the development of Toronto’s complete smart city wends its way through the conceptual phase, other cities are introducing parts of that technology to their infrastructure. The idea of smart cities is more about the use of digitally powered services enabled through a network of sensors where real-time information flows and doesn’t necessary apply to entire neighbourhoods. A public transit user can check, in real time, how many minutes they must wait at a bus stop. Advanced traffic controls allow path planning through road network monitoring, which can provide emergency vehicles with the best route to reach an emergency or hazard zone. As municipalities replace aspects of their infrastructure, they will look to use these smart technologies. According to the Canadian Infrastructure Report Card, this infrastructure could be worth upwards of $1.1 trillion, and 35 per cent of those assets are in fair, poor or very poor condition.
“In most cases, our cities are just becoming smart by increments. All of our cities have smart technologies that they’re currently using; they just haven’t got the whole city wired from the ground up,” says Teresa Scassa, Canada research chairperson in information law and policy at the University of Ottawa, who is providing her observations to Canadian Lawyer independent of her role as a member of Sidewalk Lab’s digital advisory panel. “I do think that, while some think about privacy when they’re doing this, they’re not necessarily thinking about privacy in a particularly co-ordinated way. And so there may be different choices made in different divisions or departments of the city, and some of those choices may not be the most privacy-friendly ones because, in all likelihood, they’re balancing their interests and priorities as they see them with privacy,” concluding some things may be more important than privacy, she says.
“There are lots of technologies; if we sat down and looked at all of them, many of them that are already in place would raise some privacy concerns and many have already.”
As communities forge ahead into often new territories, they may make mistakes, overlook important considerations or make debatable decisions. Last year, Metrolinx, the Ontario Crown agency that manages public transportation, revealed that it shared the personal information of Presto payment card users to law enforcement agencies 30 times in 2017. The organization now reports on how often it shares data with police and reviews its privacy policy regularly.
Although the safeguards are there, says Chantal Bernier, there is merit to continue discussions on what happens to all the data that is collected in public communities. And while the provincial and federal governments are becoming immersed on issues related to smart cities, the Ottawa-based Dentons Canada LLP counsel in the privacy and securing group, who served as Canada’s interim privacy commissioner from 2013 to 2014, says it may be necessary to have another layer of accountability to ensure it has a heightened level of protection. “Current privacy law does set principles that are very clear that are based in human rights law that do protect us from an abusive model of these smart cities. That being said, it would certainly be a good idea to address it to make it more specific,” she says.
The key guiding principles that require attention as these technologies are rolled out, she says, include: preserving consent; minimizing data collection and retention; ensuring there is no excessive collection of data and that it isn’t used for surveillance and cybersecurity; and determining what happens to the information when several organizations are involved.
Municipalities, strapped by limited budgets, have increasingly sought partnerships with private-sector players. But the private sector is governed by different privacy legislation than the public sector.
From her perspective as an infrastructure lawyer who works with private-sector companies servicing a public-sector partner, Catherine Doyle, a partner with Blake Cassels & Graydon LLP in Toronto, sees smart city initiatives setting the foundation for how we will agree our data will be used in the future. More people have access to the technologies as they become less expensive, bringing those issues increasingly to the fore. “Technological innovation is accelerating both the potential for the cities to be smart and for the issues themselves,” she says.
So, in addition to the privacy issues, when it comes to smart cities, there are issues around enabling cities to capture the value of the data to which they have access and use it to build a smarter city. Doyle points to the widespread use of sensors in these programs that feed information back, that will also help to identify, in real time, information to municipalities such as what roads need to be repaired.
In a smart city, there is potential in a private-public partnership for the use of information conflicting with public interest. Doyle says a necessary component is to get the mix right in the allocation of reward of data ownership and control to ensure a certain level of data protection. The considerations Doyle says are necessary to address include ensuring the rights to data, as well as the rights to use the data, aren’t given away or forfeited and to ensure the agreement over data continues to allow the institution to comply with its own statutory obligations under PIPEDA, provincial legislation and the Privacy Act.
“As lawyers, we’re still grappling with all of the issues coming at us with smart cities and infrastructure, and one of the big questions there is data, who owns the data, who controls the data, where the privacy aspects with data being both generated by infrastructure and then the data going into how we decide whether to build infrastructure or not is sort of two different classes of things,” says Doyle.
But Scassa warns that we ought not be lulled into assurances that de-identification will address all of our concerns because there are further risks: use of data, function creep, change of governments. “I think you need very robust forms of accountability and transparency and decision-making. You need a strong ongoing commitment to implementing and maintaining privacy. . . . I think it’s an ongoing, long-term project that has to be treated with some care.”
What is a smart city?
A clear, consistent definition of smart city has been elusive largely because the factors for each project often differ. Open North, a Montreal-based non-profit specializing in open data and civic technology, has launched a year-long collaborative project to best describe it. It concluded that a smart city is where aspects of the community collaborate with public officials to mobilize data and technologies in an ethical, accountable and transparent way to govern the city as a fair, viable and liveable commons and balance economic development, social progress and environmental responsibility. A smart city, it determined, includes five characteristics:
• There is governance of social and technical platforms, which includes data, algorithms, skills, infrastructure and knowledge;
• It is participatory, collaborative and responsive;
• It uses data and technologies that are fit for purpose, can be repaired and queried, its source code is open, adheres to open standards, is interoperable, durable, secure and, where possible, locally procured and scalable;
• Custody and control over data generated by smart technologies is held and exercised in the public interest;
• The right to disconnect and the right to be anonymous in a connected city is recognized.