At a time when concerns about data and its misuse are growing, leading cities are showing that smart cities can be compatible with privacy and individual digital rights.
The age of the smart city heralds unprecedented power to the governments which run them.
Ubiquitous sensors, Internet of Things (IoT) devices and surveillance technologies process unfathomable quantities of information, creating highly detailed and intimate pictures of cities, and, increasingly, the people who live within them.
This trend has led privacy groups to describe some smart cities as a digital panopticon. The message for governments should be clear: with this great informational power comes great responsibility. This is the context for Nesta’s new publication, Reclaiming the Smart City, part of the Horizon-2020-funded DECODE project, which aims to plot a course to more responsible data and digital innovation in smart cities.
In pursuit of data-informed, efficient cities many governments have unwittingly created a means of mass surveillance and are infringing the digital rights of citizens. While most people want cities and public services to run better, few want to be spied on in the process. Whether it’s identifying the home addresses of strip club visitors through publishing ‘anonymised’ taxi data in New York, recording private conversations in public spaces to combat crime in the Netherlands, or the harvesting of personal data by smart bins in London, there is a risk to privacy presented by smart city technology and projects.
This is compounded by the fact the public have little say over how their personal data gets collected and used, and there are few options that allow policymakers to acquire people’s data in a more consent-driven way. There is usually no meaningful way to opt out of a smart city, and traditionally projects have failed to include citizens in design or planning, or enable democratic oversight.
It can be tempting to see the choice facing governments as binary: they can either strive to be data-informed, optimised and efficient, or they can put the privacy and digital rights of citizens first. But our research demonstrates this framing is unhelpful and represents a false binary.
The DECODE project – giving people greater control over their personal data – and the city governments profiled in our report show how ‘smartness’ can be compatible with privacy and individual digital rights.
Our report details eight case studies, and summarises from these a set of policy roles and actions available to city governments. These cover a wide range of options, from setting a strategic direction for change to providing new digital tools and enhancing skills and literacy. The five city government roles identified are: Leader, Guardian, Connector, Catalyst and Provider.
As Leaders, city governments can use strategic decisions to set the direction of travel over how technology and data are used to ensure that they do not risk individual privacy.
In Amsterdam, the TADA manifesto, developed by the independent Amsterdam Economic Board, has been adopted. It outlines a set of six principles designed to help organisations use citizens’ data in a more responsible way, such as inclusivity, individual control, openness and transparency.
Cities can also be the direct Provider of new tools and technologies which give people control over their data and greater privacy. In Amsterdam and Barcelona, DECODE’s tools will enable advanced cryptographic techniques to be deployed to enable wider participation in digital democracy and ensure greater fairness in the sharing economy.
The City of Ghent is giving people access to ‘technology that they own and control’. Residents are provided with a simple web portal called ‘Mijn Gent’ which gives them access to a range of local services.
In Sydney, the application of a new technique – differential privacy (a mathematical technique to minimise privacy risks in open data) – enabled the release of a two-week data sample from the city’s ‘tap-on, tap-off’ Opal card system for trains, buses, light rail and ferries.
The role of Connector means cities can grow digital literacy and capacity in the population and provide consent-driven processes for data collection.
In Bristol, a Citizen Sensing project has seen residents given damp-sensing plastic frogs to help them monitor poor living conditions. These collect data about damp and condensation levels in their properties, giving them the resources and evidence to campaign for better property conditions. The project was developed with community groups and targeted a ‘hotspot’ local issue which residents put forward.
By using spending power and procurement better, city governments can be Catalysts to incentivise and encourage more responsible innovation in the wider economy. In Barcelona the city council has launched a new procurement process designed to incentivise responsible innovation with data and respect for privacy, and has adopted a focus on open-source technologies. This is also a means of supporting the city’s campaign for ‘data sovereignty’ to give individuals control over their data. Barcelona have done this to support their plans for a data commons. This is a form of meta-utility, a pool of data produced by people, shared with their consent and made available to the people.
As Guardians, cities can create new roles, rules and safeguards to ensure that data is used responsibly and people are protected from digital harms. In Seattle, the city authority has a comprehensive municipal privacy programme based on a core set of privacy principles and policies. The programme clearly establishes the obligations and requirements of city departments regarding the handling and use of data, and assigns internal roles to support their implementation. The city’s policies mandate the publication of privacy impact assessments and reports about the city’s programmes and open data portals, and public engagement on the installation of any new surveillance technologies.
The direction of travel
The debate over smart cities, data collection and privacy is only going to grow as technology and data capture develop. The introduction of GDPR has set a clear direction of travel towards more responsible management of data, in Europe at least, and confirms city governments will need to improve efforts to use data responsibly and respect the privacy of individuals.
However, it would be shortsighted to see this as just about better compliance with data protection legislation. The examples and recommendations in our report also help to empower citizens with their data, confer them better digital rights, and meaningfully engage them in smart city programmes. In turn, this creates better smart cities.