Who pulls the strings

From the start the project faced fierce opposition from privacy advocates and a general public wary of handing over public spaces and personal data to one of the world’s biggest companies, with some fearing it could lead to corporate surveillance and commercial exploitation. Two and a half years later, after several resignations from the project’s advisory board, Alphabet walked back on the plan and submitted a less ambitious blueprint with stronger privacy protections. In May 2020, the project was shelved completely. 

Alphabet cited global economic uncertainty in the wake of the coronavirus pandemic as its reason for abandoning the project. But the Sidewalk Labs experience highlights a dilemma faced by municipalities across the globe that are striving to balance the efficiency and community benefits of greater access to citizen data against reasonable expectations for privacy, public due process and the need for limitations on corporate reach. 

Questions arise around who decides what data is collected, who it is shared with and what it is used for. In the wake of the Cambridge Analytica scandal, citizens are far less trusting of big tech to protect and use their data responsibly. And public institutions tasked with overseeing city-scale data governance do not yet exist.

Some experts believe citizens should be empowered to take control of their personal information and decide who can access it. High-profile pilots in Amsterdam and Barcelona over the past three years, under the European Commission-funded project Decode (Decentralised Citizen Owned Data Ecosystem), used advanced technology to allow people to decide with whom they share their data, and on what terms.

Léan Doody, who is based in Dublin, is Arup’s digital property and smart cities leader for Europe. She says: “There should be a consideration around what is a proportionate use of citizen data. An international emergency like the coronavirus outbreak makes a stronger case for using more anonymised data to track its spread. Data that provides a lot of utility to residents, such as to manage traffic flows and alleviate congestion, is probably a better use of data than using it to create targeted advertising.”

The official Oktoberfest app for the City of Munich helps citizens find beer tents quickly, and a live barometer shows how full each tent is. But the personal location data the app gathers in turn gives city authorities real-time visibility of areas experiencing overcrowding, which can be used to direct users to take alternative transport routes.

And in Sydney, New South Wales Transport Authority is using “touch in, touch out” data to model transport disruptions and service changes and allocate alternative modes of transport to help maintain a stable service for residents. 

“Many public utilities and public services have a stated objective to improve the lives of citizens, but they have never really had an accurate way to measure that until now,” says Gary Sharkey, a global smart cities architect. “The huge amount of data available to analyse is allowing them to become much more customer-centric and refocus their approach.”

While citizens’ data can undoubtedly improve the functioning of a city to their benefit, ethical concerns can arise when governments or private companies are able to harvest, store and manipulate data without appropriate safeguards or scrutiny.

Information collected in the public realm – in streets or parks, via smart street furniture or by facial-recognition technology – poses a particular challenge, because pedestrians may be unaware they are being monitored, and unlike an app or a website, they cannot tick a box to give consent to how their personal information will be used.

John Hughes FRICS, a former global president of RICS, lives in Toronto and has been closely monitoring the Sidewalk Labs controversy. He says: “Here we have a private corporation who will potentially be monitoring and hoovering up data from public space. The question is, what are they going to do with it and who owns it? That immediately raised a lot of hackles. The privatisation of what traditionally would be viewed as public land was another aspect that made people very nervous.”

Some people were concerned that in extreme cases, unrestricted data harvesting could lead to a Big Brother-type surveillance culture and damage democratic principles. Inmaculada Ranera MRICS, MD for Spain and Portugal at Christie & Co and an expert in exponential technologies including big data, says: “The next global war is for data highways. Whoever controls data is going to have absolute power.  In North America and Canada tech corporations have a lot of influence over the government and the government is highly focused on this technological world and less on protecting citizens’ rights in relation to data. They are approaching China in the sense that they want citizens to give over their data in exchange for a better life but disregarding their rights.”

In Toronto, Ann Cavoukian, director of privacy for Sidewalk Labs, resigned from the project after she learnt that not all the data collected from residents would be de-identified (anonymised) at source. In her resignation letter she likened the development to a “Smart City of Surveillance”. 

A more bottom-up approach would aim to build confidence between citizens, private sector companies and the administration by giving people the opportunity to make choices on what data they share, with whom and on what terms.

The Decode pilots demonstrated how innovative technology, including attribute-based credentials and advanced cryptography, could enable citizens to effectively control their data and share it to improve public services in a data-minimised way. 

One pilot in Barcelona devised a more secure method for sharing data from environmental noise and pollution sensors installed in peoples’ apartments, making it impossible to identify individuals from the data produced. Residents were also able to define who the data was shared with, how long it was available and for what purposes, and they could decide whether the data could be monetised for profit-making purposes. 

Another pilot in Amsterdam worked to build more privacy into a neighbourhood social networking site. Previously, the only way for users to log in was via a Facebook account, and some users were concerned that the Facebook data might be shared with the website. In response, Decode developed a system that could authenticate users without revealing any additional personal information, and there are plans to set more differential rules around who can see posts, and for how long.

“People sharing their data, such as mobility data or sentiment data that reveals how they feel about different places, could be really useful for smart decision making, but you have to do it in a way that puts them in control,” says Tom Symons, head of government innovation at Nesta, a partner organisation in the project. “Authorities in charge of smart cities need to recognise that that’s going to require more work, it’s going to take longer, and maybe things won’t look exactly as they imagined they would. However, it will enable a greater level of trust between citizen and state, and it should help educate people and bring them with you on the journey.”

Smart cities architect Gary Sharkey says: “I’d like to see more regulation around data inclusion, data transparency and accountability, and the processes by which data agreements can be made. The more granular we can get with some of those thorny issues, the easier it will be for citizens, businesses and governments to work effectively together to promote developments.”

The backlash against the Alphabet project in Toronto prompted Sidewalk Labs to propose the creation of an open “data trust”, managed by Waterfront Toronto, the government agency tasked with revitalising the waterfront, which sets the rules covering data use and storage. 

However, technology experts questioned whether the revised proposal imposed acceptable limits on data ownership and use, or indeed whether the need to gather data is always justified.

Tighter data protection powers implemented under GDPR should help push Europe in the right direction. In a report that examines the outcomes of the Decode pilots, Nesta calls for the establishment of a new form of public data infrastructure for Europe, a “data commons” which is scaled across the EU and managed through collective decision making.

The initiative would set out the principles to support privacy-enhanced data sharing, with a key focus on generating public value for social good. Separate commons would be custom designed based on the type of data and sector, ranging from the large-scale sharing of research data to more community-oriented forms of sharing. Governance over the data would be transparent, accountable and participatory, said Nesta.

With privacy and data posing some of the most significant challenges in society today, innovative approaches like this should ensure that smart cities are able to push ahead with developments while aligning closely with the needs of their most valuable commodity: people.