On June 24th, Sidewalk Labs, the Google sister company proposing a smart city for Toronto’s eastern waterfront, released its mammoth 1,500-page Master Innovation and Development Plan.
During Sidewalk Labs’ approximately two-year public consultations, privacy and control over data quickly emerged as flashpoints. A July 2019 survey by The Forum Poll found that while only 38 per cent of Torontonians were familiar with the smart-city project, 60 per cent of those people did not trust Sidewalk Labs to collect data on its residents.
What data is collected within smart cities, how, by whom and under what rules are important questions because smart cities rely upon the all-encompassing accumulation and mining of data. These activities are typically undertaken through privately operated software and infrastructure.
As a researcher who explores how companies collect, use and set rules regarding data, I closely read Sidewalk Labs’ Digital Innovation chapter to examine how the company proposes to govern data. Here, I focus on one particularly troubling proposal, although those interested may also wish to read lawyer Sean McDonald’s detailed analysis.
Data in public spaces
In its master plan, Sidewalk Labs proposes to make available to the public much of the data collected in public spaces like parks and streets, as well as data from publicly accessible private spaces like building courtyards and stores. In essence, this data would be held in a common pool for anyone to use, subject to yet-to-be-determined rules.
At first glance, this may seem relatively uncontroversial. Publicly accessible data won’t contain personal information, either because it was collected as non-identifiable data (think sensors counting bicycles at intersections), or has been de-identified after collection, a process that is not without risk of re-identification.
Sidewalk Labs claims that its default of publicly accessible data ensures that “Data collected in the public realm or in publicly owned spaces should not solely benefit the private or public sector.” By making the data available to all, the argument goes, no single entity will control data.
Notification for consent
However, there are two key problems with making data from public spaces publicly accessible by default. First, there’s the thorny issue of consent. Under Canadian privacy law, companies must gain consent before collecting personal information that relates to an identifiable individual. Sidewalk Labs, arguing that obtaining people’s consent for data collection in public spaces is difficult, proposes to use a series of symbols the company created in collaboration with industry and civil-society groups.
The designs incorporate four hexagons: to indicate the technology’s purpose, to identify the entity responsible for the technology, to provide information the type of data gathered (video, image, audio or otherwise), and to provide a QR code that allows interested individuals to learn more. Together, the four hexagons are intended to indicate visually the type of data collection underway in public spaces.
Sidewalk Labs’ emphasizes that the project is designed to bring “transparency” to urban technology. However, it’s difficult to see how relying upon people to notice and understand signage in public spaces constitutes consent, especially when it involves requiring people to learn what different symbols mean and remember their relationship to each other. Placing signage in public spaces doesn’t guarantee that people passing through will observe or understand the symbols.
It’s unclear how visually impaired people may be able to interpret the signs or if the information will be available in multiple languages. As the signage incorporates smartphone-dependent QR codes, only people with smartphones are able to learn more about the data collection, which could leave certain populations with little ability to learn more.
Problematically, people who decline to have their data captured may have to consider certain public spaces off limits. There are no easy ways to “opt out” of using public spaces. As scholars Ellen Goodman and Julia Powles observe in their review of Sidewalk Labs’ efforts to plan a smart city, the company envisions no “surveillance-free zones.”
Equitable data access
The second key problem is that just because data is publicly accessible does not mean that everyone can equally access, store or process the data to deliver products and services. Certainly, publicly accessible pools of data may benefit small companies, non-profits and government departments.
But certain actors are more able to capitalize upon data than others. Companies with significant stores of proprietary data, algorithmic modelling capacity and commercial distribution infrastructure have a distinct market advantage. Simply put, Sidewalk Labs is in a privileged position as it can draw upon Google’s vast resources in data analytics.
Given these serious challenges, what can be done? Waterfront Toronto, the tripartite governmental agency that issued the bid for the smart-city project is holding public consultations until July 31st with another round planned for the autumn.
Those concerned about Sidewalk Labs’ draft master plan and the process to date should raise their concerns with Waterfront Toronto and their elected federal, provincial and municipal representatives.
What should consent look like in a smart city? How can people who have concerns about data collection opt out while continuing to enjoy public spaces? Should data from public spaces be made public by default? These are all serious questions that need to be answered before decisions are made about the project moving forward.
[ You’re smart and curious about the world. So are The Conversation’s authors and editors. You can read us daily by subscribing to our newsletter. ]