Who Owns Your Data When You Live in a Smart City?

By Marty Graham, Contributor

Imagine visiting the high tech neighborhood of Quayside, Toronto, planned by Sidewalk Labs, a Google subsidiary. From the moment you step off the light rail and onto the pavement fixed with sensors, your every move is recorded. Much like the slimy trails snails leave behind, movement can be traced and timed—window-shopping, buying coffee, finding a restroom, sneaking outside for a cigarette.

But such a data trail raises questions.

Who owns this information? And what, exactly, will this data include—facial recognition, weight and height measurements, BMI? Will the sensors interact with people’s mobile phones, capture purchases, note where selfies are taken and assess each person’s purchasing potential? For residents of the development, will their daily doings be monitored, their smart home Internet of Things (IoT) connected to the larger IoT infrastructure outside?

How will this data be used and can people opt out?

Sidewalk Says Trust

The Sidewalk Labs proposal says that the enormous amount of data gathered should be deposited into a public-private, government-business data trust, where a board of five people will decide how it can be used, who it can be sold to, and how it will be anonymized, as well as keep track of securing the data from attacks. The proposed board members could include an intellectual property expert, a community expert, and members of the government, local businesses, and academia. Before any data is released—whether for government, planning, or commercial use—the purpose of releasing the data would have to meet criteria set by the trust’s five overlords.

Still, data collection and how it’s going to be managed worries many Canadians, including Thorben Wieditz of BlockSidewalk, a Toronto-based grassroots group.

“Our core concern with data is governance and how public space is being converted into a data market.”

—Thorben Wieditz, BlockSidewalk

“Our core concern with data is governance and how public space is being converted into a data market,” he says. “Data usage is about power, control, sovereignty, and agency. Discussions about how data is managed should be between people and their elected governments, and a corporation should not be framing this discussion, including how data is categorized.”

Other critics say the data management proposal lacks details: No value has been set yet for the data, and no formal limits on its usage proposed.

Trust the Trust?

While building a data trust isn’t a new concept, such trusts don’t have standard ideas, legal structure, or well-understood, agreed-upon rules. And the very nature of a data trust’s mission is often in conflict. Ideally, people should be able to opt out of having their personal data used or gathered, but having an incomplete data set could also mean that what remains will be inherently biased because of the data that was left out. Applying the remaining data—even for public good—will produce results skewed in favor of people who choose to forfeit their privacy, and that throws the data set open to manipulation.

And the idea of a data trust fails to address the thorny question of who owns the data that’s gathered and whether people can opt out in a meaningful way, especially while they move around in public spaces.

The Project

Two years ago, federal-provincial and municipal governments formed and funded Waterfront Toronto, a public entity with control over the land fronting Lake Ontario.

Waterfront Toronto selected Sidewalk Labs to design the project from “the internet up.” Sidewalk’s ambitious plan—just released this June and awaiting review and approval—includes 2,500 new homes in buildings made of laminated timber, along with the creation of a new company that will produce the high-concept wood to replace concrete and steel construction. The plan aims for the new development to be 90 percent carbon neutral, including replacing car travel with light rail service and transit.

The corner of Toronto’s Richmond Street and Spadina Avenue

Additionally, there’s allotted commercial space containing Sidewalk’s new Toronto headquarters and other offices, as well as shopping and services for the residents. About 40 percent of the new homes will be priced below Toronto rental market cost, and half of those at affordable housing prices where rents equal no more than 30 percent of tenants’ income. According to the Sidewalk plan, the streets, garbage cans, public spaces, and transit will have tens of thousands of embedded sensors monitoring and measuring how people use the space.

How to Use the Data?

Sidewalk can use the data for good: changing street directions for traffic patterns like switching rail directions at rush hour, and redesigning and restructuring public space that appears to be underutilized so it’s safer, comfortable, and more useful. But critics say that most of the data can be employed to influence behavior; for example, rearranging footpaths to drive foot traffic away from residences or making spaces where people can smoke or vape difficult to access. The project’s operators could also use data for commerce: aligning routes to steer people to certain merchants.

Roger McNamee, who made his fortune investing in Facebook, among other technology that now worries him, blasted the plan, calling it the most highly-evolved version of “surveillance capitalism” he’s ever seen. McNamee believes that Google will claim the right to exploit the data it collects any way it chooses.

“If it has not done so already, Google will ask for freedom from politics. The corporation’s goal is to replace democracy with algorithmic decision-making, believing the latter to be more efficient,” he wrote in an open letter to Toronto’s civic leaders.

The Canadian Civil Liberties Union has sued Waterfront Toronto over data and privacy concerns, relying on sworn statements from internet privacy and data experts Sean McDonald and Zeynep Tufekci to explain how the proposed data collection, protection, and use stands to violate the individual rights of people who give consent by simply entering the Quayside development.

Tufekci, who studies technology and how people use it for the Center for Information Technology Policy at Princeton University and North Carolina State University, was asked by the Canadian Civil Liberties Union to examine the data trust’s management goals. She came away worried.

Anonymous, Not Private

“If data is provided to third parties even in ‘anonymized’ form, meaning personally identifiable information has been removed, it’s quite possible that the data will be re-identified,” she wrote in her affidavit for the civil liberties group. “Sharing data with third parties has been a reason for multiple massive data leaks and privacy violations—see the Cambridge Analytica scandal with Facebook, for example. The data could be so stripped that it is harder to re-identify, but that would defeat the purpose of third party data-access, which was to ensure that this rich dataset doesn’t simply become absorbed only by Google.”

Details on how the proposed data trust will work are thin and the goals are vague, Tufekci continues. “Some of these goals, like data accessibility and privacy, are in direct conflict with one another,” she says.

Sidewalk Doesn’t Claim the Data

Sidewalk has outlined its core beliefs about the data: No one has a right to own information collected from Quayside’s physical environment. “Instead, this urban data should be under the control of an independent civic data trust,” the company states. And when the data goes out, “all entities proposing to collect or use urban data (including Sidewalk Labs) will have to file a Responsible Data Impact Assessment with the data trust that is publicly available and reviewable.”

But the details are lacking, points out Sean McDonald, who co-founded Digital Public, a data governance firm that specializes in the use of data trusts.

“The proposal is openly vague about the legal infrastructure, authorities, and oversight… obscuring the most determinative characteristics,” he wrote in an affidavit. “Sidewalk Labs’ proposal does a very good job of introducing data governance ideas, but doesn’t explain how they’d work in practice or [how they’d] achieve their purpose.”

No Invisibility Option

“You cannot simply opt out of space that you live and work in because of ethical issues surrounding data privacy,” says Roxanne Van Gemert, senior user experience designer for the province of British Columbia. “Our public institution needs to begin questioning the authenticity of public consultations and data governance strategy development that is being led and framed by the vendor themselves.”