Before an audience of leaders from the ICT industry, government and public and private business sectors, a panel of data security and privacy experts at the Information Technology Association of Canada (ITAC) Smart Cities Summit delivered a cautious but optimistic outline of the risks and the way forward for how emerging smart cities are going to use our personal data.
At the focal point of the Data Privacy & Security portion of the day-long event, held last week in Brampton and opened with words from Mayor Patrick Brown, was outspoken former Privacy Commissioner of Ontario and current Expert-in-Residence, Privacy by Design Centre of Excellence at Ryerson University, Ann Cavoukian. A pioneer in data privacy and security, and the architect of the aforementioned Privacy by Design (PbD) framework, Cavoukian cautioned that there is a current lack of trust when it comes to the privacy of our data and how it’s used, and expressed concern for privacy in smart cities.
“Concern for privacy is at an all-time high, trust is at an all-time low,” Cavoukian said during her presentation. “There is such a trust deficit. And that’s what we hope to change with the GDPR and Privacy by Design.”
Recently implemented into the European Union’s new overarching General Data Protection Regulation (GDPR) law, Cavoukian well-known Privacy by Design methodology focuses on implementing steps to ensure privacy all through the entire engineering process and, according the PbD Centre of Excellence’s website, “ensuring strong privacy and gaining personal control over one’s information, and, for organizations, gaining a sustainable competitive advantage.”
De-identifying data at the source is key
A key element of this protection, Cavoukian stresses, is securely de-identifying all data at the source. In other words, stripping all collected data of any personal identifiers because, as she cites, people don’t have a choice, when their data is being collected by the various systems and sensors that will run 24/7 in smart cities, to consent or revoke consent. “In order to address the privacy issues you just have to de-identify everything right away so you don’t have to deal with the privacy issues.”
It’s this sticking point that prompted Cavoukian to resign from her post as an advisor on the Sidewalk Labs smart neighbourhood project at Toronto’s waterfront last year. It was reported that while the Google sister company was committed to de-identifying their data, it couldn’t give Cavoukian assurances that others involved in the project would follow suit. “I’m now working directly with Waterfront Toronto, who has committed to de-identifying all personal data at source, so I am optimistic again,” said Cavoukian, whose (random sidenote) older brother happens to be the equally-optimistic children’s singer, Raffi.
Smart cities of surveillance
Giving people control over their data and personal information and how it’s used is of the utmost importance to Cavoukian, and is the difference between secure, functional smart cities that can improve the lives of its citizens and what former Blackberry co-CEO Jim Balsillie called “a colonizing experiment in surveillance capitalism,” when referring to Sidewalk Labs’ waterfront project.
“I’m not the only one who talks about the concern for privacy in smart cities. I’m on the International Council of Smart Cities and I assure you, most of the smart cities that are emerging are becoming cities of surveillance, not of privacy,” Cavoukian said during the Data Privacy & Security panel discussion.
And fellow panelist Deborah Evans couldn’t agree more. The Chief Privacy Officer at Rogers Communications took the stage to address the private sector’s responsibility in ensuring data privacy and security as well, but says that she’s shocked that these conversations haven’t been happening more and much sooner.
“If the architects of smart cities, be it local government or industry, are not able to gain the trust and confidence of its citizenry, progress will be impossible,” Evans said, citing the guidelines governing businesses and companies under the Personal Information Protection and Electronic Documents Act (PIPEDA). “Businesses and companies are required to identify the purposes for why personal information is collected,” Evans says. “As well, there are clear rules around the use, disclosure and retention of personal information.”
We can control the rollout
But, Evans reiterates, it’s all about transparency and trust as the realities of smart cities comes hurtling towards us, using our data to do everything from automate street lights, guide autonomous cars, provide security, improve public transportation and make our societies more efficient.
“The technical abilities of smart cities already exists, and with the introduction of 5G they will soon be further enabled,” Evans says. “We must also remember that as a society, we have the ability to control the speed of the rollout. Just because a technology exists, does not mean we have to accept the implementation of it until we are ready and prepared to manage all the issues that may come along with it.”