Last Thursday saw the launch of the ‘Getting Smarter about Smart Cities: Improving Data Privacy and Data Security‘ report by Rob Kitchin and published by the Department of the Taoiseach. The report was submitted a few days before the publication of a similar report by Lilian Edwards titled ‘Privacy, Security and Data Protection in Smart Cities: a Critical EU Law Perspective‘ and therefore has no reference to it. Whereas my report takes a more governance and policy focused approach, Lilian’s is more legally focused. If taken as a pair I think they provide a pretty comprehensive overview of the various privacy and security issues raised by smart city technologies and possible solutions.
As part of ‘EU Data Protection Day’ a new report – “Getting smarter about smart cities: Improving data privacy and data security” – was launched today by Dara Murphy T.D., Minister for European Affairs and Data Protection. The report, commissioned by the Data Protection Unit, Department of the Taoiseach (Irish Prime Minister) and written by Rob Kitchin (of The Programmable City project), is the first publication by the new Government Data Forum, a panel of experts drawn from across industry, civil society, academia and the public sector. The Forum advises Government on the opportunities and challenges for society and the economy arising from continued growth in the generation and use of personal data. The report is available from the Department of the Taoiseach website or click here.
Many cities around the world are seeking to become a smart city, using networked, digital technologies and urban big data to tackle a range of issues, such as improving governance and service delivery, creating more resilient critical infrastructure, growing the local economy, becoming more sustainable, producing better mobility, gaining transparency and accountability, enhancing quality of life, and increasing safety and security. In short, the desire is to use digital technology to improve the lives of citizens, finesse city management, and create economic development.
In this context, a wide range of smart city technologies are being deployed within urban environments, including city operating systems, centralised control rooms, urban dashboards, intelligent transport systems, integrated travel ticketing, bike share schemes, real-time passenger information displays, logistics management systems, smart energy grids, controllable lighting, smart meters, sensor networks, building management systems, and an array of smartphone apps and sharing economy platforms. All of these technologies generate huge quantities of data, much of them in real-time and at a highly granular scale.
These data about cities and their citizens can be put to many good uses and, if shared, for uses beyond the system and purposes for which they were generated. Collectively, these data create the evidence base to run cities more efficiently, productively, sustainably, transparently and fairly. However, generating, processing, analysing, sharing and storing large amounts of actionable data also raise a number of concerns and challenges.
Key amongst these are the data privacy, data protection, and data security issues that arise from the creation of smart cities. Many smart city technologies capture personally identifiable information (PII) and household level data about citizens – their characteristics, their location and movements, and their activities – link these data together to produce new derived data, and use them to create profiles of people and places and to make decisions about them. As such, there are concerns about what a smart city means for people’s privacy and what privacy harms might arise from the sharing, analysis and misuse of urban big data. In addition, there are questions as to how secure smart city technologies and the data they generate are from hacking and theft and what the implications of a data breach are for citizens. While successful cyberattacks on cities are still relatively rare, it is clear that smart city technologies raise a number of cybersecurity concerns that require attention.
To date, the approach to these issues has been haphazard and uncoordinated due to the ad-hoc manner in which they were developed. However, given the potential harms to citizens and the associated costs that can arise, and the potential benefits at stake, this approach should not be allowed to continue. The challenge is to rollout smart city solutions and gain the benefits of their deployment while maintaining infrastructure and system security and systematically minimising any pernicious effects and harms. This is no easy task, given the many stakeholders and vested interests involved and their differing aims and ambitions, and the diverse set of technologies and their complex arrangement.
This report details the development of smart cities and urban big data, highlights the various privacy and security concerns and harms related to the deployment and use of smart city technologies and initiatives, and makes a number of suggestions for addressing trepidations about and ills arising from data privacy, protection and security issues.
It argues that there is no single solution for ensuring that the benefits of creating smart cities are realised and any negative effects are neutralised. Rather, it advocates a multi-pronged approach that uses a suite of solutions, some of which are market driven, some more technical in nature (privacy enhancement technologies), others more policy, regulatory and legally focused (revised fair information practice principles, privacy by design, security by design, education and training), and some more governance and management orientated (at three levels: vision and strategy – smart city advisory board and smart city strategy; oversight of delivery and compliance – smart city governance, ethics and security oversight committee; and day-to-day delivery – core privacy/security team, smart city privacy/security assessments, and computer emergency response team).
These solutions provide a balanced, pragmatic approach that enable the rollout of smart city technologies and initiatives, but in a way that is not prejudicial to people’s privacy, actively work to minimise privacy harms, curtail data breaches, and tackle cybersecurity issues. They also work across the entire life-cycle (from procurement to decommissioning) and span the whole system ecology (all its stakeholders and components). Collectively they promote fairness and equity, protect citizens and cities from harms, and enable improved governance and economic development. Moreover, they do so using an approach that is not heavy handed in nature and is relatively inexpensive to implement. They are by no means definitive, but build on and extend work to date, advance the debate, and detail a practical route forward.
The report concludes that a core requirement for creating smart cities is the adoption of an ethical, principle-led approach designed to best serve the interests of citizens. In other words, being smart about how we plan and run cities consists of much more than deploying data-driven, networked technologies; it requires a smart approach.
Prof. Rob Kitchin has recently been awarded a research contract by the Department of the Taoiseach to examine citizen-related data privacy/protection concerns arising from the development of smart cities. More specifically, the research is to help inform the work of the new Government Data Forum, an initiative of Dara Murphy TD, the Minister for EU Affairs and Data Protection. The research is to:
- Identify, document and summarise key developments in the area of smart cities in Ireland, at EU level and internationally;
- Identify and report on concerns and challenges for citizens regarding key data protection, data privacy and associated issues that arise in the context of smart cities
- Identify and report on best practice initiatives that have been undertaken to address these issues.
The project will run for two months from October 1st to November 30th and result in a detailed report setting out the main data privacy/protection issues associated with smart city technologies and initiatives.
The roundtable event ‘Privacy: Gathering insights from lawyers and technologists’ is scheduled for Wednesday 1st July 2015. The Event will be held at the Phoenix Building, North Campus, Maynooth University and has been organised by faculty at the University in conjunction with the British and Irish Law Education and Technology Association.
The event will bring technologists, legal practitioners, technology companies and academics together in order to address the common issues faced by the different parties. The goal is to facilitate the communication of differing perspectives in an effort to formulate a unified approach to developing privacy issues.
Confirmed speakers for the event are:
Confirmed speakers for the first session of the event, “Privacy in a digital world: notions and understandings of privacy in a digital infrastructure”, are:
- Professor Rob Kitchin, NIRSA, Maynooth University, PI of the Programmable City project and author of “The Data Revolution”
- Stefano Braghin, Research Software Engineer in the Smarter Urban Dynamics group in the Smarter Cities Technology Centre, IBM.
- Mike Scott, Chief Cryptographer and Director, Certivox
- Dr TJ McIntyre, Lecturer in Law, University College Dublin.
- Claire Morrissey, Intellectual Property and Technology Lawyer, A&L Goodbody
Confirmed speakers for the second session of the event, “The Right to be Forgotten, demystified…”, are:
- Ronan Kennedy, Lecturer in Law, National University of Ireland, Galway.
- Dr Michael Lang, Lecturer in Information Systems, National University of Ireland, Galway.
- William Malcolm, Senior Privacy Counsel, Google
- Rob Corbet, Technology and Innovation Lawyer, Arthur Cox
- Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin