Tag Archives: privacy

Will CovidTracker Ireland work?

The coronavirus pandemic has posed enormous challenges for governments seeking to delay, contain and mitigate its effects. Along with measures within health services, a range of disruptive public health tactics have been adopted to try and limit the spread of the virus and flatten the curve, including social distancing, self-isolation, forbidding social gatherings, limiting travel, enforced quarantining, and lockdowns. Across a number of countries these measures are being supplemented by a range of digital technologies designed to improve their efficiency and effectiveness by harnessing fine-grained, real-time big data. In general, the technologies being developed and rolled-out fall into four types: contact tracing, quarantine enforcement/movement permission, pattern and flow modelling, and symptom tracking. The Irish government is pursuing two of these – contact tracing and symptom tracking – merged into a single app ‘CovidTracker Ireland’. In this short essay, I outline what is known about the Irish approach to developing this app and assess whether it will work effectively in practice.

CovidTracker Ireland

On March 29th 2020 the Health Services Executive (HSE) announced that it hoped to launch a Covid-19 contact tracing app within a matter of days. Few details were given about the proposed app functionality or architecture, other than it would mimic other tracing apps, such as Singapore’s TraceTogether, using Bluetooth connections to record proximate devices and thus possible contacts, together with additional features for reporting well-being. The HSE made it clear that it would be an opt-in rather than compulsory initiative, that the app would respect privacy and GDPR, being produced in consultation with the Data Protection Commission, and it would be time-limited to the coronavirus response. It was not stated who would develop the app beyond it being described as a ‘cross-government’ effort.

On April 10th, the HSE revealed more details through a response to questions from Broadsheet.ie, stating that the now named CovidTracker Ireland App will:

  • “help the health service with its efforts in contact tracing for people who are confirmed cases;
  • allow a user to record how well they are feeling, or track their symptoms every day;
  • provide links to advice if the user has symptoms or is feeling unwell;
  • give the user up-to-date information about the virus in Ireland.”

Further, they reiterated that the app ‘will be designed in a way that maximises privacy as well as maximising value for public health. Privacy-by-design is a core principle underpinning the design of the CovidTracker Ireland App – which will operate on a voluntary and fully opt-in basis.’ There was no mention of the approach being taken; however the use of the HSE logo on the PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) website indicates that it has adopted that architecture, an initiative that claims seven countries are using their approach, with reportedly another 40 countries involved in discussions.

As of April 22nd the CovidTracker Ireland app is under development, with HSE stating on April 17th that it was being tested with a target of launching by early May when it is planned that some government restrictions will be lifted.

Critique and concerns

From the date it was announcement concerns have been expressed about the CovidTracker Ireland, particularly by representatives of Digital Rights Ireland and the Irish Council for Civil Liberties. A key issue has been the lack of transparency and openness in the approach being taken. An app will simply be launched for use without any published details of the approach and architecture being adopted, consultation with stakeholders, piloting by members of the public, and external feedback and assessment.

There are concerns that a centralized, rather than decentralized approach will be taken, and there is no indication that the underlying code will be open for scrutiny, if not by the public, at least by experts. It is not clear if the app is being developed in-house, or if it has been contracted out to a third-party developer and if the associated contract includes clauses concerning data ownership, re-use and sale, and intellectual property. There are no details about where data will be stored, who will have access to it, how will it be distributed, or how it be acted upon. There is unease as to whether the app will be fully compliant with GDPR and fully protect privacy, especially given that a Data Protection Impact Assessment (DPIA), which is legally required before launch, has seemingly not yet been undertaken. Such a DPIA would allow independent experts to be able to assess, validate and provide feedback and advice.

Critics are also concerned that CovidTracker Ireland merges the tasks of contact tracing and symptom tracking which have been pursued separately in other jurisdictions. Here, two sets of personal information are being tied together: proximate contacts and health measures. This poses a larger potential privacy problem if they are not adequately protected. Moreover, critics are worried that CovidTracker Ireland might become a ‘super app’, which extends its original ambition and goals. Here, the app might enable control creep, wherein it starts to be employed beyond its intended uses such as quarantine enforcement/movement permission. For example, Antoin O’Lachtnain of Digital Rights Ireland has speculated that we might eventually end up with an app to monitor covid-19 status that is “mandatory but not compulsory for people who deal with the public or work in a shared space.”

As Simon McGarr argues, the failure to adequately engage with these critiques and to be open and transparent means that “the launch of the app will inevitably be marred by immediately being the subject of questions and misinformation that could have been avoided by simply overcoming the State’s institutional impulse for secrecy.”

Internationally, there is scepticism concerning the method being used for app-based contact tracing and whether the critical conditions needed for successful deployment exist. Bluetooth does not have sufficient resolution to determine two metres or less proximity and using a timeframe to denote significant encounters potentially excludes fleeting, but meaningful contacts. There are also concerns with respect to representativeness (for example, 28% of people do not own a smartphone in Ireland), data quality, reliability, duping and spoofing, and rule-sets and parameters. The technical limitations are likely to lead to sizeable gaps and a large number of false positives that might produce an unmanageable signal-to-noise ratio, leading to unnecessary self-isolation measures and potentially overloading the testing system.

There is a concern that app-based contact tracing is being rushed to mass roll-out without it being demonstrated that it is fit-for-purpose. Moreover, the app will only be effective in practice if: there is a program of extensive testing to confirm that a person has the virus and if tracing is required; and 60% of the population participate to ensure reach across those who have been in close contact (c.80% of smartphone users). The symptom tracking relies on self-reporting, which lacks rigour and, as testing has shown, a large proportion of the population who were tested because they were experiencing symptoms returned negative. This is likely to lead to a large number of false positives and it is doubtful that these data should guide contact tracing.

At present, while Ireland is ramping up its testing capability towards 100,000 tests a week, it might need to increase that further. The Edmond J. Safra Center for Ethics at Harvard University suggest that in the United States: “We need to deliver 5 million tests per day by early June to deliver a safe social reopening. This number will need to increase over time (ideally by late July) to 20 million a day to fully remobilize the economy. We acknowledge that even this number may not be high enough to protect public health.” The equivalent rate for Ireland would be 300,000 tests per day. In Singapore, only 12% of people have registered to use the TraceTogether app, which raises doubts as to whether 60% of the population in Ireland will participate, especially since the public are primed to be sceptical given media coverage about the app have raised issues of privacy, data security and data usage.

Will CovidTracker Ireland work and what needs to happen?

There is unanimous agreement that contact tracing is a cornerstone measure for tackling pandemics. Assuming that the privacy and data protection issues can be adequately dealt with it, it would be good to think that CovidTracker Ireland will make a difference to containing the coronavirus and stopping any additional waves of infection.

However, there are reasons to doubt that app-based contact tracing and symptom tracking will make the kind of impact hoped for unless:

  • its technical approach is sound and civil liberties protected;
  • there is testing at sufficient scale that potential cases, including false ones, are dealt with quickly;
  • the government can persuade people to participate in large numbers.

The government might also have to supply smartphones to those that do not own them, as they did in Taiwan. Persuading people to participate will especially be a challenge since the government is not being sufficiently transparent at present in explaining the approach being taken, the app’s intended technical specification, how it will operate in practice, its procedures for oversight, and how it will protect civil liberties.

It is essential that the government follow the guidance of the European Data Protection Board that recommends that strong measures are put in place to protect privacy, data minimization is practised, the source code is published and regularly reviewed, there is clear oversight and accountability, and there is purpose limitation that stops control creep.

If implemented poorly, the app could have a profound chilling effect on public trust and public health measures that might be counterproductive. As a consequence, the Ada Lovelace Institute, a leading UK centre for artificial intelligence research, is advising governments to be cautious, ethical and transparent in their use of app-based contact tracing. Ireland might do well to heed their advice.

Rob Kitchin

Using digital technologies to tackle the spread of the coronavirus: Panacea or folly?

A new paper by Rob Kitchin (Programmable City Working Paper 44) examines whether digital technologies will be effective in tackling the spread of the coronavirus, considers their potential negative costs vis-a-vis civil liberties, citizenship, and surveillance capitalism (see table below), and details what needs to happen.

PDF of paper

Using digital technologies to tackle the spread of the coronavirus: Panacea or folly?

Abstract
Digital technology solutions for contact tracing, quarantine enforcement (digital fences) and movement permission (digital leashes), and social distancing/movement monitoring have been proposed and rolled-out to aid the containment and delay phases of the coronavirus and mitigate against second and third waves of infections. In this essay, I examine numerous examples of deployed and planned technology solutions from around the world, assess their technical and practical feasibility and potential to make an impact, and explore the dangers of tech-led approaches vis-a-vis civil liberties, citizenship, and surveillance capitalism. I make the case that the proffered solutions for contact tracing and quarantining and movement permissions are unlikely to be effective and pose a number of troubling consequences, wherein the supposed benefits will not outweigh potential negative costs. If these concerns are to be ignored and the technologies deployed, I argue that they need to be accompanied by mass testing and certification, and require careful and transparent use for public health only, utilizing a privacy-by-design approach with an expiration date, proper oversight, due processes, and data minimization that forbids data sharing, repurposing and monetization.

Keywords: coronavirus; COVID-19; surveillance; governmentality; citizenship; civil liberties; contact tracing; quarantine; movement; technological solutionism; spatial sorting; social sorting; privacy; control creep; data minimization; surveillance capitalism; ethics; data justice.

coronavirus tech issues

New book: Understanding Spatial Media

USM3A new book, Understanding Spatial Media, edited by Rob Kitchin, Tracey Lauriault and Matt Wilson has been published by Sage. The book started life as a conversation at the launch of the Programmable City project. It includes 22 chapters detailing forms of spatial media and their consequences, including discussions of the geoweb, neogeography, volunteered geographic information, locative media, spatial big data, surveillance, privacy, openness, transparency, etc.  Here’s the back cover blurb:

“Over the past decade, a new set of interactive, open, participatory and networked spatial media have become widespread.  These include mapping platforms, virtual globes, user-generated spatial databases, geodesign and architectural and planning tools, urban dashboards and citizen reporting geo-systems, augmented reality media, and locative media.  Collectively these produce and mediate spatial big data and are re-shaping spatial knowledge, spatial behaviour, and spatial politics.

Understanding Spatial Media brings together leading scholars from around the globe to examine these new spatial media, their attendant technologies, spatial data, and their social, economic and political effects.

The 22 chapters are divided into the following sections:

  • Spatial media technologies
  • Spatial data and spatial media
  • The consequences of spatial media

Understanding Spatial Media is the perfect introduction to this fast emerging phenomena for students and practitioners of geography, urban studies, data science, and media and communications.”

Contributors: Britta Ricker, Jeremy Crampton, Mark Graham, Jim Thatcher, Jessa Lingel, Shannon Mattern, Stephen Ervin, Dan Sui, Gavin McArdle, Muki Haklay, Peter Pulsifer, Glenn Brauen, Harvey Miller, Teresa Scassa, Leighton Evans, Sung-Yueh Perng, Mary Francoli, Mike Batty, Francisco Klauser, Sarah Widmar, David Murakami Wood, and Agnieszka Leszczynski.

Thanks to Lev Manovich for permission to use an image from the On Broadway project for the cover.

Details about the book can be found here.

Rob Kitchin

Emerging Technological Responses in Emergency Management Systems

The advent of discourses around the ‘smart city’, big data, open data, urban analytics, the introduction of ‘smarter technology’ within cities, the  sharing of real-time information, and the emergence of social media platforms has had a number of outcomes on emergency services worldwide. Together they provide opportunities and promises for emergency services regarding efficiency, community engagement and better real-time coordination.  Thus, we are seeing a growth in technologically based emergency response. However, such developments are also riddled with broad concerns, ranging from privacy, ethics, reliability, accessibility, staff reluctance and fear.

This post considers one recent technological push for the re-invention of the emergency call system (911bot) and another for the sharing of real-time information during a major event (Smartphone Terror Alert).

911bot

In recent years, there has been a significant move away from voice calls towards texting and internet based platforms (eg.WhatsApp and Twitter)(see figure 1), this is tracked regularly by the International Smartphone Mobility Report conducted across 12 countries by the data tracking company Infomate. In 2015, they found that in America the average time spent on voice calls was 6 minutes as opposed to 26 minutes texting, and worldwide,  internet based platforms were the main form of communication (Infomate, 2015 and Shrapshire, 2015).

 

cell phone communication

Figure 1: Cell phone Communication. Source: Russell (2015).

In light of this, there is a push by both the private sector and entrepreneurs to utilise mobile phones and  social media platforms in new ways such as within the emergency call system. Within my own field research, I have questioned first responders in Ireland and the US regarding the use of social media and apps as alternative means to the current telephone system.  For the most part, this was met with disdain and confusion from first responders.  Strong arguments were made against a move away from a call-dominated response system. These included:

a)      Difficulty in obtaining relevant and accurate information regarding the event, including changing conditions and situations.

b)      Not able to provide the victim or caller with accurate instructions and information.

c)      Restrictions in contacting the caller.

d)     The system would need an overhaul for it to work, i.e. a dedicated team ensuring that these messages are not missed, and require staff training.

e)      Call systems are established mechanisms for contacting the emergency services, why change it when it works?

f)       If you use something like Twitter or Facebook to report an emergency how do we ensure that it is reported correctly and not just tweeted or messaged to an interface which is not monitored 24/7?

And as can be seen through the following conversation with two operational first responders in Dublin, Ireland, they want new technology but are also highly hesitant as to its ability to ensure a quick response.

Conversation between researcher and two first responders

R1: See the problem with a tweet and a text, I can’t get any information out of that, like I could tweet and back and then you are waiting for them to send something back, when I have you on the phone, I can question you, “What is it?”, “What is wrong?”, “What is the problem?”.

R2: If you did go with something like [social media platform for emergency call intake], you would have to have the likes of, if you are the tweet man then you would have to be 100% on the phone looking at it

R2: It probably would work if it wasn’t an emergency as such, not a full emergency

R1: I think people need tobe re-assured that someone has seen it and really knows what is happening.

R1: Jesus you could have everyone tweeting saying I have a sore stomach and that would register as a call for us so the calls would just get worse and worse. [...] I think if you ring Domino Pizza now, it will know who you are, where you are and your order

R2: They can read the caller ID coming

R1:We haven’t got that

All of these are understandable concerns, but they also illustrate a resistance to innovative change that may result in cultural and institutional change which they oppose due to highly legitimate fears of effectiveness and reliability. Even so, they are welcoming of technology which has obvious benefits for them such as the “Domino’s Pizza” caller ID system, but are more reluctant towards innovations such as the 911bot whose value is overshadowed by fears of inefficiency, information gaps and reliability. However, the 911bot does potentially address some of these issues within its design.

The 911bot (figure 2) was developed during TechCrunch’s Disrupt Hackathon in New York in 2016.  It works through Facebook Messenger, which had a reported 1 billion users in July 2016 (Costine, 2016), to allow users to report an emergency.  Initially, one would be forgiven for immediately thinking of the arguments made against a transformation of the current system as presented above. However, the messenger app already offers location services based on the phones GPS thus, when reporting an incident, your exact location is immediately sent (although you can turn off your GPS signal and restrict your location being sent, when using this bot there is potential for that to be overridden).  The person reporting the incident can also send pictures or videos and the bot can provide information on what you should and shouldn’t do in that situation such as, how to do CPR during a cardiac arrest (Westlake, 2016).

Further, this bot has potential to feedback the location of the first responders to the reporter. It provides the control room with more accurate information coming from real-time videos and pictures meaning that they are not relying wholly on information from untrained and scared people.  And, most importantly, this system doesn’t take away from the control room interacting with the caller. From the information provided by the developers, it appears that once the messenger sends the request, the control room calls the phone and resumes their role but with more information.   Possibly, going forward this could even be done through Facetime so that the control room has live interaction with the event prior to the arrival of the first responders.  Although, the 911bot has only been developed and not deployed, in time and after much consultation and experimentation, it could prove very beneficial within emergency response.  For instance, if the control room operator can actually see how the person is conducting CPR, can see and hear their breathing, see the extent of the injury, fire, or road traffic collision in real time, it would inform decision-making that could create better and more efficient responses.  However, it would be remiss to discuss this without noting that there are potential privacy issues with the mass use of this type of technology outside of the remit of this post, that would need to be considered.

911BOT

Figure 2: 911bot. Source: 911bot online.

Smartphone Terror Alert

Another new use of mobile technology was the mass terror alert issued on September 17th 2016, after Chelsea, Manhattan was hit with an explosion.  The alert (figure 3) was issued by the Office of Emergency Management, New York Police Department and the FBI through all phone networks. It was received by an unknown number of people and provided information about the key suspect – Ahmed Khan Rahami.  The Press secretary for New York Mayor Bill de Blasio stated that it was the first use of this alert at a “mass scale” and as the suspect was caught within 3 hours, it presented the appearance that this alert was effective, with New York’s Police Commissioner stating “it was the future”(Fiegerman, 2016). Yet there is no evidence that the alert had anything to do with the catching of the suspect; these two factors could be circumstantial.

SMARTPHONE TERROR ALERT

Figure 3: Smart phone terror Alert. Source: published in Fiegerman (2016).

Further, as illustrated by Anil Dash in Fiegerman (2016) how effective was it actually?  “Is there evidence that low-information untargeted push notifications help with any kind of crime? Seems they’re more optimised for panic”.  This is compounded by the lack of an all-clear alert, which would work to ease tensions and potential panic.  We live in a socially constructed risk society (Beck, 1992; 2009) and with innovations such as this, even if the intention is good, the potential for mass panic is created, which raises questions regarding the appropriateness of this mechanism. In this instance, sending an alert with little information, using just a name, makes everyone who could fit that name a potential target, and is an action that could create panic, fear and racial attacks under the illusion of “citizen arrest”.  However, this system has potential especially if it were utilised during severe weather events to provide information on evacuation centres and resources rather than during more sensitive events such as a manhunt.  Essentially, though, before it can be deemed thoroughly effective and safe there needs to be stringent supportive policy and agency and community training to ensure that response from agencies as well as communities is coordinated and effective rather than panicked and uninformed. So, I wonder, is this really the future, and indeed, does it need to be the future? Is it already the present with no sense of reflection on the potential consequences of such a system by the lead federal and local emergency agencies and institutions?  I don’t have the answers to these questions but examining the operational use of this alert even, at its small scale of use, provides opportunities to begin to tease out the danger of a dichotomy between effectiveness and panic and to explore issues around privacy, fear, reliability and usefulness.

In conclusion, this post has provided two different innovations within emergency management, one being experimented with and one which has been implemented. But what is clear is that changes in how we engage with control centres and emergency services are taking place, albeit slowly. But, one can only hope, especially in relation to the alert system, that lobbied criticisms will be engaged with and solutions sought.

 Bibliography

911bot (2016) 911bot. [Online]. Available at: http://www.911bot.online/) (Accessed 9th November 2016).

Beck, U., (1992). Risk Society: Towards a New Modernity. London: Sage.

Beck, U., (2009). World of Risk. Cambridge: Polity Press.

Costine, J. (2016) How Facebook Messenger clawed its way to 1 billion users. [Online].  Available at: https://techcrunch.com/2016/07/20/one-billion-messengers/ (Accessed 8th November 2016).

Fiegerman, S.(2016) The story behind the Smartphone Terror Alert in NYC. [Online].  Available at: http://money.cnn.com/2016/09/19/technology/chelsea-explosion-emergency-alert/ (Accessed 9th November 2016).

Infomate (2015) The International Smartphone Mobility Report [Online]. Available for download at: the International Smartphone Mobility Report (Accessed 7th November 2016).

Russell, D. (2015) We just don’t speak anymore. But we’re ‘talking’ more than ever. [Online].  Available at: http://attentiv.com/we-dont-speak/ (Accessed 9th November 2016).

Shropshire, C. (2015) Americans prefer texting to talking, report says. Chicago Tribune [Online].  Available at: http://www.chicagotribune.com/business/ct-americans-texting-00327-biz-20150326-story.html (Accessed 9th November 2016).

Westlake, A. (2016) Finally, there’s a chat bot for calling 911. [Online].  Available at: http://www.slashgear.com/finally-theres-a-chat-bot-for-calling-911-08439211/ (Accessed 7th November 2016).

 

New paper: The ethics of smart cities and urban science

A new paper by Rob Kitchin has been published in Philosophical Transactions A titled ‘The ethics of smart cities and urban science’ in a special issue on ‘The ethical impact of data science’.

Abstract

Software-enabled technologies and urban big data have become essential to the functioning of cities. Consequently, urban operational governance and city services are becoming highly responsive to a form of data-driven urbanism that is the key mode of production for smart cities. At the heart of data-driven urbanism is a computational understanding of city systems that reduces urban life to logic and calculative rules and procedures, which is underpinned by an instrumental rationality and realist epistemology. This rationality and epistemology are informed by and sustains urban science and urban informatics, which seek to make cities more knowable and controllable. This paper examines the forms, practices and ethics of smart cities and urban science, paying particular attention to: instrumental rationality and realist epistemology; privacy, datafication, dataveillance and geosurveillance; and data uses, such as social sorting and anticipatory governance. It argues that smart city initiatives and urban science need to be re-cast in three ways: a re-orientation in how cities are conceived; a reconfiguring of the underlying epistemology to openly recognize the contingent and relational nature of urban systems, processes and science; and the adoption of ethical principles designed to realize benefits of smart cities and urban science while reducing pernicious effects.

The paper is behind a paywall, so if you don’t have access and you’re interested in reading email Rob (rob.kitchin@nuim.ie) and he’ll send you a copy.

“Creating Smart Cities” workshop videos: Session 3

We are happy to share the third set of videos from The Programmable City’s recent workshop “Creating Smart Cities”, Session 3: Privacy and security concerns in smart cities. [Session 1 here, Session 2 here]

Pseudonymisation and the Smart City: Considering the General Data Protection Regulation

Maria Murphy, Maynooth University

Abstract
The great promise of smart cities is tempered by the very real risks associated with the large-scale collection, sharing, and analysis of data. As the General Data Protection Regulation – set to apply from May 2018 – attempts to respond to the modern data processing environment, this paper considers the implications of the new Regulation for the smart city. In particular, this paper examines the introduction of a “privacy by design” mandate and considers the endorsement of pseudonymisation as a privacy enhancing technique. The “positive-sum” pro- privacy and pro-progress philosophy of the privacy by design approach would appear, on first inspection, to perfectly address the challenges of the smart city. In reality, of course, while privacy by design offers a helpful “mindset”, it is certainly not a panacea.

From start to smart: A 100 smart cities but where are the citizens?

Ayona Datta, King’s College London

Abstract

In January 2016, the Indian government announced the first 20 winners of its smart cities challenge. This is the start of the journey for these cities to becoming smart. As part of this challenge, each city developed a pan-city and area-based proposal to reflect their local context, resources, and priorities of citizens. At the end of this journey a total of 100 small to medium cities in India would have retrofitted their chosen urban areas with smart infrastructure, transport, housing and governance. The end of this journey for the 100 cities will seemingly mark the beginning of India’s new urban age.
In this paper, I search for the elusive citizens in India’s ambitious national urbanization programme of creating 100 Smart Cities. Examining the different smart city proposals submitted by the nominated cities for the smart cities challenge, I argue that each of these seek to present particular visions, imageries and fantasies of performing the smart citizen. These can be roughly presented as 1) Fast-tracked citizens- the near overnight production of a mega base of urban ‘population’ in each city for the mandatory citizen consultation in the smart city challenge. 2) Acquiescent citizens who contribute to open data, engage in e-governance and increase ‘civic discipline’ through citizen surveillance 3) Entrepreneurial citizens who contribute to economic growth and prosperity of the smart city, who are framed as careerist and heroic, but who individually and collectively take the risk and precarity of speculative markets on their shoulders.
Through these three figures, this paper will ask how the ‘citizen’ has become the biggest urban fantasy of India’s Smart city challenge, and what are the consequences of this fantasy. The answer to these questions will have profound consequences for the understanding of India’s urban futures and the urbanization of citizenships in the region.

[Video not available]

The Privacy Parenthesis: The Structural Transformation of the Private Sphere

Leighton Evans, University of Brighton

Abstract

The “Snowden Revelations” that revealed the extent of surveillance of everyday citizens in everyday life have been a focal event for discussion on the mediation of privacy itself in the digital age. As technological development moves towards the everyday integration of things in the “Internet of Everything”, this chapter focuses upon the shifting sense of privacy in spaces that were once considered “private” in light of the extraordinary levels of data collection continuing unabated in everyday life. To do this, I use the metaphor of parenthesis as a way of conceptualising the separateness of the private realm from other realms of human activity. The use of parenthesis here is in a dual articulation; parenthesis articulates both the separate nature of the private and problematizes the modern conception of privacy as a separate, private space linked to property ownership that is being challenged by digital media. Discussions on the “end of privacy” can be assimilated into this metaphor; in essence, this approach rejects the claim to an end of privacy but argues that privacy itself (here, the very nature of what lies in parenthesis) is changing from a spatial privacy to another, non-spatial form. This non-spatial privacy is characterised as intentional, mannered and performed, and is reflected upon with reference to the development of the smart city as a concept and phenomenal space.

From data subjects to data producers: negotiating the role of the public in urban digital data governance

Christine Richter (University of Twente), Linnet Taylor (Tilburg Institute for Law, Technology, and Society), Shazade Jameson (Independent), and Carmen Pérez del Pulgar (Institut de Ciència i Tecnologia Ambientals)

Abstract

Today’s smart city programs and systems bring private and public sector actors together in ways that are creating streams of data about citizens, and these streams inhabit a legal and practical grey area between the public and private domains. Digital traces from sensors and digital communications tools can be merged and linked with official records, volunteered data from apps, social media, and citizen feedback systems in ways that have implications for privacy and data protection. City authorities are not yet addressing the ethical implications of today’s data governance decisions: seemingly inconsequential data often contain intimate behavioural and locational traces, and all digital data produced by people have a long half-life, gaining in both financial value and sensitivity over time. As data become big data, existing rules and norms (such as the Fair Information Practice Principles) become unworkable, and regimes developed for analogue data are not easily updated for the era of ubiquitous computing, profiling and artificial intelligence. This creates new questions for urban governance: what elements of public life are private processes, and how can they be balanced with the benefits of sharing to create public goods, such as health and education? Cities are currently on the cusp of understanding the breadth of applications and potential of digital data for governance and functionality in urban space: city governments are likely to become an important hub for data exchange in the future, and to form part of the emerging international data market. How can city governments make informed choices about the kinds of infrastructures they set up, how can they understand the longer-term implications of those choices, and how do different infrastructures and processes to do with data build differing relationships between cities and citizens?