Communities are embracing the “smart cities” movement by using sensors to collect and analyze data to support consumer mobility, increase sustainability, and deliver enhanced services to citizens. Using online platforms, smart city data can be collected from and shared among a variety of parties such as transit, parking, law enforcement and public health agencies, as well as private and nonprofit organizations. An example is the Integrated Data Exchange, a nascent cloud repository. Its designers aim to use the operating system for the smart city effort underway in Columbus, Ohio.

The IDE and similar platforms will create new challenges by allowing developers to combine public and private data from different sectors, including health, transportation, etc. Under the U.S. sectoral approach to privacy, these data sets are governed by different legal regimes, which may cause friction and uncertainty. For smart cities, many privacy issues are emergent, arising continuously from the combination of data from multiple sources. While sectors such as health and financial services have a well established body of privacy laws, the interaction of data from different sources for new applications will cause new and unpredictable challenges.

Regulation generally does not respond nimbly to emergent, complex, and unpredictable issues, and backward-looking or risk-averse regulatory approaches can hinder innovation. In the U.S., there's been an attempt to supplant some heavy-handed regulation with transparency requirements aimed at providing consumer choice. But commentators have criticized the notice and choice framework for burying consumers in expensive, hard-to-understand, and easy-to-ignore privacy notices.

To develop appropriate solutions for smart cities, privacy professionals will need to network across sectoral boundaries, and advocate for processes that improve on traditional regulatory approaches to better engage citizens and consumers. An approach that supports privacy and innovation could move beyond consumer notifications while making regulations and organizational privacy policies more adaptive by combining the tools of contextual privacy, technology assessment and privacy by design. Privacy professionals, policymakers, and technologists can leverage the government’s convening power to use technology assessment to surface emerging issues; contextual privacy to discover and co-develop enforceable industry-wide (and multi-industry) norms and reasonable expectations; and privacy by design to embed privacy-respecting solutions in smart services. By using transparency as a tool rather than an end state, this framework could contribute to a realistic set of privacy policies, guidelines, and standards that are responsive to the needs of smart cities stakeholders.

A proposed framework for protecting privacy in smart cities 

Technology assessment is the process of analyzing developments in science, technology, and innovation, and their consequences, as well as the debates about these developments. It attempts to incorporate the views of stakeholders, using feedback to iterate new versions of products and standards. The goals of technology assessment in this proposed framework are to identify, highlight, and analyze smart cities applications with an impact on privacy, and to educate and solicit informed input from a broad cross-section of stakeholders.

Privacy professionals can start the assessment process by identifying the information flows and the interests involved. Technologists should be involved in mapping the flows and examining the implications. Data mapping across different organizations would often have to be done at a high or broad level, as detailed data flows could reveal proprietary practices. Yet, some openness is justified for private entities to participate in a platform that leverages public sector resources and could touch every citizen.

The next step is to engage stakeholders in a well-informed discussion about these data flows through interactive processes that encourage engagement with clear, plain language describing the issues and values at stake, using both in-person and online forums. Smart city leaders could start with traditional methods such as public notices, formal comments, town halls and workshops. Newer tools, including wikis and online annotation systems such as Genius, which are being adapted for legislative and public policy tracking, can also stimulate engagement.

The proposed framework uses contextual privacy as a foundation for flexible discovery of enforceable norms with private-sector involvement. Developed by Helen Nissenbaum of New York University, the contextual privacy theory holds that privacy is largely about respecting social norms on information use in particular contexts, such as doctor-patient relationships. Federal agencies have adopted this thinking, proposing that information uses that are outside of such expectations should require consumer notice and consent. A privacy analyst would elicit consumer and professional expectations about what information is used for — citizens might expect location data to be shared to find nearby parking spaces, while diagnoses are shared with health professionals specifically to improve health outcomes. Privacy professionals with corporations should participate in these contextual inquiries alongside public officials. Jules Polonetsky, of the Future of Privacy Forum, and Omer Tene, of the International Association of Privacy Professionals, note that an organization’s brand is part of the privacy context and signifies its privacy commitment to its customers or shareholders.

A potential gap in contextual privacy is that it looks backward; meaningful, widespread norms have not formed around future or emergent information uses. To fill gaps where norms have yet to be developed, and close analogs that are unavailable, one could supplement contextual privacy by borrowing from the utilitarian/harm approach espoused by Georgetown’s Mark MacCarthy. His framework would define information uses on the margins; some uses are presumed permissible because they are usually beneficial to society, while others are disallowed because they are usually harmful. In the middle, difficult decisions about regulation are required, and regulators could set default rules that nudge people toward rational privacy behaviors.

An application for MacCarthy’s method could be dealing with health information. While information generated through doctor-patient relationships is protected by the Health Insurance Portability and Accountability Act, much data generated by consumer apps and potential smart city applications is not. Such sensitive information tied to personally identifiable information would be not be shared with third parties in the shared data platform (absent specific, informed consent), while default app settings could encourage collection and sharing properly de-identified data with public health or school officials, with an opt-out available for the privacy conscious consumer. 

Privacy by design has organizations take privacy into account throughout the engineering/product development process. The design of smart city services should use qualitative ethnographic data on how citizens experience the smart city, and this data can be incorporated into privacy by design as well. The details of privacy by design implementation would depend largely on the outcomes of the technology assessment and contextual privacy analysis.

Transparency can be helpful where it can be achieved. Many Internet of Things devices do not have a visible interface where consumers can see information such as what devices are sharing; developing such mechanisms could enhance consumer awareness. The ability of smartphone users to see and change on a single screen the permissions they have granted to apps is a useful privacy tool, and similar measures could be deployed to inform consumers about data collection by smart meters, road sensors, and similar technologies. Combined with community involvement in understanding the impact of technologies, transplanting the smartphone approach to smart cities applications could support meaningful privacy and consumer choice. 

This process-based approach to emerging data privacy challenges can provide the flexibility and responsiveness to stakeholders that is needed to develop privacy policies and regulations for smart cities.

photo credit: Research Data Management via photopin (license)