Teresa Scassa - Blog

Displaying items by tag: smart cities

Metrolinx is the Ontario government agency that runs the Prestocard service used by public transit authorities in Toronto, Ottawa and several other Ontario municipalities. It ran into some trouble recently after the Toronto Star revealed that the organization shared Prestocard data from its users with police without requiring warrants (judicial authorization). The organization has now published its proposals for revising its privacy policies and is soliciting comment on them. (Note: Metrolink has structured its site so that you can only view one of the three proposed changes at a time and must indicate your satisfaction with it and/or your comments before you can view the next proposal. This is problematic because the changes need to be considered holistically. It is also frankly annoying).

The new proposals do not eliminate the sharing of rider information with state authorities without a warrant. Under the new proposals, information will be shared without a warrant in certain exigent circumstances. It will also be shared without a warrant “in other cases, where we are satisfied it will aid in an investigation from which a law enforcement proceeding may be undertaken or is likely to result.” The big change is thus apparently in the clarity of the notice given to users of the sharing – not the sharing itself.

This flabby and open-ended language is taken more or less directly from the province’s Freedom of Information and Protection of Privacy Act (FOIPPA), which governs the public sector’s handling of personal information. As a public agency, Metrolinx is subject to FOIPPA. It is important to note that the Act permits (but does not require) government entities to share information with law enforcement in precisely the circumstances outlined in the policy. However, by adapting its policy to what it is permitted to do, rather than to what it should do, Metrolinx is missing two important points. The first is that the initial outrage over its practices was about information sharing without a warrant, and not about poor notice of such practices. The second is that doing a good job of protecting privacy sometimes means aiming for the ceiling and not the floor.

Location information is generally highly sensitive information as it can reveal a person’s movements, activities and associations. Police would normally need a warrant to obtain this type of information. It should be noted that police are not relieved of their obligations to obtain warrants when seeking information that raises a reasonable expectation of privacy just because a statute permits the sharing of the information. It would be open to the agency to require that a warrant be obtained prior to sharing sensitive customer location data. It is also important to note that some courts have found that the terms of privacy policies may actually alter the reasonable expectation of privacy – particularly when clear notice is given. In other words, even though we might have a reasonable expectation of privacy in location data about our movements, a privacy policy that tells us clearly that this information is going to be shared with police without a warrant could substantially undermine that expectation of privacy. And all of this happens without any ability on our part to negotiate for terms of service,[1] and in the case of a monopoly service such as public transportation, to choose a different provider.

Metrolinx no doubt expects its users to be comforted by the other changes to its policies. It already has some safeguards in place to minimize the information provided to police and to log any requests and responses. They plan to require, in addition, a sign off by the requesting officer and supervisor. Finally, they plan to issue voluntary transparency reports as per the federal government’s Transparency Reporting Guidelines. Transparency reporting is certainly important, as it provides a window onto the frequency with which information sharing takes place. However, these measures do not correct for an upfront willingness to share sensitive personal information without judicial authorization – particularly in cases where there are no exigent circumstances.

As we move more rapidly towards sensor-laden smart cities in which the consumption of basic services and the living of our daily lives will leave longer and longer plumes of data exhaust, it is important to reflect not just on who is collecting our data and why, but on the circumstances in which they are willing to share that data with others – including law enforcement officials. The incursions on privacy are many and from all directions. Public transit is a basic municipal service. It is also one that is essential for lower-income residents, including students.[2]Transit users deserve more robust privacy protections.

Notes:

[1] A recent decision of the Ontario Court of Appeal does seem to consider that the inability to negotiate for terms of service should be taken into account when assessing the impact of those terms on the reasonable expectation of privacy. See: R. v. Orlandis-Habsburgo.

[2] Some universities and colleges have U-Pass agreements which require students to pay additional fees in exchange for Prestocard passes. Universities and colleges should, on behalf of their students, be insisting on more robust privacy.



[

Published in Privacy

Note: the following are my speaking notes for my appearance before the Standing Committee on Transport, Infrastructure and Communities, February 14, 2017. The Committee is exploring issues relating Infrastructure and Smart Communities. I have added hyperlinks to relevant research papers or reports.

Thank you for the opportunity to address the Standing Committee on Transport, Infrastructure and Communities on the issue of smart cities. My research on smart cities is from a law and policy perspective. I have focused on issues around data ownership and control and the related issues of transparency, accountability and privacy.

The “smart” in “smart cities” is shorthand for the generation and analysis of data from sensor-laden cities. The data and its accompanying analytics are meant to enable better decision-making around planning and resource-allocation. But the smart city does not arise in a public policy vacuum. Almost in parallel to the development of so-called smart cities, is the growing open government movement that champions open data and open information as keys to greater transparency, civic engagement and innovation. My comments speak to the importance of ensuring that the development of smart cities is consistent with the goals of open government.

In the big data environment, data is a resource. Where the collection or generation of data is paid by taxpayers it is surely a public resource. My research has considered the location of rights of ownership and control over data in a variety of smart-cities contexts, and raises concerns over the potential loss of control over such data, particularly rights to re-use the data whether it is for innovation, civic engagement or transparency purposes.

Smart cities innovation will result in the collection of massive quantities of data and these data will be analyzed to generate predictions, visualizations, and other analytics. For the purposes of this very brief presentation, I will characterize this data as having 3 potential sources: 1) newly embedded sensor technologies that become part of smart cities infrastructure; 2) already existing systems by which cities collect and process data; and 3) citizen-generated data (in other words, data that is produced by citizens as a result of their daily activities and captured by some form of portable technology).

Let me briefly provide examples of these three situations.

The first scenario involves newly embedded sensors that become part of smart cities infrastructure. Assume that a municipal transit authority contracts with a private sector company for hardware and software services for the collection and processing of real-time GPS data from public transit vehicles. Who will own the data that is generated through these services? Will it be the municipality that owns and operates the fleet of vehicles, or the company that owns the sensors and the proprietary algorithms that process the data? The answer, which will be governed by the terms of the contract between the parties, will determine whether the transit authority is able to share this data with the public as open data. This example raises the issue of the extent to which ‘data sovereignty’ should be part of any smart cities plan. In other words, should policies be in place to ensure that cities own and/or control the data which they collect in relation to their operations. To go a step further, should federal funding for smart infrastructure be tied to obligations to make non-personal data available as open data?

The second scenario is where cities take their existing data and contract with the private sector for its analysis. For example, a municipal police service provides their crime incident data to a private sector company that offers analytics services such as publicly accessible crime maps. Opting to use the pre-packaged private sector platform may have implications for the availability of the same data as open data (which in turn has implications for transparency, civic engagement and innovation). It may also result in the use of data analytics services that are not appropriately customized to the particular Canadian local, regional or national contexts.

In the third scenario, a government contracts for data that has been gathered by sensors owned by private sector companies. The data may come from GPS systems installed in cars, from smart phones or their associated apps, from fitness devices, and so on. Depending upon the terms of the contract, the municipality may not be allowed to share the data upon which it is making its planning decisions. This will have important implications for the transparency of planning processes. There are also other issues. Is the city responsible for vetting the privacy policies and practices of the app companies from which they will be purchasing their data? Is there a minimum privacy standard that governments should insist upon when contracting for data collected from individuals by private sector companies? How can we reconcile private sector and public sector data protection laws where the public sector increasingly relies upon the private sector for the collection and processing of its smart cities data? Which normative regime should prevail and in what circumstances?

Finally, I would like to touch on a different yet related issue. This involves the situation where a city that collects a large volume of data – including personal information – through its operation of smart services is approached by the private sector to share or sell that data in exchange for either money or services. This could be very tempting for cash-strapped municipalities. For example, a large volume of data about the movement and daily travel habits of urban residents is collected through smart card payment systems. Under what circumstances is it appropriate for governments to monetize this type of data?

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law