Technology is moving faster than most of us can comprehend and with the introduction of smart cities, controversial advancements are bound to affect us all at some point. Today nearly every part of our lives can be digitized, tracked, and logged. We are already globally connected through our smart devices such as smart TVs, smartwatches, and social media generating huge amounts of data every day. Even, our homes, cars are becoming smarter day by day. Any project or initiative that involves the collection of data raises the question of privacy. So, should you be excited about smart cities or concerned about your privacy and data? In this article, I examine three of the ten privacy principles (PIPEDA) formulated by the Office of the Privacy Commissioner of Canada; I discuss how these privacy principles can be violated under the new project gaining popularity known as “smart cities”. Smart cities are a hot topic in Canada; many major cities like Toronto are looking into making cities more efficient through a system of connectivity known as IoT (Internet of Things). The World Bank defines smart cities as “a technology-intensive city, with sensors everywhere and highly efficient public services, thanks to the information that is gathered in real-time by thousands of interconnected devices.” Although the goal of smart cities is to enhance the quality of life and provide a sustainable environment, when it comes to the question of privacy, even the people working under the smart cities project don’t seem to have a clear answer. With the rise of IoT devices in the cities, the most important question associated with privacy has to do with the safety of data collection. PIPEDA says, “the organization must have appropriate safeguards to protect the sensitivity of the collected personal information/data.” Smart cities are not just about roads, parking meters, or better infrastructures; it is about the whole vast array of services. It is everything from digital signage, toll roads, and parking. It could also look like going into retail spaces and having the shops understand who you are, what you are wanting to buy, and would get you everything you need before you get there. This would mean that everybody knows who we are without having to say which begs the question of safety associated with data. More IoT devices mean more data will be generated, including personal information, and hence more safety regulations and protection around processing the data will be required. As a smart city heavily relies on data generated through IoT devices, it makes the city vulnerable to cyber attacks and hackers posing a security threat to the citizens of the smart cities. How will the people leading the smart city projects ensure the safety of the data collected? We all know the 2018 Cambridge Analytica data scandal with Facebook, where Cambridge Analytica used millions of Facebook user’s data without their consent for their own motives. A much worse case can happen in the smart city if security around privacy is not robust. For example, the data collected can be used to track the daily activities of the citizen, or used for other purposes. Therefore, the safety associated with data in the smart city is an important concern for the public, because it will become more challenging to secure safety in a smart city. Secondly, there is a high risk of violating the privacy concerns associated with the consent of the data. According to PIPEDA’s privacy principles associated with consent, it is defined as “ ” Considering data is a human right and when collecting someone else’s data, it is important to get the consent of the individual before making use of the data. Currently, when we sign up for an online agreement, we have an option or choice to “opt-out”. knowledge and consent of the individual is needed when collecting, using, or disclosing any personal information. And it must be done in a clear and understandable way for the user. In a smart city, what agreement will we have to sign and how will that work if there is even one? Currently, in terms of data consent, people sign the terms of the agreement before they get access to the software or tech. However, even in this case people are not completely aware of what kind of data is being collected and most importantly, where is it going and for what purpose is it being used. In the context of smart cities, the question of consent is even more challenging. An average resident of a smart city wouldn’t know about the smart city and data, and might not read the privacy policies in detail if it's too complicated. If the residents are not educated in this context they will not be aware of the consequences either. Hence, it is very challenging to apply informed consent, which is important to ensure transparency and safety for the citizens. As a citizen of the smart city, provided that I have given consent to use my data, how will I find out who has access to my data? You might be thinking that the government will be responsible, however, it turns out that it for most smart city projects is rather a collaboration between private and public organizations and the rest by municipalities. This challenges the privacy policy of PIPEDA, about individual access to the data, described as: “ ” For example, Facebook allows the user to access and download their personal data, so users have a way to track what kind of data is being collected by the organization. upon the individual’s request, the organization should make the info collected, its use and disclosure of the personal information known and accessible to that individual. How will a typical citizen find out whether the project of a smart city is handled by the government or a private organization and how would the citizen get access to the data? As of now, there is no privacy law in Canada that ensures that the citizen has the right to opt-out, delete, or be informed about who is collecting their data. Therefore, all the above questions must be addressed before proceeding with the plan. However, the above-discussed privacy concerns although being very important, are not the only ones in the smart city world, there are other challenges such as accountability, the openness of the data, and for what purpose the data will be used? In the case of accountability, who will be held accountable if an individual’s data is misused or used for purposes that go against the original purpose? How open will organizations be in terms of explaining to the public about the usage of the data? This raises also the question of trust and transparency. Taking an example of street cameras which might help in reducing crimes by identifying criminals beforehand, a valid concern that might arise is the amount of data collected from all the IoT devices, which as a consequence can instill fear in residents of the city as they are constantly being tracked or watched. This results in a privacy loss in public spaces. As much as there are concerns and dangers associated with making data public, we know that there are perks associated with it. For example, we know Facebook collects our data, but we still like the platform and share our lives online publicly. We love the fact that Netflix is able to give us movie recommendations without us thinking about what we want to watch. The same will occur when it comes to smart cities when the data is personalized, providing public safety, reduce crimes, traffic updates, and less congestion. Would the benefits outweigh the privacy concerns? In conclusion, we might agree that a smart city has the potential to improve the quality of life, however, as exciting as the smart city project sounds there are some fundamental questions associated with privacy and security which must be addressed before its implementation. The focus shouldn’t just be on what can be achieved through a particular technology, but on what cause? How will the lives of people be impacted by it? Seeing the progress of development in technology and the rate at which it is advancing, I wouldn’t be surprised if I happened to live in a smart city in the near future. Even though there are so many concerns associated with the data and privacy, I believe people will continue to offer their data once they see the benefits, not saying that it is the right thing to do, but it will be interesting to see the impact it will have on public lives. However, I am personally very serious about data and privacy and in order to create a smart city with a long-lasting future, whether it is led by governments or private business, I believe, first of all, it is important that the citizens are fully made aware and educated about the process and regulations. Smart cities should not infringe anybody’s freedom; safety and transparency must be ensured at every level before we become citizens of a smart city. Whether smart city technology will provide a better quality of life or raise more privacy concerns, we cannot be certain yet. However, one thing is certain - nothing will come without a cost.
