In Sidewalk Labs’ Master Innovation and Development Plan (MIDP), released Monday, the Alphabet company echoed its assurances that the Quayside project would abide by all provincial and federal government regulations encompassing data, including both existing and future privacy laws.
“Everybody wants personal information in personally identifiable form, that’s the big win.”
– Ann Cavoukian
BetaKit spoke with Ann Cavoukian, a privacy expert-in-residence at Ryerson University, and the former information and privacy commissioner of Ontario. Cavoukian formerly served as an advisor to Sidewalk Labs but resigned last year due to concerns about how the Google sister company planned to collect, use, and distribute personal data. She is now a consultant to Waterfront Toronto, the organization overseeing the project’s implementation.
Sidewalk Labs’ master plan presented more details on an independent data trust, for which it has previously advocated, that would manage its data and make “anonymized data” open source and publicly accessible. Sidewalk Labs referred to this kind of information as “urban data,” defining it as information that is collected in the city’s physical environment, including in the public realm, publicly accessible spaces, and even in some private buildings.
De-identification as a mandate, not a suggestion
Sidewalk Labs’s plan outlined hopes that this trust is transformed into a public-sector agency or a quasi-public agency in the long-term. However, Cavoukian told BetaKit that Sidewalk Labs’ vision of the Urban Data Trust as a collective asset or public trust would be a “nightmare” for privacy if personal information fell under that umbrella. She said what concerns her most about the trust is the potential for data to be re-identified by third parties, and linked back to the individual.
“What’s missing from [the trust], is the fact that it doesn’t come with a requirement that any parties that join the Urban Data Trust must de-identify data at the source, right at the time of collection,” she said. “That has to be an essential ingredient or this Urban Data Trust will have no value. In fact, it will have a negative value in terms of privacy.”
In the MIDP, Sidewalk Labs suggested that all digital companies and projects use de-identification (a process used to prevent a person’s identity from being connected with collected information) by default. However, this suggestion from Sidewalk is not a requisite.
“When you look at the section on privacy and the identification of data, they say that identifiable data should be rendered non-identifiable,” Cavoukian told BetaKit. “They then say that you can’t do so completely… that will involve some risk. To me, that’s a cop-out.”
Cavoukian said when strong de-identification protocols are used, companies can potentially minimize the risk of re-identification to less than 0.05 percent, less than the odds of being hit by lightning.
“Those are damn good odds,” Cavoukian said. “Personal information is a treasure trove. Everybody wants personal information in personally identifiable form, that’s the big win. The only way you can protect privacy is to anonymize the data right from the outset. Then you have very valuable data that you can use for a variety of purposes, but it’s not linked to personal identifiers. That’s what we have to promote. I didn’t see that coming out in this [plan].”
Keerthana Rang, a communications associate at Sidewalk Labs, told BetaKit that the company believes the independent data trust would be in the best position to determine the appropriate guidelines for responsible data use.
“We have submitted an initial set of these guidelines in the MIDP, one of which includes data minimization, security, and de-identification by default,” Rang said. “All entities, including Sidewalk Labs, should collect the minimum amount of data needed and use the least invasive technology available to achieve [a] beneficial purpose.”
No clear path to consent
Sidewalk Labs’ plan states that using a ‘distributed credential’ approach would involve implementing ‘privacy-preserving techniques’ to collect only the minimum amount of information necessary. This would also include a person’s full consent over what information is shared.
Sidewalk Labs may choose to bypass consent for users who already consent to share data on Google apps.
The company also committed to not disclose personal information to third parties, including other Alphabet companies, without explicit consent. Cavoukian said she didn’t think the MDIP sufficiently laid out what data would be collected and how members of the public could consent or revoke consent to the collection of this data.
“Let people opt-in on their smartphones to specific apps that will give them information that will actually improve their lives,” said Vaclav Vincalek, a tech entrepreneur and board member of Urban Opus, a smart city innovation cluster. “That way, you’re not tracking data from people who have totally reasonable motivations for staying off the grid.”
Cavoukian insisted upon collecting data through positive consent, meaning individuals would be able to opt into having their data collected by taking affirmative action. Opting out, or negative consent, is the process by which a user takes action to withdraw their consent.
Sidewalk Labs was not clear on whether it would consider an opt in or opt out approach to consent. Current privacy laws in Canada allow organizations to obtain “consent” for personal information collected in public spaces (think CCTV cameras) by placing notifications/signs by the camera. Rang told BetaKit, though, that the company will meet all existing Canadian privacy laws, including obligations under Canadian privacy law to obtain meaningful consent.
“Sidewalk Labs believes the public deserves a higher standard for privacy and data governance as most companies do not adhere to this practice or if there is a notice, it does not contain information about the practice, the collector, the use or any other privacy-protective measures that the collector will engage in to protect an individual’s rights,” Rang told BetaKit.
A representative of Sidewalk Labs that spoke with BetaKit on Monday indicated that it may choose to operate on the idea that if people have already consented to sharing data on apps such as Google Maps, and that person interacts with the smart city, Sidewalk Labs wouldn’t look to additional consent in those cases.
Alex Ryan, vice president of systems innovation at MaRS Discovery District, who has previously written about smart city data trusts, stated that when it comes to the kind of collection that Sidewalk Labs would do with sensors, it depends on who is collecting that data.
“If it’s government, if the city is actually doing the pilot and collecting the data, then they don’t actually need to have meaningful consent to collect personal information,” he told BetaKit.
“If it’s a private company, like Sidewalk Labs that is doing the data collection, then they would need personal consent. And that is the real problem with collecting data off the street, because a cell phone has an off switch, you can just turn off when you download apps, or consent when you download the app, and you have a way of opting out. Where and how do you opt out of a public realm?”
Cavoukian stated that whichever route Sidewalk Labs chooses to take, obtaining consent is extremely difficult, particularly when 24-hour sensors are involved.