Systematizing Privacy, Governance of Data and the Internet of Things

Where we were, where we are, and where we’re heading

by Glynis Startz, Data-Smart City Solutions / August 4, 2016

This story was originally published by Data-Smart City Solutions.

As cities begin to see big data as an essential part of governing, more are examining and formalizing their handling of data, and of the Internet of Things (IoT) in particular. There is a growing expectation that governments deal with data in a systematic way and embrace responsibilities beyond encryption of personally identifiable information (PII). As an Ash Center Summer Fellow at the Smart Chicago Collaborative, I’ve had the opportunity to witness Chicago’s process before the deployment of the Array of Things. As feedback rolled in on the Array of Things Governance and Privacy Policy, it seemed an ideal time to explore how other cities have dealt with this issue in comparison, and the direction or directions in which the conversation is moving. Recent examples include Seattle’s Technology Privacy Policy and New York City’s Internet of Things Privacy Policy.

In late 2013, in response to resident concerns over several public failures of data transparency, Seattle launched the City’s Privacy Initiative. According to CTO Michael Mattmiller, its goal was “driv[ing] consistency across the city” and helping departments evaluate their data handling and governance on a project by project basis. Seattle Information Technology led the process by creating a Privacy Advisory Committee of local experts and academics from the University of Washington. The effort culminated in the adoption of six Privacy Principles as City Council Resolution 31570 and a Privacy Policy directing city departments to follow a more in depth Privacy Statement. The principles outlined in the document are 1. We value your privacy; 2. We collect only what we need; 3. How we use your information; 4. We are accountable; 5. How we share your information; and 6. Accuracy is important. 

Approaches in Seattle & New York City

Instead of focusing on creating a set of static requirements, Seattle created a process which forces individuals and departments to fully to think through the implications of their data-related actions for individual projects. Staff must consider these privacy principles when creating a new service, as well as create a privacy impact assessment for new technologies. The choice to structure the privacy policy in this way both requires and relies on future care, effort, and thoughtfulness of employees across the city.

New York City’s Internet of Things privacy document, which deals only with the governance of IoT data, is longer and more specific, but sets forth similar principles. There are a number of issues — surveillance, transparency — which are significantly more salient with the sensors required by IoT, but there are many common themes between the two policies. NYC lists their principles as 1. Privacy and Transparency; 2. Data management; 3. Infrastructure; 4. Security; and 5. Operations and Sustainability.

The Seattle and New York City approaches focus on establishing the spirit of the law rather than specific requirements which can be followed to the letter. There are positives and negatives to this approach, which puts the impetus on employees to react to specific situations. This could mean more tailored, sensible approaches to different technology projects, but it also forces citizens to rely on the city government to accurately evaluate each circumstance. That could be difficult for employees to manage and difficult for residents to check. In these policies is the assumption of basic trust in government to follow the spirit of the law when the letter is absent.

Trading Less Information for More Privacy

Both Seattle’s and New York City’s approaches imply that privacy and governance start before the data hits the city servers. They emphasize not just careful handling of data, but also transparency, openness, and careful deliberation surrounding data collection. I believe it is the attention to data collection that really indicates a new level of maturity in technology or data initiatives in cities. It recognizes that cities that hold data have a responsibility to keep it secure. Some could argue that the technical ability to safeguard data has not grown as quickly as the ability to collect large amounts of data inexpensively. This issue is particularly relevant in regard to IoT devices, which generally have the ability to gather almost continuous measures. For cities, the decision becomes less about how much data they want to collect and more about about how much data they will discard.

Growth in the Internet of Things means cities open themselves up to new innovations, but also to a tempting, but potentially dangerous approach to data collection: “if we can get it, we may as well’ could create difficult questions about requirements for maintaining data, opening data up to the public, and keeping data secure. The ability to capture large amounts of data easily and cheaply is both a boon and a possible danger for local governments.

Both Seattle and NYC have a framework for thoughtful decision making about information collection. New York in particular requires data collection in projects be designed toward specific purposes and addressing specific problems. The importance of these policies rests on a couple of assumptions: that residents give up privacy when their data is collected, even if that data are not technically Personally Identifiable Information (PII), and that the only way for data to be truly protected is for data not to be collected in the first place. I think these are both valid assumptions, though ones that should be weighed against the value of the data collected, or, more importantly, the potential value of the data not collected. This move to push departments to think through all the future implications of data collection is an important step in the maturation of tech in government.

There are drawbacks to being selective in data collection. It’s not always clear ex ante what data will be the most valuable. Valuable research can be done with data that was collected but never used. Requiring exacting rationales for data collection risks losing the possibility for some of those discoveries, particularly as it becomes easier to facilitate discovery and use of government collected data. In some ways this was a main premise of the early open data movement--cities had data they weren’t using and didn’t necessarily know what to do with, and they put it online for transparency’s sake, but also with the expectation that citizens would make use of it in new and surprising ways.

What’s Next for Privacy Policies?

It seems likely that more and more local governments will be coming out with privacy and governance policies for their data in the coming years — both general policies (like in New York City and Seattle) or project-tailored policies (like in Chicago). Larger cities may follow the path of New York and create ones dealing solely with the IoT, but it is less clear what form these policies will take. There are clearly trade-offs between specificity, clarity, and freedom. Structural decisions may come down to who the policies are designed for, residents or experts, and how much cities are willing to hem themselves in. I’m not sure there’s a correct answer here, but I absolutely think these are questions every city should be sure they’ve asked themselves before writing a policy.

The proper design of a data governance policy may look very different in different cities. Large cities with significant internal resources and expertise may be more able to put forth generalist policies which put the impetus on departments to make specific decisions. Small cities, on the other hand, may not feel they have the ability to leave the process ad-hoc and must instead mandate a one-size-fits-all policy. Pushing the other direction, however, small cities may have more freedom to allow individual deviation because of their less bureaucratic structures, while larger cities have less of an ability to make certain the spirit of non-specific policies is being adhered to.

As more cities create policies, and hopefully engage with residents around them, more insight can be gained about what citizens want and expect from their government in this area. What level of specificity do they require? How much trust do they have in government to do the right thing and how much do they require continued oversight? How do residents view the trade-off between privacy and data use?