Cities are becoming a major focal point in the personal data economy. In city governments, there has been a rush towards data-informed approaches to everything from waste management and public transport through to policing and emergency response.
But amid the clamour for ‘smart’ new urban infrastructure, from connected lamp posts and bins to camera-enabled phone boxes, a fresh debate about digital ethics is emerging. Who decides what we do with all this data? And how do we ensure that its generation and use does not result in discrimination, exclusion and the erosion of privacy for citizens?
Nesta’s new report, written as part of our involvement with a major EU Horizon 2020 project called DECODE, looks at a handful of city governments that are pioneering new policies and services to enhance digital rights locally, and give people more control over personal data. Here is an overview of eight cities that we looked at:
Barcelona has a new digital transformation agenda which views ‘data as commons’ alongside directives mandating ethical use of data. The city has launched a new procurement process designed to incentivise responsible innovation and respect for privacy, and is currently undergoing full internal migration to the use of open-source software by Spring 2019. Later this year the city government is also due to pilot new online tools that let people selectively disclose the information they would like to share when using the council’s official e-participation platform, while preserving citizen anonymity.
Amsterdam is home to several projects which promote more responsible use of data across the city. The TADA manifesto, developed by the independent Amsterdam Economic Board, and endorsed by the city government, outlines a set of six principles designed to help organisations use personal data in a more responsible way. The Chief Technology Officer’s Innovation Team is also compiling a registry of all publicly installed sensors across the city, as well as running pilots that will allow people to access local e-government services in an anonymous way while minimising unnecessary collection of personal data.
New York City is pursuing a range of initiatives which promote the responsible use and handling of citizen data. The city government has developed a set of Internet of Things (IoT) Guidelines which establish privacy standards for the deployment of IoT devices in public spaces throughout the city. The government has also introduced legislation mandating the creation of a task force to monitor the use of algorithmic decision-making systems by the public sector.
Seattle has a comprehensive municipal privacy programme based on a core set of privacy principles and policies. The programme clearly establishes the obligations and requirements of city departments regarding the management and use of data, and assigns internal 'Privacy Champions' to support their implementation. The government’s policies mandate the publication of privacy impact assessments and reports about the city’s programmes and open data portals, and public engagement on the installation of any new surveillance technologies.
San Francisco has developed an Open Data Release Toolkit to help municipal officials assess the utility and value of publishing a dataset against risks of re-identification. The toolkit provides leaders with a number of clear, actionable processes for minimising these risks, allowing the city to use and release data in a more responsible, privacy-preserving way.
Transport for New South Wales, a government agency responsible for public transport in Sydney, has collaborated with Australia’s leading data innovation group to apply state of the art differential privacy mechanisms to an open dataset. Differential privacy is a mathematical technique which minimises the privacy risks associated with the release of open data by adding random ‘noise’ within a dataset. In Sydney, the application of differential privacy enabled the release of a two-week data sample from the city’s ‘tap-on, tap-off’ Opal card system for trains, buses, light rail and ferries.
As part of their ‘City of People’ strategy, the Belgian city of Ghent wants to empower its ‘smart citizens’ by giving them access to ‘technology that they own and control’. Residents are provided with a simple web-portal called ‘Mijn Gent’, which gives them access to a range of local services. The city is also collaborating with a non-profit called Ind.ie on an initiative called ‘Hallo.gent’ which will give residents their own personal website, on top of which applications can be built that let them manage and control how local services access and use personal data.
Zug, Switzerland is providing citizens with a decentralised digital e-identity system. This system issues citizens with a set of credentials, accessed via a digital mobile app, which they can use to verify themselves when accessing various local services. The e-ID gives citizens more control over personal data and a more secure alternative to national e-ID projects, such as SwissID, which rely on centralised databases.
Our report details these case studies further, and summarises a set of policy roles and actions available to city governments. These cover a wide range of options, from setting a strategic direction for change to providing new digital tools and enhancing skills and literacy. The five city government roles identified are: Leader, Guardian, Connector, Catalyst and Provider.
Listing image: Mike Lewinski, Attribution 2.0 Generic (CC BY 2.0)