Ontario’s former privacy commissioner has resigned from her consulting role at Google’s sister company Sidewalk Labs over its failure to guarantee citizens’ personal data would be protected at its Toronto smart-city development.
Ann Cavoukian resigned from Sidewalk Labs, owned by Google parent Alphabet, on Friday (October 19) after a privacy framework she had developed was overlooked when Sidewalk Labs said it could not guarantee third parties accessing so-called ‘urban data’ would be able to keep it private.
Sidewalk Labs, engaged in the $1 billion redevelopment of Toronto’s Quayside district, said last week an independent ‘civic data trust’ should be established to take charge of urban data.
“No one has a right to own information collected from Quayside’s physical environment – including Sidewalk Labs,” said Alyssa Harvey Dawson, head of data governance at Sidewalk Labs, in a blog post. The company has proposed, instead, data should come under the control of an independent ‘civic data trust’.
Sidewalk Labs has met with great controversy in Toronto over its proposed handling of data gathered about citizens, as well as the broader urban environment, from sensors placed around the brown-field work on Toronto’s waterfront.
The controversy has arisen partly because of Sidewalk Labs’ reluctance to confirm on way or another how data will be governed.
“The problem is it just hasn’t been very clear, which has irked people in Toronto – understandably, they want to know how companies are going to make money from their data,” commented Ryan Citron, senior research analyst, at Navigant Research.
Cavoukian exited a meeting between Sidewalk Labs and Waterfront Toronto’s Digital Strategy Advisory Panel on Thursday (October 18) last week, unsatisfied with the Alphabet company’s stance, which backed her privacy-by-design framework, but refused to be answerable to it.
She quit her post in protest. “What I wanted was a wake up call,” she said in her resignation letter, widely quoted in the Canadian press. Cavoukian’s framework for Toronto had demanded privacy-by-design. Sidewalk Labs told her it agreed, in principle, but that it could not guarantee the broader ecosystem would see it the same, she said.
“I imagined us creating a smart city of privacy, as opposed to a smart city of surveillance,” she said.
Sidewalk Labs responded: “It became clear that Sidewalk Labs would play a more limited role in near-term discussions about a data governance framework at Quayside. Sidewalk Labs has committed to implement, as a company, the principles of privacy-by-design.
“Though that question is settled, the question of whether other companies involved in the Quayside project would be required to do so is unlikely to be worked out soon, and may be out of Sidewalk Labs’ hands.”
Harvey Dawson said anonymised urban data from its Quayside project should be “freely and publicly” available, and controlled by am independent trust.
“This trust would approve and control the collection of, and manage access to, urban data originating in Quayside. The civic data trust would be guided by a charter ensuring that urban data is collected and used in a way that is beneficial to the community, protects privacy, and spurs innovation and investment,” she said.
“We think the civic data trust should make de-identified data freely and publicly available and maintain a public registry, online and easily searchable, of all devices that collect urban data. Approval from the trust should be required to collect or use urban data on a more proprietary or commercial basis, or urban data that involves identifiable information.”
Sidewalk Labs has proposed anyone seeking to collect urban data will need to submit to the trust a ‘responsible data impact assessment’ (RDIA), a tool employed in Europe as part of the General Data Protection Regulation (GDPR).
“RDIAs will describe the purpose of a given proposal, the sources of data it requires, the potential impact on individuals or a community, and an analysis of its benefits and risks,” explained Harvey Dawson.