Thank you very much for the opportunity to address the Standing Committee on Transport, Infrastructure and Communities on the issue of smart cities.
My research on smart cities is from a law and policy perspective. I have focused on issues around data ownership and control and related issues of transparency, accountability, and privacy.
The “smart” in “smart cities” is shorthand for the generation and analysis of data from sensor-laden cities. The data and its accompanying analytics are meant to enable better decision-making around planning and resource allocation, but the smart city does not arise in a public policy vacuum. Almost in parallel with the development of so-called smart cities is the growing open government movement, which champions open data and open information as keys to greater transparency, civic engagement, and innovation. My comments speak to the importance of ensuring that the development of smart cities is consistent with the goals of open government.
In the big data environment, data is a resource. Where the collection or generation of data is paid for by taxpayers, it's surely a public resource. My research has considered the location of rights of ownership and control over data in a variety of smart cities contexts. It raises concerns over the potential loss of control over such data, particularly rights to reuse the data, whether for innovation, civic engagement, or transparency purposes.
Smart cities innovation will result in the collection of massive quantities of data, and this data will be analyzed to generate predictions, visualizations, and other analytics. For the purposes of this very brief presentation, I'll characterize this data as having three potential sources. First, there are newly embedded sensor technologies that become part of smart cities infrastructure. Second, there are existing systems by which cities collect and process data. Third, there's citizen-generated data—data that is produced by citizens as a result of their daily activities and captured by some form of portable technology. Let me briefly provide examples of these three situations.
The first scenario involves newly embedded sensors that become part of smart cities infrastructure. Assume that a municipal transit authority contracts with a private sector company for hardware and software services for the collection and processing of real-time GPS data from public transit vehicles. Who will own the data generated through these services? Will it be the municipality that owns and operates the fleet of vehicles, or the company that owns the sensors and proprietary algorithms that process the data? The answer, which will be governed by the terms of the contract between the parties, will determine whether the transit authority is able to share this data with the public as open data.
This example raises the issue of the extent to which data sovereignty should be part of any smart cities plan. In other words, should policies be in place to ensure that cities own and/or control the data they collect in relation to their operations? To go a step further, should federal funding for smart infrastructure be tied to obligations to make non-personal data available as open data?
The second scenario is one in which cities take their existing data and contract with the private sector for its analysis. For example, a municipal police service provides its crime incident data to a private sector company that offers analytics services such as publicly available crime maps. Opting to use the pre-packaged private sector platform may have implications for the availability of the same data as open data, which, in turn, has implications for transparency, civic engagement, and innovation. It may also result in the use of data analytics services that are not appropriately customized to the particular Canadian local, regional, or national contexts.
In the third scenario, a government contracts for data that has been gathered by sensors owned by private sector companies. The data may come from GPS systems installed in cars, from smart phones or their associated apps, from fitness devices, and so on. Depending on the terms of the contract, the municipality may not be allowed to share the data upon which it is making its planning decisions. This will have important implications for the transparency of planning processes.
There are also other issues. Is the city responsible for vetting the privacy policies and practices of the app companies from which it will be purchasing its data? Is there a minimum privacy standard governments should insist upon when contracting for data collected from individuals by private sector companies? How can we reconcile private sector and public sector data protection laws when the public sector increasingly relies on the private sector for the collection and processing of its smart cities data? Which normative regime should prevail, and in what circumstances?
Finally, I would like to touch on a different yet related issue. This involves the situation in which a city that collects a large volume of data, including personal information, through its operation of smart services is approached by the private sector to share or sell that data in exchange for either money or services. This could be very tempting for cash-strapped municipalities. For example, a large volume of data about the movement and daily travel habits of urban residents is collected through smart card payment systems. Under what circumstances is it appropriate for governments to monetize this type of data?
My comments have only briefly touched on some of the law and policy issues regarding data in the smart cities context. I will be happy to address these issues, as well as any others, in the time allotted for questions.