It is essential that legislation define procedures for the dissociation or anonymisation of personal data beyond its current scope.
We are required to work on consensus solutions that, while respecting individuals’ privacy, can use data analysis to improve infrastructure management, quality of life and coexistence among people.
There are currently many questions that we find surrounding the future of privacy in Smart Cities.
Analysing the current legislation on Personal Data Protection, including the latest European reform bill, which will harmonise legislation on the subject, and comparing it to the innovative applications and systems that provide for effective Smart City development and consist mainly of collecting vast amounts of data via devices and wireless sensors for later analysis and application service management, will confirm that we are, again, facing a bleak scenario. A Regulation which, due to its preventative approach, creates sufficient legal uncertainty to discourage investment in projects that would improve city life. Instead, we see experimental “demos” that will only be implemented within the confines of universities.
Against this background, initiatives such as the recent report Personal Data Protection in Smart Cities are more than welcome. Published by the Autoritat Catalana de Protecció de Dades Personals (Catalan Personal Data Protection Authority or APDCAT), they not only consciously analyse the main implications and challenges presented by this new reality, but also invite to debate and the participation of all interested parties, including the public and private sectors as well as ordinary people.
So, let’s get to the point; or rather, the data. The development of Smart Cities inevitably entails the processing of all kinds of information; Geo-location, traffic, energy consumption, environmental etc, much of which falls within the scope of the Data Protection Act and, consequently, its collection and use for this purpose are prohibited without the informed consent of those individuals concerned. The interconnection of all this information in order to create available products and services for people to make cities more efficient and sustainable will have a clear impact on the privacy of these people, even though they will be the main beneficiaries of these services.
Among other things, the APDCAT report analyses some of the applications that are already being progressively implemented, such as smart grids and smart metering, which aim to optimise the distribution of utilities such as water, gas and electricity so as to allow optimised resource usage. Or, as in the case of diverse technologies such as instant Geo-location or RFID (Radio Frequency Identification), whose applications allow information tracking associated with an object or a person that can be used in areas such as medical care for remote patients or environmental waste management projects.
It is true that some measures have been agreed which would reduce the impact caused by the massive processing of information in individuals’ private spheres. So far we can find abstract interpretation concepts emerging, such as the principles of Privacy by Design, Privacy by Default or the minimization principle. But the truth is that we cannot be held back by the search for, and the continuous review of principles and technical solutions that allow Smart initiatives to develop with greater safety.
What really are the virtues of these advances, that in principle will provide benefits to city inhabitants in the future; and what ultimately are the dangers that mask this inevitable future? Is it really possible to live in more efficient and sustainable urban areas when the populations increase every day? What is, or should be, the government and the private sector roles, and what price will people pay for the privilege of living in a Smart City? Is it morally acceptable to impose exceptions on individuals’ privacy in the public interest? How can we confront the security risks associated with the collection and use of private information for other purposes? Are current policy and legislative initiatives feasible to facilitate innovation and the development of Smart Cities?
Due to the exponential growth in Big Data that is gradually being stored within Smart Cities, this deserves special attention while pausing to reflect on the concept of profiling. That is, creating profiles of the users or consumers of various public or private services in order to obtain large amounts of information via data-mining techniques, to analyse common behaviour patterns so as to offer advanced solutions and resource optimisation according to statistical inferences. For example, through intelligent transport titles with NFC (Near Field Communication) technology, profiles about a person’s travel, habits and customs can be made based on certain urban public transport usage. As well as this, even fields such as how many people can live in a house, what timetables they have or their lifestyles can be profiled through domestic energy consumption information.
Regarding profiles and according to the draft regulation, Profiling should only occur with an individual's consent; unless it is treated as the main purpose arising from a contractual relationship. European data protection authorities joined forces to prevent invisibility in the creation of profiles, when a user of a Smart meter or Smart transport is unaware that someone will analyse their movements or their peak hours of energy consumption, and will also make unknown use of such information. The problem is that in many cases, obtaining and managing consent by providing timely information is operationally ineffective, or, in the worst case, simply impossible, because this data must be used at the time of capture to meet the final objective. To do this, it is essential that legislation define procedures for the dissociation or anonymisation of personal data beyond its current scope, and is only allowed in those cases where it cannot make disproportionate efforts to identify an individual person.
Included in this area it should be noted that the concept of “person”, as developed by the software expert Alan Cooper, through the creation of an intermediate level of Personal Data, this does not concern an “identified or identifiable person”, but rather archetypes or models of people who meet a number of common characteristics and specific needs, This way they provide an easily analysable profile, without making reference to any real person ‘behind’ the processed information and so protecting the link to the subject's identity. Once officially recognised, methodologies such as this would avoid deficiencies in the collection of consent regarding the information you ‘have to borrow at interest’ when dealing with your data or in the use of costly security measures. It would not really be processing Personal Data from identifiable people and therefore solutions could be implemented in the interest of the community.
In the same way as detractors of innovation force us to suspect that the large-scale data processing produced by the interconnection of different data gathering sensors can lead to a serious invasion of our privacy, we cannot ignore reality and give in to the fear of the unknown. Unstoppably, Open Data initiatives are progressing rapidly in many administrations and at all territorial levels across Spain, sponsored under the 37/2007Act on the reuse of public sector information. We therefore have an obligation to work towards consensual solutions which respect the privacy of individual people, and which can harness data analysis to improve infrastructure management, quality of life and coexistence among people.
by Dylan Tarín
Responsible for personal data, Arvato Iberia