Blog Post by Emilie Scott: “…Lilian Edwards, a U.K.-based academic in internet law, points out that public spaces like smart cities further dilutes the level of consent in the IoT: “While consumers may at least have theoretically had a chance to read the privacy policy of their Nest thermostat before signing the contract, they will have no such opportunity in any real sense when their data is collected by the smart road or smart tram they go to work on, or as they pass the smart dustbin.”
If citizens have expectations that their interactions in smart cities will resemble the technological interactions they have become familiar with, they will likely be sadly misinformed about the level of control they will have over what personal information they end up sharing.
The typical citizen understands that “choosing convenience” when you engage with technology can correspond to a decrease in their level of personal privacy. On at least some level, this is intended to be a choice. Most users may not choose to carefully read a privacy policy on a smartphone application or a website; however, if that policy is well-written and compliant, the user can exercise a right to decide whether they consent to the terms and wish to engage with the company.
The right to choose what personal information you exchange for services is lost in the smart city.
Theoretically, the smart city can bypass this right because municipal government services are subject to provincial public-sector privacy legislation, which can ultimately entail informing citizens their personal information is being collected by way of a notice.
However, the assumption that smart city projects are solely controlled by the public sector is questionable and verges on problematic. Most smart-city projects in Canada are run via public-private partnerships as municipal governments lack both the budget and the expertise to implement the technology system. Private companies can have leading roles in designing, building, financing, operating and maintaining smart-city projects. In the process, they can also have a large degree of control over the data that is created and used.
In some countries, these partnerships can even result in an unprecedented level of privatization. For example, Cisco Systems debatably has a larger claim over Songdo’s development than the South Korean government. Smart-city public-private partnership can have complex implications for data control even when both partners are highly engaged. Trapeze, a private-sector company in transportation software, cautions the public sector on the unintended transfer of data control when electing private providers to operate data systems in a partnership….
When the typical citizen enters a smart city, they will not know 1.) what personal information is being collected, nor will they know 2.) who is collecting it. The former is an established requirement of informed consent, and the later has debatably never been an issue until the development of smart cities.
While similar privacy issues are playing out in smart cities all around the world, Canada must take steps to determine how its own specific privacy legal structure is going to play a role in responding to these privacy issues in our own emerging smart-city projects