While technology may help to solve urban challenges -- making cities "smarter" -- its ability to gather, process, and produce unprecedented amounts of information can also threaten individual privacy.
Some might view "technology" and "privacy" as an either/or proposition, with one interest necessarily being sacrificed for another; in the most likely case, privacy sacrificed for technological innovation. Quite the opposite is true -- privacy is, in fact, an enabler of innovation.
Privacy is not about having something to hide or kept secret, it's about personal control -- the ability of individuals to control the collection, use, and disclosure of information about themselves. In the case of smart cities, privacy concerns arise when there is the possibility of unauthorized services or third parties discovering personal information, such as individuals' personal habits, behaviours, and lifestyles, and using this information without their consent for secondary purposes, like marketing.
Back in the 90s, I developed the internationally recognized framework of Privacy by Design to address the growing and systemic effects of information technology and large-scale networked infrastructure. Privacy by Design refers to the methodology of embedding privacy into the design, operation, and management of information technologies and systems, across the entire information life cycle. The 7 Foundational Principles of Privacy by Design, set out how to proactively make privacy the default mode of operation, while maintaining full functionality -- a positive-sum, not zero-sum, approach to privacy protection.
In order to operationalize Privacy by Design, innovation must play a central role -- placing privacy at the heart of the system. To do so, organizations must make privacy an essential design feature that figures prominently in the very architecture of the system being contemplated.
An excellent example of innovation and privacy working hand in hand may be found in electrical smart grid technology -- a key feature for future cities. In my own province of Ontario, Canada, as well as in San Diego, Calif., and European cities, governments are reaping the rewards of building privacy into the design and architecture of smart grid systems, and individual citizens are seeing the benefits taking shape in their bills and their energy cost savings.
San Diego Gas & Electric (SDG&E) is working with the Office of the Information and Privacy Commissioner (IPC) of Ontario to embed Privacy by Design into the smart grid.
(Source: peasap via Flickr)
While great detail about consumer lifestyles may be gleaned from the information generated in smart grid systems -- for example, whether a house has an alarm system and how often it is activated; when the TV and/or computer is on; whether appliances are in good condition; whether lights and appliances are used at odd hours; if the homeowner tends to arrive home shortly after the bars close; if the occupant leaves late for work -- by using Privacy by Design, securing these insights may be ensured without diminishing system functionality.
When adopting the approach of Privacy by Design, the value of privacy permeates all aspects of project planning from the project governance framework, to each stage of building and testing of the systems involved. Privacy incorporated in this way naturally leads to greater system functionality, public awareness, and customer satisfaction.
This underlines the importance of privacy-protective measures when implementing new technologies within the existing infrastructure of cities. The smart grid is just the beginning. With significant changes afoot in many municipal services, there will almost certainly be numerous unforeseen consequences. The ongoing challenge will be to recall the societal values we hold to be imperative, such as the fundamental right to privacy, and ensure their continuation in the future architectures and business practices surrounding the provision, delivery, and use of municipal services.
Realizing the vision of the smart grid has depended on the participation of consumers who wish to be informed and empowered about their privacy. The same is true of smart cities and the trend towards building an increasingly connected "system of systems." Regardless of the technology or program, it is imperative to build privacy into the system, ideally as the default setting, in order to ensure citizens' confidence and trust. By embedding Privacy by Design into all new technical specifications, architectures, systems, devices, and business practices, you will avoid the unintended consequences of increased data collection and the worst case scenario, Privacy by Disaster!
— Ann Cavoukian, Information and Privacy Commissioner of Ontario