Sidewalk Labs Tech: The Use Case for Common Space in Toronto
By Nicholas Studley, CIPPIC Student
On December 13, 2018, Sidewalk Labs presented an overview of how smart city technology could be used to improve energy efficiency across Toronto. Sidewalk’s proposal includes the installation of monitors, sensors and thermostats adjusting to real-time needs as solutions for reducing energy use in both homes and offices.
The privacy risk of this technology lies in monitoring people’s behaviour in their home or office – and the capacity to track their location based on detailed energy consumption patterns. For example, lower energy use typically occurs when individuals are away from the home or office, and higher use when present. This information may become more detailed when combined with energy efficiency measures which strive to conserve energy when occupancy is lowered. Taken as a whole, such data have the potential to reveal individual activities and location information.
How could Sidewalk protect privacy?
By measuring and adjusting energy use, Sidewalk will be collecting information about individuals. Sidewalk is aware of the privacy risks emerging from data insights related to energy consumption. Sidewalk’s privacy commitment adheres to several best practices to attempt to address these risks, including:
- Privacy by Design
- Data minimization
- Data anonymization
- Notice and consent to information collection
Privacy by design is a commitment to addressing privacy risks during the design of an application, rather than as an afterthought. Privacy risk assessments are a best practice of privacy by design. Sidewalk’s version – the Responsible Data Impact Assessment (“RDIA”) – is completed prior to deploying their energy efficiency solutions. Presently in progress, this assessment will describe the privacy concerns associated with the technology and Sidewalk’s efforts to mitigate them.
Encryption is a security feature in which information is protected by only allowing access to individuals who know the proper encryption key. Sidewalk is committed to “[ensuring] that building operation data archive[s] will be protected by encryption and security.” Sidewalk will ensure that access to this data is restricted and will track who accesses it and when.
Data anonymization is a policy of de-identifying personal information wherever possible. Information collected from households which use the Sidewalk technology will be aggregated and anonymized prior to creating neighbourhood-based metrics.
Data minimization is a policy of ensuring that only necessary data is collected in any process. Sidewalk is committed to only holding personal information as long as they need it, and will delete it once no longer necessary. Obviously, the details are important here: definitions of “need” and “necessity” will no doubt be contested.
Notice will be easier to facilitate for this particular technology. While not discussed in its presentation, garnering consent should also be easier with respect to collecting and using personal information from energy efficiency platforms. Interestingly, by getting consent from these household energy devices, Sidewalk could improve consent protocols with respect to other technologies through “sticky consent”. Sticky consent involves “privacy choices [being] remembered by smart systems and applied the next time a choice needs to be made.” According to Professor Lilian Edwards, “the FTC [US Federal Trade Commission] suggest that a single device in a smart home – a home appliance that acts as a hub – could learn a consumer’s preferences based on prior behaviour and apply them to new appliances and new uses.” These new uses could include new technologies in a smart city ecosystem.
Privacy legislation considerations
The Personal Information and Protection of Electronic Documents Act (“PIPEDA”) applies to the collection, use or disclosure of personal information in the course of a commercial activity. Personal information is information about an identifiable individual.
Energy efficiency applications could collect both personal and non-personal information. Sidewalk does confirm that some information will need to be anonymized and, therefore, will be personal when collected. Despite anonymization procedures, there is always a risk that information could become re-identifiable in combination with other data. If identification through combination is a “serious possibility”, then even non-personal data could be subject to PIPEDA. Since Sidewalk is a commercial entity, much of the information collected will likely be subject to PIPEDA.