By Serguei Tabatchenko, CIPPIC Intern

What is the plan?

Bridgewater’s application video depicts a small, rural town in Nova Scotia with a growing need for clean, reliable and affordable energy for a population burdened with energy poverty. According to Bridgewater’s Application for a “Energy Poverty Reduction Program”, currently, 38% of Bridgewater households cannot afford basic energy and transportation costs (p 4). The city plans to use its smart city grant to reduce energy poverty in its community by 20% by 2025. Specifically, this would mean helping 350 households out of energy poverty by the 2024-2025 fiscal year (p 6). If successful, Bridgewater will be on track to have a green and self-supportive economy powered by clean energy systems by 2050 (p 7).

The city’s proposed Energy Poverty Reduction Program will use data and connected technology to create energy savings and financial returns for property owners. Furthermore, the program will provide access to community support for citizens experiencing energy poverty and extensive investment in energy efficiency solutions. Bridgewater wants to make this program a template that can be used by other rural communities experiencing similar problems. It will be interesting to see whether Bridgewater can successfully push for energy solutions for neglected populations despite being a small municipality.

What is the tech? What are the privacy concerns?

    The Energy Poverty Reduction Program will be implemented through five interlocking programs. The first is the Coordinated Access System (CAS), an intake process that identifies at-risk households using a standard assessment tool, such as the Vulnerability Index Service Prioritization Decision Assistance Tool (VI-SPDAT) (p 10). Bridgewater proposes to use the nationally-accessible Homeless Individuals and Families Information System (HIFIS) as the core data platform, as it is hosted by Employment and Social Development Canada (p 11). While using such a database facilitates inter-community collaboration, it should be properly maintained and updated in accordance with data storage standards to prevent loss or leaking of personal information. 

    The second program is the Housing Energy Management System (HEMS), which provides property owners with turn-key energy monitoring, planning management and financing services. Bridgewater will use TownSuite, the existing municipal property and financial management software, together with an Energy Management Information System (EMIS) as the core data platforms for this program (p 12). The goal is to develop a community-scale energy program powered by connected digital systems. One privacy concern here is that data being collected by these systems is attributable to specific property owners. A potential challenge may be balancing individual privacy with the benefits of improving community asset management. A risk assessment of TownSuite and the EMIS would be helpful for ensuring data being collected and processed is stored safely.

    The third program is the Community Energy Systems service, which aims to plan and develop community-scale energy systems like solar farms, district heating systems and microgrids (p 12). Bridgewater plans to develop a 6MW “solar garden” as a pilot project under this program, with future systems to come once research is complete. While the service seems like a good idea so far, the city has yet to research other energy services to be implemented. A potential concern is that energy technology reliant on sensors may compromise privacy if it tracks and collects personalized information. Bridgewater would be wise to explore ways to limit the data being picked up by community-scale heating systems and microgrids to the most essential elements or to de-personalize the information collected before analyzing it.

    The fourth program is the Mobility Improvement System, which receives information from the CAS and the HEMS to improve mobility in the community (p 13). Bridgewater is focusing primarily on public transit services and developing infrastructure, with eventual plans to include paratransit and ride sharing services. This program will use data collected by the CAS and HEMS together with mobility tracking from users to generate a dataset (p 13). Besides the privacy concerns for the CAS and HEMS systems, relying on mobility tracking means users are disclosing their location to the city. Depersonalizing this data will allow Bridgewater to collect usage statistics without tracking individuals who rely on public transit.  

    Finally, the fifth program is the Investment System, a mechanism for distributing investments into the first four programs. Bridgewater does not have an existing financial investment software, so energy financing services and companies will play a big role in this program’s development and implementation (p 13). The city will rely on external financial investment systems, like the MaRS Centre’s SVX platform, in combination with the EMIS system discussed above to distribute investments where needed (p 14). Such external systems should be carefully verified to account for data vulnerability and eliminate potential privacy concerns.

Conclusion

    Overall, Bridgewater is on track to implement innovative solutions to energy problems and become a model for other rural communities looking to optimise municipal services through technology. At face value, the Energy Poverty Reduction Program’s main privacy concerns are the security of proposed software, which may be susceptible to breaches, and the collection of potentially sensitive information through sensor technology. In accordance with Canada’s newly announced Digital Charter, the city would be wise to provide total access to digital services for each resident. Furthermore, Bridgewater should look to invest in digital literacy training to ensure the city can remain sustainable and competitive in a digital world.

By Serguei Tabatchenko, CIPPIC Intern

What is the plan?   

Using the smart city challenge funding, Guelph wants to rethink the current take-make-dispose food model and become Canada’s first technology-enabled Circular Food Economy. Guelph’s final application, called “Our Food Future”, envisions a project implemented through 3 measures: making affordable and nutritious food 50% more accessible, creating 50 new circular businesses and collaborations, and using waste as an economic resource to produce a 50% increase in circular revenue (p 2). Guelph’s video calls these its “3 Bold Goals” that it aims to achieve by 2025.

    Guelph’s geographical location and existing infrastructure make this plan realistic. Located in the “innovation corridor”, the region enjoys a concentration of universities with world-renowned agriculture and agri-innovation programs, and headquarters of high-tech companies as well as provincial agriculture and food organizations (p 2). As well, the project will be supported by collaborations with national and provincial food industry partners like Provision Coalition, Bioenterprise and the Ontario Federation of Agriculture (p 5). Guelph will also work with other smart cities, foundations and think tanks to improve the international development of circular economies (p 2). It’s worth noting that this project involves engagement of Guelph residents, who contributed to the Smart Cities Challenge application by providing input on ideas through a dedicated website (p 11).

What is the tech? What are the privacy expectations?

    To make affordable and nutritious food more accessible, Guelph is planning on implementing asset and behaviour mapping to identify geographic and demographic priorities within the community (p 12). Furthermore, Guelph will use big data analytics, open data portal technology and Geographic Information System (GIS) technology to create a Food Security & Health Action Plan (p 13). These measures raise some concerns over anonymity because behaviour mapping can compromise people’s movement and locations, which carry privacy implications. Furthermore, although Guelph is to use big data analytics for a non-commercial purpose, such activity results in commercially useful data and could potentially be subject to PIPEDA, Canada’s federal private sector privacy legislation, especially if the work is outsourced to a private company (see our project report authored by Keri Grieman, Smart City Privacy in Canada, p 11).

To establish 50 new circular businesses, Guelph will use open governance and promote new partnerships and start-ups through its Civil Accelerator website, where projects can get exposure, feedback and funding from citizens (Our Food Future, p 7). Focusing on open governance is an important factor in Guelph’s smart city development that ensures projects receiving funding will be the most desired, useful and effective ones for the Guelph community. In addition, international smart cities like Barcelona have employed open governance to successfully improve citizen participation and streamline administrative processes, so this move is a step in the right direction (see, e.g.,  Decidim, for example, cited at Our Food Future, p 64).

To increase circular revenue by 50%, Guelph plans on developing new business diagnostics to help organizations and private actors create value from waste by-products. This will involve using the Provision Coalition’s data platform and applying blockchain technology (Our Food Future, p 32). If the Provision Coalition’s data platform serves a commercial purpose and not a public or educational purpose, Guelph would need to make sure subsequent use of the data is compliant with PIPEDA (see Smart City Privacy in Canada, p 8). In addition, Guelph will attempt to create a digital marketplace powered by blockchain technology to help businesses buy and sell carbon offsets (Our Food Future, p 42). Here, privacy compliance will depend on whether facilitation of online transactions is classified as commercial activity. It is likely that unless there is a monetization aspect to Guelph’s administration of the marketplace, collection of user information to ensure proper administration of a municipal service will not require PIPEDA compliance (see Smart City Privacy in Canada, p 11). Commercial entities engaging in marketplace transactions, on the other hand, will plainly fall under the purview of PIPEDA.  Finally, the city will use RFID technology to map the cycle of food waste and create data points for analytical purposes (Our Food Future, p 34). While jurisprudence shows people don’t have an expectation of privacy with regards to their waste or garbage, the city would be wise to de-personalize such data to uphold general expectations of privacy, especially outside the criminal law context.

By Serguei Tabatchenko, CIPPIC Intern

What is the plan?

    The Katinnganiq proposal “Community, Connectivity, and Digital Access for Life Promotion in Nunavut” is a collaborative application by the Nunavut Association of Municipalities, the Embrace Life Council, the Quajigiartiit Health Research Centre and the Pinnguaq Association on behalf of 25 Nunavut municipalities. The Katinnganiq application video states that the application’s goal is to implement protective and preventative measures to reduce the risk of suicide in Nunavut and increase the amount and accessibility of peer support networks, educational resources and creative outlets that promote positive Mental Health to all Nunavummiut. It will do so by implementing creative technology solutions and addressing physical, spiritual and mental wellness within the territory (p 5). The $10 million grant will be used to support 6 digital and physical projects, which will include makerspaces, the te(a)ch k-12 computer programming curriculum, mesh networks, digital art therapies, mental health and wellness applications and Nunavut’s 211 app (p 15). 

    The initiative will be implemented by the Katinnganiq Makerspace Network (“KMN”), an umbrella non-profit organization that will be responsible for co-managing and implementing the project in the 25 municipalities involved (p 15). The proposal will be implemented through 5 different milestones, and each municipality will have a local delivery organization, or a “KMN-L”, that will implement these milestones within its community. It will be interesting to see how this governance model will impact the efficiency and usefulness of the project considering there are so many different parties involved. 

The 5 milestones

The first milestone involves setting up the KMN office space and infrastructure, drafting a Charter that serves as a contract between the award recipients and the KMN, and create a detailed roadmap for project implementation in each municipality (p 48). The KMN would be smart to secure tenders with local businesses for its infrastructure and organizational needs, which would not only drive economic growth in remote communities but also build a strong sense of community. It’s worth noting that this milestone is also in accordance with the Nunavut Lands Claim Agreement and Canada’s newly released Digital Charter principles, one of which calls for equal opportunity for Canadians to participate and compete in the digital world. Overall, the successful implementation of this milestone will likely determine the success of the remaining milestones, so it will be interesting to see how the KMN implement their plans at this stage.

    The second milestone seeks to develop KMN content and platforms for the te(a)ch k-12 curriculum, which became publicly available on March 5, 2019 (p 49). This will involve developing an Elder-led curriculum and 40 adult learning lessons designed to improve digital literacy within Nunavut. As well, the milestone calls for new community data centers that have the workstations and network infrastructure required to support the project. The third milestone involves delivering the te(a)ch programs to youth across the municipalities and using an interconnected, open source and web-based platform like Git to deploy new programming and updates across all municipalities at once (p 50). 

Recognizing that a one-size-fits-all management approach is not suitable for managing 25 municipalities, the fourth milestone will offer support to KMN-L organizations by providing management and accountability structures, training and a data privacy system in collaboration with the Privacy Commissioner of Nunavut (p 51). Finally, the fifth milestone will analyze the data collected from its programs to create quantitative and qualitative metrics (p 52). These metrics will be used by municipalities to improve existing programs through statistics and for amending program budgets if needed. The KMN proposes to collect and store user data on a central electronic database on a local, encrypted network (p 65). Collection will require written, valid and informed consent that can be withdrawn by users at any point and collected data will be de-personalized prior to processing (p 66).

Potential privacy concerns

     As the proposal is based on knowledge sharing, collaboration and open source technology, there is a need to protect Inuit data sovereignty, cultural information and intellectual property. As a non-profit organization, the KMN is subject to Nunavut’s Access to Information and Protection of Privacy Act (ATIPP), which governs public and governmental bodies by providing a framework for accessing public records and using personal information (p 63-64). The KMN also aims to adhere to the federal Personal Information Protection and Electronic Documents Act (PIPEDA) despite not being a private-sector organization (p 63). Overall, the proposal contains a detailed plan for adhering to legislative privacy standards and provides adequate privacy controls for users. 

    One potential privacy concern is the reliance on open source software. As there is power in numbers, open source benefits from a community that can detect software and security issues quickly. However, the KMN will need to be proactive in issuing patches and updating protocols, which will require oversight from an experienced and educated community. Considering the infrastructure, connectivity and education shortages that northern Nunavut communities may face due to their location, open source may actually serve as a detriment because the community oversight may not be fast or efficient enough to ensure user privacy. The proposal does involve upgrading internet infrastructure, which is a step in the right direction (see Katinnganiq proposal, Chapter 5). Furthermore, the KMN will overcome the lack of community expertise by relying on the IXP network, a project that provides high-level technology advice and training (p 57). It remains to be seen whether infrastructure upgrades across 25 municipalities will be enough to support such an extensive proposal, and whether open software is the right choice for a community that may not be qualified enough to oversee software administration and support.

By Serguei Tabatchenko, CIPPIC Intern

What is the plan?

Using its $50 million prize, Montreal wants to achieve holistic improvements in the quality of life of citizens: efficiency of municipal services, rich human relations, a healthy environment and stimulating, living environments where everyone feels included, regardless of culture, age, gender or disability (Proposal of City of Montreal, p. 1). The proposal is based on 15 months of intensive collective work as well as feedback from locals. As Montreal’s application video makes clear, the goal is to use technology to provide Montréalers with resources and infrastructure needed to function in a modern-day smart city (p 5).

What is the plan? Mobility

To improve mobility, Montreal will rely on a large-scale approach, named the Integrated Mobility component, and a small-scale approach, named the Neighbourhood Mobility component (p 6). The Integrated Mobility project is a collaborative effort between the Société de Transport de Montréal (STM) and the Autorité régionale de transport métropolitaine (ARTM) that aims to produce a new digital transportation platform (p 7). This open-source platform will combine the different modes of transit in the Greater Montréal Area (“GMA”) through a single app and provide a trip planning tool, similar to Google Maps, that will hopefully reduce car use by suggesting alternative public transportation routes (p 12).

The Neighbourhood Mobility project will build on the Integrated Mobility project and provide local mobility solutions targeted at the specific transportation needs of different urban communities (p 7 and 13). The project will set up neighbourhood fleets of shared self-driving cars, explore how to develop neighbourhoods to limit the need for trips outside the community, and make mobility inclusive of groups like seniors and people with low incomes (p 7). 

Both the Integrated and Neighbourhood Mobility projects were tested in 2018 through pilot projects, which demonstrated the potential, advantages and need for these programs in the GMA. Furthermore, with the help of a provincial grant, Montréal aims to pilot autonomous electric shuttles as an additional measure to improve mobility in the city (p 13).

What is the plan? Food Innovation

    Having one of the highest food insecurity rates in Canada at 11.3%, Montréal will implement an Integrated Local Food System to improve food access for vulnerable populations (p 8). The cloud-based system will be a one-stop platform for managing inventory, sales, food donations and deliveries, and will be based on existing infrastructure and food distribution channels in Montréal (p 8 and 14). Furthermore, the project will create a major urban greenhouse that will produce up to 3000 tons of fresh fruit and vegetables for local communities (p 9). The greenhouse will leverage thermal waste from a landfill site and provide better supply and demand information for local suburban farms, overall boosting local food production in the GMA.

What are the privacy implications?

The main concern here is the proposal’s push for data collection, processing and analysis, which carries many privacy risks. The GMA has partnered with McGill University’s Centre for Interdisciplinary Research on Montreal (CIRM) to develop software that manages, processes and enhances data collected from the Integrated Mobility app (p 61). This will require infrastructure that allows for real-time data processing, access to a data library and software for data analysis as well as compliance with Quebec’s public sector privacy law, the Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information (p 14). 

While the proposal discusses several privacy protection ideas such as consultation with cybersecurity firms, testing the “re-identification” of depersonalized data and a requirement to obtain meaningful consent from app users, the specifics and details of implementation are not discussed. This may be a problem for Montréal, a city that has historically struggled with inefficiency, overspending and corruption when building new infrastructure. Figuring out the details before the infrastructure is implemented is important for ensuring the long-term success of these proposed ideas and preventing the project from being delayed and over budget. 

By Nicholas Studley, CIPPIC Student

On March 29, 2019, Sidewalk Labs launched CommonSpace, an open-source application designed to streamline public life studies, a set of observations about how people use public spaces. Earlier, we blogged about Sidewalk’s “use case” for CommonSpace in Toronto. The launch in March announces the maturation of that proposal. 

CommonSpace is designed to automate the Public Life Data Protocol, which sets the standard for collecting observational data of human activities in open spaces. With the resulting data, city planners, community groups or others can develop a plan to improve the cities in which we live.  The Protocol specifies nine categories of information to be collected by a public or non-profit agency undertaking a public life study including: (1) agency information; (2) location of study; (3) typology of location; (4) gender of observed individuals; (5) age category of observed individuals; (6) travel mode of observed individuals; (7) posture of pedestrians behaving in space; (8) activity engaged; (9) objects list associated with a subject. 

How is Sidewalk protecting privacy?

The potential benefits of this type of application to measure the effectiveness of public space design may seem obvious, but so are the privacy risks. Sidewalk Labs is mindful of these privacy implications and has adhered to several best practices in anticipation of the public concern, including:

• Privacy by design principles
• Open by default
• Data anonymization
• Data minimization
• Encryption and other protections

Privacy by design is a commitment to addressing privacy risks during the design stage of a technology, rather than as an afterthought. Sidewalk’s commitment to privacy by design is evidenced by their Responsible Data Impact Assessment (“RDIA”). This assessment describes the privacy concerns associated with CommonSpace technology and Sidewalk’s efforts to mitigate them. The RDIA is released publicly prior to deploying the technology in the field.

Being open by default is a commitment to transparency in data collection. Sidewalk encourages partner organizations (i.e. those using the CommonSpace application) to share collected data. Ultimately, the decision over whether collected data will become public is the choice of Sidewalk’s partner organizations. Sidewalk has explicitly stated that if their team ever uses the CommonSpace application to collect data, it will be made publicly available (see Sidewalk Labs – Responsible Data Impact Assessment). The Gehl Protocol (the standardized methodology according to which data is collected) is also “open for any and all to use,” allowing people to understand the methodology and rationale behind any utilization of data. 

Data anonymization is a policy of de-identifying personal information wherever possible. In general, the CommonSpace application discourages personal information collection. Certain identifying features are not collected by the CommonSpace application and study volunteers are explicitly told not to enter identifying features into any free form data fields. In case this direction is not followed, free form data fields will not form part of any public disclosure. 

Data minimization is a commitment to collect as little data as necessary about individuals. According to Sidewalk, “CommonSpace was purposefully designed to collect the minimum amount of data needed to support public life studies.” The data collected by CommonSpace could include as many attributes as: perceived gender, perceived age, moving mode, posture in space, activity engagement, group size, carried objects, animals and a stationary geotag. CommonSpace limits demographic data collection to perceived age, perceived gender, posture and location. 

When the application is used in the future, Sidewalk will maintain custody of any data with control granted to study organizers, “who have full ability to manage and delete data.” Sidewalk will secure this data using encryption. Oversight over data use will be maintained by logging access records.

How could Sidewalk improve privacy protections?

    The information collected in the CommonSpace application is intended to be non-personal.  Regardless, as a best practice, individuals should be given an opportunity to consent to their information being collected. Currently, individuals are not notified that their information is collected, but surveyors are trained to answer questions about a study if asked. It is likely more feasible for Sidewalk’s partner organizations (the one’s performing the study) to garner consent. That said, CommonSpace could facilitate collection by prompting study organizers to post notices, or do something similar, before collecting information.

CommonSpace allows an individual to be designated as age 0-14. This ability is not consistent with the suggestion that information pertaining to youths should not be collected without parental consent and only in the rarest circumstances. Minimizing the collection of youth data was a guideline specific to the collection of “personal information” and Sidewalk describes the information being collected with CommonSpace as non-personal. Regardless, as a best practice, collecting youth data should be avoided where possible. 

Missing from Sidewalk’s disclosure is any mention of group privacy, which may be the greatest public risk of CommonSpace.  Sidewalk provides no discussion of this or of the conceptual harms associated with collective observation or surveillance.

Privacy legislation considerations

The Personal Information and Protection of Electronic Documents Act (“PIPEDA”) applies to the collection, use or disclosure of personal information in the course of a commercial activity. Personal information is information about an identifiable individual.

The CommonSpace application was piloted in 2017 by two not-for-profit organizations,  Parks People and the Thorncliffe Park Women’s Committee (“TPWC”). Not-for-profit status is not conclusive in determining whether PIPEDA applies to an organization. If Parks People or TPWC engage in “commercial activities that are not central to their mandate”, then PIPEDA will likely apply. Sidewalk Labs is a for profit entity. They have access to CommonSpace data and could be deemed as engaging in commercial activity. 

The information collected in the CommonSpace application is intended to be “non-personal”, meaning that PIPEDA might not apply to CommonSpace. However, there is always a risk that information could become identifiable in combination with other data. If identification through combination is a “serious possibility”, then even non-personal data could be subject to PIPEDA. 

While we cannot be sure which organizations will use CommonSpace in the future, its design makes it more suitable to municipalities or community groups. Any municipalities who partner with Sidewalk would also be subject to the Municipal Freedom of Information and Protection of Privacy Act.

By Nicholas Studley, CIPPIC Student

On March 2, 2019, Sidewalk Labs announced a partnership with Numina, a computer vision sensor company, to pilot a mobility management platform at 307 Lake Shore Blvd East. Sidewalk is using Numina’s sensors to track the movement of people through the space around their headquarters. Statistics are then combined to understand the amount of time people spend looking at indoor and outdoor exhibits. This pilot is likely a precursor to a more ambitious mobility management solution which could track parking spaces, introduce dynamic parking pricing, ticket vehicles, and dynamically change traffic signals.

How is Sidewalk protecting privacy?

Numina’s technology will help people move more efficiently through cities, but the privacy risks are prevalent. Sidewalk Labs is mindful of these privacy implications and has adhered to several best practices in anticipation of the public concern, including:

• Privacy by design principles
• Open by default, notice and no ad-targeting
• Data anonymization and data minimization
• Encryption and other protections

Privacy by design is a commitment to addressing privacy risks during the design of a technology, rather than as an afterthought. Numina’s sensors were “designed to protect privacy” and Sidewalk’s commitment to privacy by design is evidenced by their Responsible Data Use Assessment (“RDUA”). This assessment describes the privacy concerns associated with the Numina technology and Sidewalk’s efforts to mitigate them. 

Being open by default is a commitment to transparency in data collection. When the 307 Lake Shore pilot is over, Sidewalk is going to make the aggregate statistics derived from the study publicly available. At 307 Lake Shore, Sidewalk posts notices that explain data is being collected on site, and that sensors are distributed throughout the environment. These notices use a series of images to describe what information is being collected, who is collecting it and where they can get more information about the initiative. Any data collected by Sidewalk Labs, regardless of anonymity, will not be used for advertising purposes. 

    Data anonymization and data minimization are policies of de-identifying personal information wherever possible and collecting as little data as necessary. Numina’s sensors de-identify personal images and information “on-device in real time.” The images Numina collects are broken down and a previously identifiable person is assigned to a broad category such as a “pedestrian” or “cyclist.” Once an hour, an identifiable image is transmitted to Numina and stored in the cloud. This image is transmitted for quality assurance purposes. These images have a lowered resolution and before the image is reviewed by the quality assurance team, the image is further de-identified using a combination of object detection and blurring. Sidewalk Labs does not receive these images, nor will they take a de-identified image and try to reconstruct it into identifiable data. 

    Numina’s sensors encrypt communications. Numina designates authorized devices, and sensors are only able to communicate with those designated devices. They also maintain and

rotate encryption keys.

How could Sidewalk improve privacy protections?

    Numina’s mobility management platform captures image data. The images are obscured, with most images being de-identified at the source. Some images are transmitted and saved for quality assurance purposes. These images are stored in the cloud for 30 days. Image data is of particular sensitivity and should only remain identifiable when absolutely necessary. An image which is randomly selected for quality assurance purposes could contain the image of a young person, further complicating the process. Where possible, quality assurance images should be limited to adults in the environment. By posting notifications, Sidewalk has provided adults with notice that their children’s images might be captured while on site, which is a good first step.

    Numina has, since their inception, been committed to providing “intelligence without surveillance.” Numina’s sensors capture “moments,” they are not recording the environment. However, the sensors capture images more or less continuously (roughly 172,000 discrete images are captured per day). Surveillance could be reduced by capturing fewer images, but would impact the value of the data collected.

    Numina will store aggregate data in the United States because “Amazon Web Services have only one Canadian data center.” Canadians have identified that local storage is a high priority. Storing data in the cloud can also create other privacy concerns. To combat these risks, Sidewalk notes in its RDUA that data will not be “linked to any individuals or combined with other datasets in a way that could link back to individuals.” As long as appropriate due diligence has been conducted with respect to security, new data creation, function creep and any other concerns, the risks are being prudently managed. 

Privacy legislation considerations

The Personal Information and Protection of Electronic Documents Act (“PIPEDA”) applies to the collection, use or disclosure of personal information in the course of a commercial activity. Personal information is information about an identifiable individual.

The information collected by Numina’s sensors is identifiable (primarily image data and license plates). This information, as mentioned, is anonymized as much as possible. However, obscured or blurred information still creates a risk of identification. Even non-identifiable information (for example, driving style and time spent observing exhibits and installations) could become identifiable in combination with other data. If identification through combination is a “serious possibility,” then even non-personal data could be subject to PIPEDA. Numina’s activity would likely be deemed commercial. Any information which pertains to a commercial activity that crosses a national border will likely be subject to PIPEDA.  Numina is located in the United States and, as mentioned, data will be stored in the United States, so cross-border transfers will occur.

Sidewalk Labs receives data from Numina in the form of combined statistics and insights. They do not receive identifiable images, nor will they attempt to re-identify images. Regardless, as in Numina’s case, if identification through data combination is a “serious possibility,” then even non-personal data could be subject to PIPEDA. 

By Nicholas Studley, CIPPIC Student

On December 13, 2018, Sidewalk Labs presented an overview of how smart city technology could be used to improve energy efficiency across Toronto. Sidewalk’s proposal includes the installation of monitors, sensors and thermostats adjusting to real-time needs as solutions for reducing energy use in both homes and offices. 

Privacy Risks

The privacy risk of this technology lies in monitoring people’s behaviour in their home or office – and the capacity to track their location based on detailed energy consumption patterns.  For example, lower energy use typically occurs when individuals are away from the home or office, and higher use when present. This information may become more detailed when combined with energy efficiency measures which strive to conserve energy when occupancy is lowered. Taken as a whole, such data have the potential to reveal individual activities and location information.

How could Sidewalk protect privacy?

    By measuring and adjusting energy use, Sidewalk will be collecting information about individuals. Sidewalk is aware of the privacy risks emerging from data insights related to energy consumption. Sidewalk’s privacy commitment adheres to several best practices to attempt to address these risks, including:

• Privacy by Design
• Encryption
• Data minimization
• Data anonymization
• Notice and consent to information collection

Privacy by design is a commitment to addressing privacy risks during the design of an application, rather than as an afterthought. Privacy risk assessments are a best practice of privacy by design.  Sidewalk’s version – the Responsible Data Impact Assessment (“RDIA”) – is completed prior to deploying their energy efficiency solutions. Presently in progress, this assessment will describe the privacy concerns associated with the technology and Sidewalk’s efforts to mitigate them. 

Encryption is a security feature in which information is protected by only allowing access to individuals who know the proper encryption key. Sidewalk is committed to “[ensuring] that building operation data archive[s] will be protected by encryption and security.” Sidewalk will ensure that access to this data is restricted and will track who accesses it and when.

Data anonymization is a policy of de-identifying personal information wherever possible. Information collected from households which use the Sidewalk technology will be aggregated and anonymized prior to creating neighbourhood-based metrics. 

Data minimization is a policy of ensuring that only necessary data is collected in any process. Sidewalk is committed to only holding personal information as long as they need it, and will delete it once no longer necessary.  Obviously, the details are important here: definitions of “need” and “necessity” will no doubt be contested.

Notice will be easier to facilitate for this particular technology. While not discussed in its presentation, garnering consent should also be easier with respect to collecting and using personal information from energy efficiency platforms. Interestingly, by getting consent from these household energy devices, Sidewalk could improve consent protocols with respect to other technologies through “sticky consent”. Sticky consent involves “privacy choices [being] remembered by smart systems and applied the next time a choice needs to be made.” According to Professor Lilian Edwards, “the FTC [US Federal Trade Commission] suggest that a single device in a smart home – a home appliance that acts as a hub – could learn a consumer’s preferences based on prior behaviour and apply them to new appliances and new uses.” These new uses could include new technologies in a smart city ecosystem.

Privacy legislation considerations

The Personal Information and Protection of Electronic Documents Act (“PIPEDA”) applies to the collection, use or disclosure of personal information in the course of a commercial activity. Personal information is information about an identifiable individual.

Energy efficiency applications could collect both personal and non-personal information. Sidewalk does confirm that some information will need to be anonymized and, therefore, will be personal when collected. Despite anonymization procedures, there is always a risk that information could become re-identifiable in combination with other data. If identification through combination is a “serious possibility”, then even non-personal data could be subject to PIPEDA. Since Sidewalk is a commercial entity, much of the information collected will likely be subject to PIPEDA.