Although there is potential to improve our urban environments through the use of the data-driven technologies that make up smart cities, there are also risks. One such risk may be a tendency to place too much faith in analytics. Critical data scholars have already challenged the notion that data are objective or neutral. Apparently straightforward choices about what data to collect, and how, are in fact loaded with assumptions about what is worth measuring, and how best to measure it. Further, data may be capable of multiple interpretations. Data that show that crime rates are down in the city centre, for example, may actually tell a different story. It may be that the police have changed how they record and report data under pressure to conform to management performance objectives, or that relations between police and the population in that area have become so fraught that the rate of reporting of crime has diminished, rather than crime itself. The more diverse the data and the more obscure the algorithms used to analyse it become, the more difficult it will be to understand or critique official data narratives.
The label “smart cities” suggests improvement over the previous “ignorant” cities, and implies that these new data-driven cities will be ones in which decision-making is more rational, better-informed and ultimately superior. The cloak of intelligence, however, may well mask the dynamics of what data is collected, by whom and for what purposes; it suggests a level of data quality and suitability for purpose that may similarly be flawed or substantially lacking. Smart cities may also be fragile ones in the sense that the reliance upon sensors and analytics leave both the cities and many of their services vulnerable to hacking, bad code or technical glitches. It is not a surprise, therefore, that smart cities will raise a host of legal issues.
Privacy is an obvious issue in the smart cities context, given the ubiquity of sensors and the central role of data analytics. We have already seen debates around privacy and smart utility meters, as well as concerns over employee privacy in GPS-enabled cars and machines. Commuters may well wonder how the data from their public transit smart cards may ultimately be used; as these cards expand to cover payment for a range of municipal services (parking, bicycle rentals, fees to access recreational facilities, etc), the collection of user data will be increasingly tempting for municipalities and their public sector partners who may wish to analyse and exploit this data for a broad range of purposes. Public-private sector partnerships in relation to information and data services will create conflicts between public and private sector data protection regimes, and may also confuse a public that believes it is dealing with government when in reality it is dealing with a hybrid of public and private sector actors. The seemingly unstoppable flow of information from all sources to state security organizations adds a further layer of concern over excessive and undue surveillance.
The potential fragility of the digital infrastructure of so-called smart cities will likely also raise interesting liability issues on a range of fronts. Flawed algorithms may lead to decisions that waste resources or harm local businesses; essential infrastructures that are too easily hacked may result in significant losses including, potentially, loss of life.
The fusing of public sector and private sector roles within the smart city has already led to interesting issues around data ownership and control. At the same time as municipal governments in Canada make strides towards open data, they are also contracting with the private sector for an expanding range of data services. In such cases, it becomes necessary to ask who “owns” any data that are the output of these relationships. For example, while there used to be no question that municipal transit authorities generated (and therefore owned whatever IP rights might subsist in) public transit data, the advent of real-time GPS data has raised issues about data ownership. Real-time GPS transit data are often collected by private sector companies under contract with municipalities to provide both the hardware and the software to generate and process this data. As these types of partnerships proliferate, cities will need to pay attention to issues of rights and ownership. Cities that seek to move away from unsatisfactory suppliers of smart city services may find themselves entangled in legal battles over rights to data already collected or analyzed by those suppliers. At the same time, municipal control over data is necessary to protect the right of public access to it both for innovation purposes and to ensure transparency and accountability in the delivery of municipal services.
The aura of neutrality and objectivity of data described above will also need to be deconstructed by lawyers who seek to challenge discriminatory practices in the delivery of municipal services. The ability to do so may also be inhibited by the lack of transparency in relation to both the data and the algorithms involved in urban data analytics. The public-private partnerships the underlie these services may enable private sector partners to shield both data and algorithms as trade secrets, making it difficult to understand what data was relied upon in reaching decisions, as well as to unravel the web of assumptions that inform data collection and analytics.
*Teresa Scassa is the Canada Research Chair in Information Law at the University of Ottawa and a founding member of the Centre for Law, Technology and Society. She is part of the Geothink project, and recently took part in the Data and the City Workshop at the National University of Ireland.