Smart city data governance has become a hot topic in Toronto in light of Sidewalk Labs’ proposed smart city development for Toronto’s waterfront. In its Master Innovation Development Plan (MIDP), Sidewalk Labs has outlined a data governance regime for “urban data” that will be collected in the lands set aside for the proposed Sidewalk Toronto smart city development. The data governance scheme sets out to do a number of different things. First, it provides a framework for sharing ‘urban data’ with all those who have an interest in using this data. This could include governments, the private sector, researchers or civil society. Because the data may have privacy implications, the governance scheme must also protect privacy. Sidewalk Labs is also proposing that the governance body be charged with determining who can collect data within the project space, and with setting any necessary terms and conditions for such collection and for any subsequent use or sharing of the data. The governance body, named the Urban Data Trust (UDT), will have a mandate to act in the public interest, and it is meant to ensure that privacy is respected and that any data collection, use or disclosure – even if the data is non-personal or deidentified – is ethical and serves the public interest. They propose a 5-person governance body, with representation from different stakeholder communities, including “a data governance, privacy, or intellectual property expert; a community representative; a public-sector representative; an academic representative; and a Canadian business industry representative” (MIDP, Chapter 5, p. 421).
The merits and/or shortcomings of this proposed governance scheme will no doubt be hotly debated as the public is consulted and as Waterfront Toronto develops its response to the MIDP. One thing is certain – the plan is sure to generate a great deal of discussion. Data governance for data sharing is becoming an increasingly important topic (it is also relevant in the Artificial Intelligence (AI) context) – one where there are many possibilities and proposals and much unexplored territory. Relatively recent publications on data governance for data sharing include reports by Element AI, MaRS, and the Open Data Institute). These reflect both the interest in and the uncertainties around the subject. Yet in spite of the apparent novelty of the subject and the flurry of interest in data trusts, there are already many different existing models of data governance for data sharing. These models may offer lessons that are important in developing data governance for data sharing for both AI and for smart city developments like Sidewalk Toronto.
My co-author Merlynda Vilain and I have just published a paper that explores one such model. In the early 2000’s the Ontario government decided to roll out mandatory smart metering for electrical consumption in the province. Over a period of time, all homes and businesses would be equipped with smart meters, and these meters would collect detailed data in real time about electrical consumption. The proposal raised privacy concerns, particularly because detailed electrical consumption data could reveal intimate details about the activities of people within their own homes. The response to these concerns was to create a data governance framework that would protect customer privacy while still reaping the benefits of the detailed consumption data.
Not surprisingly, as the data economy surged alongside the implementation of smart metering, the interest in access to deidentified electrical consumption data grew across different levels of government and within the private sector. The data governance regime had therefore to adapt to a growing demand for access to the data from a broadening range of actors. Protecting privacy became a major concern, and this involved not just applying deidentification techniques, but also setting terms and conditions for reuse of the data.
The Smart Metering Entity (SME), the data governance body established for smart metering data, provides an interesting use case for data governance for data sharing. We carried out our study with this in mind; we were particularly interested in seeing what lessons could be learned from the SME for data governance in other context. We found that the SME made a particularly interesting case study because it involved public sector data, public and private sector stakeholders, and a considerable body of relatively sensitive personal information. It also provides a good example of a model that had to adapt to changes over a relatively short period of time – something that may be essential in a rapidly evolving data economy. There were changes in the value of the data collected, and new demands for access to the data by both public and private sector actors. Because of the new demand and new users, the SME was also pushed to collect additional data attributes to enrich the value of its data for potential users.
The SME model may be particularly useful to think about in the smart cities context. Smart cities also involve both public and private sector actors, they may involve the collection of large volumes of human behavioural data, and this gives rise to a strong public interest in appropriate data governance. Another commonality is that in both the smart metering and smart cities contexts individuals have little choice but to have their data collected. The underlying assumption is that the reuse and repurposing of this data across different contexts serves the public interest in a number of different ways. However, ‘public interest’ is a slippery fish and is capable of multiple interpretations. With a greatly diminished role for consent, individuals and communities require frameworks that can assist not just in achieving the identified public interests – but in helping them to identify and set them. At the same time protecting individual and community privacy, and ensuring that data is not used in ways that are harmful or exploitative.
Overall, our study gave us much to think about, and its conclusion develops a series of ‘lessons’ for data governance for data sharing. A few things are worthy of particular note in relation to Sidewalk Labs’ proposed Urban Data Trust. First, designing appropriate governance for smart metering data was a significant undertaking that took a considerable amount of time, particularly as demands for data evolved. This was the case even though the SME was dealing only with one type of data (smart metering data), and that it was not responsible for overseeing new requests to collect new types of data. This is a sobering reminder that designing good data governance – particularly in complex contexts – may take considerable time and resources. The proposed UDT is very complex. It will deal with many different types of data, data collectors, and data users. It is also meant to approve and set terms and conditions for new collection and uses. The feasibility of creating robust governance for such a complex context is therefore an issue – especially within relatively short timelines for the project. Defining the public interest – which both the SME and the UDT are meant to serve – is also a challenge. In the case of the SME, the democratically elected provincial government determines the public interest at a policy level, and it is implemented through the SME. Even so, there are legitimate concerns about representation and about how the public interest is defined. With the UDT, it is not clear who determines the public interest or how. There will be questions about who oversees appointments to the UDT, and how different stakeholders and their interests are weighted in its composition and in its decision-making.
Our full paper can be found in open access format on the website of the Centre for International Governance Innovation (CIGI): here.