Earlier this month, news outlets around the world broke the news that British political consulting firm Cambridge Analytica stole the data of 50 million Facebook users without their knowledge. The data mining and analytics company, which had a major role in Donald Trump’s presidential campaign in 2016, managed to gather the data by developing a quiz app that collected the data of quiz-takers, and their friends with limited privacy settings.

As infuriating as the news was to many, it comes as no surprise that major corporations are in the business of collecting data without our knowledge. Uber has become a practical means to navigate cities for thousands around the world. But as easy as the process seems for users, the app simultaneously collects a plethora of personal information such as users’ full name, address, credit card information, and even have constant access to their location. Even if Uber, or any of the other tens of corporations that follow suit, does not use this information, other malicious individuals might. This process of data collection, albeit somewhat normalized, necessitates the infringement on users’ privacy and the privacy of their data.

Data privacy infringement, the epoch of this day and age of hyper technologization, has consistently been making headlines for the past few years. And unfortunately for the average citizen, the matter of fact is that their data is likely being systematically collected, analyzed, and used without their knowledge. The same struggle, striking a balance between data collection and data privacy infringement, is part of an ongoing conversation surrounding “smart cities.”

Unlike corporate data collection, smart cities are a crossroads for city leadership, private companies, and the tech community, making it difficult to hold entities accountable for data privacy infringement. Cities across the world have equipped everything from light posts and trash bins to parking meters and traffic lights with technology to gather data to make cities more sustainable, accessible, and efficient. To a large extent, however, the tech-user community is not as concerned with how smart their cities are becoming, but rather, how they’re becoming smarter.

These concerns suggest that cities are becoming smarter at the expense of people’s privacy and the privacy of their data. But can cities become ‘smarter,’ safer, and more sustainable without forgoing the data privacy of city residents?

Making Cities Smarter

Barcelona was named the smartest city of 2015 by digital marketing research firm Juniper Research (although Singapore later took the title in 2016) and was crowned by Fortune as ‘the most wired city in the world.’

Barcelona’s history with wiring goes back to the 1992 Summer Olympics, when the city converted an abandoned textile factory into startup hub 22 Barcelona and laid down miles of fiber-optic cables, saving the city millions nearly two decades later when Barcelona made moves toward becoming a smart city. Today there are 500 kilometers of fiber-optic cables beneath the city.

Other more subtle changes were made to the city in recent years. Garbage collectors know which trash bins to empty since sensors inform the collectors how full the bins are. A phone app tells drivers which areas have vacant parking spots in order to reduce traffic congestion and make parking more efficient. The city has impressive WiFi coverage that is free for everyone, thanks to the street lights equipped with internet capabilities. But as advanced as the city is becoming, these advances do not come without strings.

While cities like Barcelona, Singapore, Boston, and London are slowly being equipped with smart capabilities, most are still struggling to find a balance between respecting the privacy of citizens and collecting their data for the ‘better good’ of the city. Cities usually collect two kinds of data: aggregate data, which records general data to identify certain trends, and real-time data, which focuses primarily on gathering information on individuals.

The majority of cities that work towards becoming more sustainable utilize aggregate data to optimize the city’s functions. Aggregate data can be used to analyze traffic to spot road hazards like in Boston, to monitor popular parking spots like in London, or adjust streetlight brightness like in Barcelona. Aggregate data, unlike real-time data, anonymizes the data used to optimize these functions, meaning the data cannot be used to monitor or gain access to more information about individuals.

Smart cities use real-time data to gather specific information about individuals, which is where the dilemma materializes. Real-time data can be used to collect information that allows companies to better target consumers – usually without the knowledge of the consumers.

In 2013, RE:NEW London, a London-based company, installed sensors in recycling bins that tracked WiFi signals from passerby’s phones. The idea behind the sensors was to collect as many Media Access Control (MAC) addresses, which are numbers linked to the hardware of network adapters, as possible so RE:NEW London could then display ads targeting individuals’ interests or habits. The City of London ordered an end to the pilot project once the information became known to the general public.

Cities Gone Haywire, Privacy No More

While RE:NEW London’s case ended quietly, it is also the tip of the iceberg. Our interactions with the technology we use in our day-to-day only emphasize how deeply entrenched corporate and governmental noses are in our business. From using a smartphone or laptop and smart ticketing to simply walking down the street or signing up for an email address, there is a constant process of data collection that, more often than not, will compromise users’ privacy.

data privacy

Courtesy of Future of Privacy Forum

Other cities, like the city-state of Singapore, have used aggregate data to improve the livelihood of the city and its residents. Singapore prides itself on being one of the most advanced cities in the world, and the island nation became the world’s second smartest city as of 2017. The city’s bustling business ecosystem as well as its numerous urban planning successes and its attempts to use clean energy have rightfully placed Singapore on such a high pedestal.

But as it propels itself forward, the city has systematically involved citizens in large-scale surveillance and data collection programs in the name of urban sustainability and urban safety. In 2016, the government announced it would require all cars to be equipped with satellite technology by 2022 in order to automatically ticket drivers with parking fees or penalties.

The government also gathers information about the city’s infrastructure by collecting data on energy consumption in individual houses. They are able to do this since close to 80 percent of the population lives in governmental housing. The elderly and other citizens can even opt to have their movements inside their households monitored as part of the project.

Carlo Ratti, director of the Massachusetts Institute of Technology (MIT) Senseable City Lab told Futurism that data is as abundant as can be, since smartphones, credit cards, and laptops have become an essential part of anyone’s every day. “The worrying thing about this,” Ratti says, “is that we live in an asymmetrical world, where just a few companies and public institutions know a lot about us, while we know little about them.”

data privacy

Singapore by night. (CC: Leonid Yaitskiy)

Urban Sustainability vs. Urban Surveillance

Contrary to the narratives of many cities’ leadership, the definition of urban sustainability and urban safety comes very close to citizens’ understanding of surveillance. Eindhoven and Utrecht in the Netherlands are two cities where the lines between sustainability and safety and surveillance are consistently blurred.

Like in Barcelona and Singapore, Eindhoven has upgraded almost every aspect of the city’s infrastructure to be equipped with ‘smart’ technology. In an attempt to make Eindhoven safer, city officials even installed WiFi-trackers, cameras, and 64 microphones in the city’s lamp posts, all of which can detect aggressive behavior on Eindhoven’s streets and alert the police. City officials also installed the necessary technology to detect the MAC address of citizens’ phones, even if they aren’t connected to WiFi, to get an idea about preferred routes in the city and how frequently visitors come to the city.

“Visitors do not realize they are entering a living laboratory,” says Maša Galic, a researcher at the Tilburg Institute of Law, Technology and Society. She says people should be notified before their data is collected and not after, which is the case in the Netherlands. Peter van de Crommert, project manager at the Dutch Institute for Technology, begs to differ and said to The Guardian that collecting data is more about focusing on crowds than it is on individuals. “We often get that comment – ‘Big brother is watching you’ – but I prefer to say, ‘Big brother is helping you.’ We want safe nightlife, but not a soldier on every street corner.”

Unironically, many have compared increasingly ‘smart’ cities to Michel Foucault’s concept of “The Panopticon.” Foucault believed that when people are suspicious of or know that they are constantly being watched, their behavior is altered accordingly.

Aside from the obvious philosophical questions, the problem with smart cities like Eindhoven or Utrecht is that people don’t know who exactly is watching them or why they’re being watched. More often than not, the data collection in smart cities is done by private companies. And since cities do not require private companies to make their data collection public, city dwellers are left in the dark about who is surveilling them and why.

It isn’t uncommon, however, for companies to withhold their data from the public. In the Silicon Valley, companies call this “permissionless innovation.” And, to these companies’ delight, leadership in cities are outsourcing their job to companies.

But more and more companies involved in making cities smarter are refusing to be transparent with their data collection processes. Many even go so far as to claim that the data they collect is the company’s private property, meaning that even city leadership cannot access the data. The majority of the timem the companies claim they are withholding their data for competitive reasons. But what this means for urban peoples is that as cities become smarter, they are also increasingly becoming privatized and data-driven.

“Oversight, Accountability, Transparency”

Carlo Ratti’s concerns have been answered to in Europe and the United Kingdom with two regulatory bills: Europe’s General Data Protection Regulation (GDPR) and the Data Protection Bill (DPB). The GDPR is slated to come into effect in May 2018 while the DPB is still being voted on in the United Kingdom. The two bills detail regulations on data protection and specifically define what it means to be a data controller or data processor. The former is an individual (or entity) who determines the purpose and process of data collection while the data processor processes data on behalf of the controller.

The GDPR does not permit data collectors to outsource the process to an entity outside of Europe without having a representative present within the country’s borders; the UK however has omitted this clause in the DPB. Europe’s GDPR also allows independent entities to file complaints against data collectors; whereas, the DPB does not permit it.

Fortunately for urban dwellers, the two bills are a step in the right direction. While it is difficult to navigate surveillance and data collection when companies and city leadership continue to do it off the radar, regulation is necessary. London’s mayor, Sadiq Khan, spoke at this year’s SXSW convention in Austin, Texas, and stressed the importance of “oversight, accountability, transparency, and delivery of services” in what he called the digital and data revolution.

Ultimately, there is no absolute response to the question of striking a balance between safeguarding urban sustainability and safety while respecting the privacy of city residents and their data. The two, however, are not mutually exclusive, since the reason there seems to be room for change is that city leadership and corporations are taking advantage of city dwellers themselves. In other words, cities need to continue to advance into smarter, more developed, and efficient versions of themselves, but they also need to remember that cities are for people and not for their data.