Without control over its data, whether public or private, the town/city cannot guarantee its sovereignty
Nicknamed “datapolis” by the journalist Francis Pisani, the smart city, during its emergence at the beginning of the 2000’s, did not fail to raise concerns due to its massive collections of data. The growth in data is exponential with the appearance of more and more sensors or video-protection cameras which promise to improve citizens’ lives…as well as the economic health of the companies supplying the data, like IBM or Decaux.
Controlling the urban data produced by these sensors is a major challenge for municipalities. As this alone will guarantee its sovereignty and repair an asymmetry between public and private powers in involving more citizens in democratic life while guaranteeing the protection of private life written into the constitution since 2018.
CITIZENS’ DATA AND MAJOR INDUSTRIAL GROUPS
The protection of citizens’ rights, as for private life, is difficult to reconcile with the principle of “virtuous freedom” (for example free WiFi versus data collection), to which municipalities often yield. In France, Grenoble is an exception in banning an actor in smart street furniture from public spaces. LinkNYC terminals, installed in New York by Sidewalk Labs, a subsidiary of Alphabet, after having won an invitation to tender for a project aiming to reinvent telephone booths, claim, as well they might, that they offer “the greatest and most powerful free WiFi ever offered by a town/city”. In towns as on the Internet, a saying warns “when a product is free, you are the product”.
The problem with capturing personal data is that its management sits equally within the framework of the public-private partnerships working on smart city projects. In France, personal data remains under the governance of the cities. Control is maintained by the public service which is the “trusted third party”. To develop the ability of regions to manage data sharing, initiatives have been launched, such as DataCités 2 led by Chronos and Ouishare; these support a number of regions in collaboration with partners such as la Banque des Territoires, ADEME, CGET, Bouygues Construction and Bouygues Energies & Services. A full review of this work will take place at the end of June 2020. A welcome support: at the end of 2019, more than 60% of communes had not yet nominated a Data Protection Officer (DPO), according to the Journal du Net despite this being required by the General data protection rules (GDPR).
It happens, however, that certain private actors refuse to share their data with communities in order to serve the public interest. Under this principle, New York forced Uber in 2017 to communicate this data to improve taxi traffic. But the group provided this data to the city anonymised and grouped very schematically under topics…
Citizens’ mistrust of the control and usage of their personal information was especially demonstrated in Canada at Toronto from the announcement of the futuristic project for the Quayside district designed by Sidewalk Labs, nicknamed “Google city”. Since 2018, a group of citizens, lead by Bianca Wylie, rose up to force the stakeholders, Sidewalk and Waterfront Toronto, the body which brings together the province, city and government, to revise their contract. The group obtained public powers at the end of 2019 “to limit the scope of future work and require that the data collected be managed by a public entity and stored in Canada” stressed Le Monde, proving that citizens can help their representatives defend the public interest.
CITIZEN DATA AND MUNICIPALITIES
Beyond this example, concern over the ability of towns and cities to guarantee the freedom and anonymity of their citizens can be read on social networks, on Twitter for example where the hash tag #smartcity was accessed 180 million times in 2018.
The use of data by totalitarian democratic regimes have made the headlines for a number of years and feeds into this insecurity. In China, videosurveillance cameras incorporating facial recognition systems provided by companies such as Huawei to carry out their “safe city” policy strikes fear in France! “The Chinese giant provocatively gifted more than 200 cameras at the last count to the town of Valenciennes to modernise their videosurveillance system”, title 20 minutes in January 2020.
The use of data by our western democracies is also feared. The American think tank Rank Corporation warned, in a report published in 2017, against crime prediction software such as Crime Scan or PredPol used at Los Angeles or Atlanta, which, due to the racial bias of the algorithms reinforces prejudices. Could they not rather prevent crimes by mobilising social services in “at risk” locations by looking for delinquency problems at source?
DATA AND HACKERS
Lastly, the reliability of the tools themselves is challenged. Acts of cyber-vandalism not only target private groups. “A “massive” cyber-attack at Marseille, its region and metropolis” was revealed by the press on 15 March 2020. There was moreover a data leak, observed by a group of hackers in March 2019, which gave the West a preview of Chinese surveillance, targeting hundreds of millions of individuals.
In a city with multiple connected objects, from street furniture to the metro turnstile, the more the entry points increase, the more the risks will increase in line. Building walls around data such as firewalls, encrypting them, multiplying the passwords, none of this guarantees zero risk: this does not exist. As there is no infallible protection, the municipalities focus on preventative security and efficiency of reaction to the cyber attack.
“There is much work to be done to achieve digital responsibility, concluded Constance Nebbula, the digital adviser to Angers. And it must include the contamination generated by the digital industry. This has become a new priority for smart cities”. A paradox moreover that the smart cities will need to resolve.