In which I get into the Urban Data Trust and make a classic South Park reference.
It would be responsible for overseeing “the digital governance of urban data for the IDEA District” (p. 420).
The first phase of its implementation would involve an agreement between Sidewalk Labs and Waterfront Toronto, neither of which would control it. The initial board would have five members, which “could” (sigh) include: “a data governance, privacy or intellectual property expert” (weird that these are seen as being interchangeable); “a community representative; a public-sector representative; an academic representative; and a Canadian business representative” (p. 420)
The board – likely two lawyers, a businessperson, a government official (which level of government?) and someone from the community – would be independent once established, but how would they be selected? Given the legally close relationship between Waterfront Toronto and Sidewalk Labs, there’s no way that they could select a board that had a veneer of impartiality.
You know – and I’m just spitballing here – but we already have an entity whose entire job involves representing diverse community interests. It’s called The Government. Given that this Urban Data Trust would be setting its charter and policies at the very beginning, what justification is there for not making it a public body right off the bat? To do otherwise invites accusations of conflicts of interest.
Anyways. The big hire would be a Chief Data Officer, who “would be:
- responsible for developing the charter for the Urban Data Trust;
- promulgating RDU Guidelines that apply to all parties proposing to collect urban data, and that respect existing privacy laws and guidelines but also seek to apply additional guidelines for addressing the unique aspects of urban data (see Page 424) [i.e., figuring out a way to square the weird urban data concept with Canadian personal information privacy law];
- structuring oversight and review processes (including creating an appropriate privacy impact analysis (p. 429));
- determining how the entity would be staffed, operated, and funded;
- developing initial agreements that would govern the use and sharing of urban data; and
- coordinating with privacy regulators and other key stakeholders, as necessary.” (p. 421)
- Also, helping “startups, companies, and organizations understand these factors when preparing the RDU Assessment.” (p. 429 – not on main list)
Big job. Lots of responsibility. Wonder how much it would cost to run this office. And I’ll keep wondering, since this plan has no estimates at all. Funding “would need to be worked out in a consultation process” (p. 422). Indeed; why include an actual plan in a planning document, when you can always plan for more consultations? What a great way to exhaust the public and ensure that by the end, the only people paying attention are those with deep pockets and an abiding direct financial interest.
The major, and I think fatal, problem with this proposal is that it’s being undertaken at the wrong level. To use Sidewalk Labs’ language, the scale is too small for this type of organization to function well. The questions the Urban Data Trust would be asked to consider are the proper purview of either the federal or provincial governments, or both, not a tiny waterfront development funded by fees from the few businesses set up in this area. (Also, they want to pay for this with another local tax – sorry, data collection and use administration fee. How many fees does Sidewalk Labs want to charge us?)
Finally, the proposal that the Toronto Public Library be given responsibility for this job is ludicrous. They may have “expertise in managing [some types of] data and … credibility and trustworthiness …” (p. 422), but what guarantee that they can act as a business regulator? What guarantee is there that they will receive sufficient funds and resources to do their job?
This proposal seems like a cynical way to free-ride on the Library’s “trustworthiness” (almost everyone loves libraries!) by an organization that has very little of the same.
Trusting “trusts,” or, Sidewalk Labs breaks my brain
Sidewalk Labs notes that this entity is not intended to be a “trust” in the legal sense — legal trusts are not designed to benefit the general public. … While Sidewalk Labs proposes a non-profit entity, the final legal structure (and name) would be determined based on input from government, the community, researchers, and industry. Sidewalk Labs also now calls this entity the “Urban Data Trust” to clarify the proposed responsibilities [the stewardship of data]. (p. 423)
I honestly don’t know what to make of this statement as anything more than a weird exercise in semantics and public-relations jargon. The stated problem with “Civic Data Trust” was that it seemed to imply that the beneficiary would be the public, when the legal definition of “Trust” under Canadian law holds that it cannot benefit the general public.
So, changing “Civic” to “Urban” does… what? I thought the problem was with the legal definition of “trust.”
With “Urban Data Trust,” you get to keep the warm fuzzies from the word “trust” (as in, confidence in), but did anyone reading this proposal think anything other than this agency was designed to protect the public interest? That’s the whole point of the agency in Sidewalk Labs’ telling, no matter what you call it. Does Sidewalk Labs telling us that it will now be a “legal structure that provides for the independent stewardship of data,” reflecting the Open Data Institute’s concept of a “data trust” mean that it wouldn’t benefit the general public?
That would make no sense.
If there is any problem here (and I don’t think that there is, but I’m not a lawyer), it’s with the word “trust.”
I fear I’m falling victim to the Chewbacca Defence.
It’s all odd and makes no sense, except as a way to give legitimacy to the phrase “urban data.” And at the end of the day, it’s still unclear exactly what an Urban Data Trust would look like, except that there would be one. And it would operate in the public interest. Unless it wouldn’t.
Goal 2: Establish RDU Guidelines (pp. 424-425)
These should follow Privacy by Design.
address key areas of digital governance, ethics, and open access to information, as well as the ways in which aggregate or de-identified data can impact individuals and groups of people through the use of advanced analytics, such as artificial intelligence. (p. 424)
Sidewalk Labs proposes the following principles:
- Data use should have “a clear purpose”, “a clear, direct connection to the ways in which the project and proposed data collection activity would benefit individuals or the community.” Urban data use “must incorporate Canadian values of diversity, inclusion, and privacy as a fundamental human right.” (p. 424)
- Transparency and clarity should be guiding data-collection and use principles. (p. 424)
- Data minimization, security, and de-identification by default. (p. 425)
- “No selling or advertising” … “without explicit consent.”
- There would be no “proposed prohibitions placed on data collectors who would like to sell data containing personal information ro to sue such data for advertising.” The most Sidewalk Labs can promise is “a higher level of scrutiny”: these companies would have to “follow all applicable privacy laws” (um, thanks?), “provide clear justifications for this activity and demonstrate (with examples) how they plan to obtain explicit consent from the affected individuals.” (p. 425)
Data would be publicly accessible by default, and organizations
should be required to detail if they are going to be developing AI systems. If so, they should be required to show how they have incorporated Responsible AI principles into their development and decision-making to reduce the likelihood of biased and unethical outcomes. (p. 425)
As noted elsewhere:
Sidewalk Labs has already committed publicly that it would not sell personal information to third parties or use it for advertising purposes. It also commits to not share personal information with third parties, including other Alphabet companies, without explicit consent. (p. 425, emphasis added)
Goal 3: Set a clear process for urban data use or collection (pp. 426-441)
Step 1: Classify the data. Urban data gets assessed, transaction data doesn’t. (p. 426)
Step 2: Submit an RDU Assessment (p. 428)
(We also learn that “Sidewalk Labs has been developing an RDU Assessment template since the summer of 2018,” and has been using it internally. (p. 428))
The Urban Data Trust would use the RDU Assessment to assess how the proposal con- forms to the RDU Guidelines, privacy laws, Privacy by Design principles, and any other relevant factors or applicable laws.
Sidewalk Labs proposes that the RDU Assessment consider the project purpose, data sources, legal compliance, and a risk-benefit analysis. (p. 431)
Step 3: Receive a decision by the Chief Data Officer. (p. 432)
Step 4: Meet post-approval conditions. (p. 433)
The underdeveloped part of the Data-Authority proposal
Given all the different jobs the Urban Data Authority would be asked to perform, a rough estimate of the number of people required, and the necessary training, would have been a helpful addition to this plan.
Proprietary data wouldn’t be open data
Sidewalk Labs gives some examples:
These cases could involve data that contains personal information — for example, a government organization that collects transponder data or images of licence plate numbers for enforcement.
And here’s an important exception: proprietary data, “collected at great cost to a company” might allow you to control that data and not have to share it, because that would “undermine investment and competitive advantage, discouraging businesses from locating within the IDEA District.” (p. 434)
This would almost certainly represent a monster-sized loophole in the commitment toward providing open data. This exemption would make the Eastern Waterfront very open to certain types of companies, those intent on not sharing their data.
It also prioritizes specific commercial interests over other commercial and social interests.
Urban Data Trust as negotiator
Another job for the Urban Data Trust people:
Sidewalk Labs proposes that the Urban Data Trust facilitate access to urban data via data sharing agreements, including the terms of any potential restrictions or licencing fees. (p. 435)
Urban Data Trust as auditor and enforcer
The Urban Data Trust should retain the authority to audit all collections and uses as needed and order the removal of digital devices in the event it discovers a violation. (p. 435)
The Urban Data Trust would be able to seek legal remedies for violation of agreed-to conditions of data collection and data use. (p. 435)
And all I can see is the paperwork (paper or virtual) and levels of bureaucracy that would be needed to make this thing run well.
Have you had your fill of data trusts and urban data? One more post will bring this section to a close. See you tomorrow.