When regulating apps, smart cities need to be smart about privacy

Cities across the country are using data to more effectively and efficiently provide services for citizens. New York City, under the last several mayors, has been at the forefront of analyzing information from across the city to tackle problems ranging from public safety to the environment.

{mosads}Smart cities bring together cutting-edge monitoring, big data analysis and innovative management technologies to the world of urban planning, but all of these data in government hands raise important privacy issues. Basic caution is warranted with regards to law enforcement access and public release of this information, either through data breaches or Freedom of Information laws.

To deal with these challenges, some progressive cities are taking a broad-based approach to privacy. In this respect, the city of Seattle is illustrative. As part of a new initiative to provide greater transparency into Seattle’s data collection and use practices, the city has convened stakeholders from across municipal agencies, including the police, fire and transportation departments. This team will create a set of privacy principles and explore how to educate different city agencies on privacy.

Unfortunately, New York City has taken a blunter approach when it comes to a recent effort by the Taxi and Limousine Commission to regulate mobile apps that dispatch for-hire vehicles, such as Lyft or Uber.

Among other requirements proposed in a new rule, the commission wants apps to be capable of automatically collecting and transmitting to the commission vast arrays of sensitive location information. Companies could be mandated to provide real-time transmission of passenger data, even in cases where passengers actually cancelled their trip request. The proposal leaves open a lot of questions as to how and when this information would be gathered by the commission and provides no guarantees on public disclosure, access by other city agencies or law enforcement use.

Serious privacy and security issues are raised when cities aim to collect vast amounts of sensitive data that detail day-to-day activities, lifestyles and habits of millions of citizens, and a wide information grab like this goes beyond what is needed to actually improve transportation services in New York City.

In response, the Future of Privacy Forum joined with leading civil liberties organizations to urge the commission to engage with privacy experts and the public in order to determine how to achieve its goals without placing passenger privacy at risk. The commission’s proposal speaks to the importance of mobile apps having carefully considered privacy policies, but the commission also needs to recognize the significant privacy challenges posed by its own data collection and use proposals.

There is little question that services like Uber and Lyft have become important forms of transportation in parts of New York City, and it makes sense for the commission to provide guidance for the mobile apps that govern how these services work. Increasingly, apps can be used to monitor all sorts of transportation infrastructure, including black cars and taxicabs, and smart cities can use some of this information to help citizens and visitors alike.

But the current Taxi and Limousine Commission proposal goes too far, sacrificing privacy without providing protections for sensitive passenger information.

Polonetsky is executive director and co-chair of the Future of Privacy Forum. Jerome is a policy counsel at the Future of Privacy Forum.