Category Archives: Canada

The Incubation of Trust Based Governance Systems Should Be Encouraged

Increasingly, around the world, there is a shift in the way privacy legislative and regulatory approaches are being developed. This is in response to the recognition that much of our collective future economic growth, benefiting both individuals and society, will be driven through digital transformation. Most recently, Canada’s Digital Charter has recognized that digital transformation is having an enormous impact upon both its economy and its society. As the recent OECD report Going Digital: Shaping Policies, Improving Lives, notes, “Today, an ecosystem of interdependent digital technologies [– consisting of the Internet of Things, 5G networks, cloud computing, big data, artificial intelligence, blockchain, and computing power underpins digital transformation and will evolve to drive economic and societal changes”. What all of these digital developments highlight is the need to grow trust systems that require and enable effective governance where digital benefits are realizable and digital risks are managed. This combined, multi directional approach requires new trusted accountability systems and new supporting legislative and regulatory approaches. Instead of parallel approaches that focus on independent paths of a digital economy and data protection, new models are asking how a dedication to privacy could be melded with a commitment to a robust digital future that serves people. When this approach is taken, we achieve the view that data should serve people. When data is used in a manner that serves people and abates crucial risks to all stakeholders, those data uses are people beneficially activities.

It is clear that for businesses to succeed in optimizing data in a trusted way, they will need to enhance accountability mechanisms both as a way of minimizing digital risks while realizing digital benefits. The more data intensive a business is, the more risk it creates and by extension the more programmatic ways it needs to allow for trusted data optimization.

In the IAF’s March 2019 blog, A Pivot (Back) to Accountability, a shift in the role accountability plays in realization of trusted systems was suggested. In 2009, when the global accountability project commenced, the focus on accountability was positioned as supporting the way individual rights had been thought about. These rights, at the time, were heavily centered around individual control. Today, the complexities of data flows and data use have evolved the way individual participation and organizational obligations are thought about. This led the IAF to suggest principles that update both individual participation and organizational obligations. The first part of the principles describes the rights necessary for individuals to function with confidence in a data driven world.  The second part of the principles is focused on the obligations that organizations must honor to process and use data in a legitimate and responsible manner. These principles have been translated into legislative language as outlined in the IAF’s June 2019 blog, Privacy Law’s First Objective Is That Data Should Serve People – The U.S. Opportunity To Get Privacy Legislation Right, and organizations are putting this advanced accountability model in place as their way of creating trusted and answerable systems. The latest example of this is Sidewalk Labs[1] in its collaboration with the City of Toronto on the Quayside smart city project.

Last week, Sidewalk Labs unveiled its proposed “Master Innovation and Development Plan” (MIDP) for Sidewalk Toronto, a project that would design a smart city district in Toronto’s Eastern Waterfront. The proposal will be considered by the government and other stakeholders in the coming months to determine whether and how to move forward with the project. This proposed public-private partnership between Sidewalk Labs and Waterfront Toronto seeks to promote affordability and sustainability while reducing climate impact and creating new mobility solutions, such as by prioritizing mass transit and pedestrians over vehicles. As the Future of Privacy Forum noted in their overview, “the MIDP as proposed contemplates substantial data collection and use; it also proposes a range of significant legal, technical, and policy controls to mitigate privacy risks and promote data protection. In the coming year, Toronto residents and officials will analyze the MIDP and work with Sidewalk Labs and Waterfront Toronto to identify aspects of the proposal that could be modified to promote benefits and reduce risks”. There are a number of novel and interesting parts to the MIDP’s approach to trusted governance.

First and foremost, the project acknowledges that some of the urban data at the core of the Quayside effort will be personal and/or sensitive, By extension, it proposes several key measures intended to mitigate the privacy risks while at the same time realizing the “people benefits” of what are many new and innovative ways to use data. There is the contemplation of technical controls, such as employing hardware and software solutions that integrate privacy-protective data collection, use and sharing into the development and operation of the Quayside site. In addition, there are legal and organizational safeguards, such as establishing consistent and transparent processes for using urban data and independent oversight.

The MIDP approach to data governance in many ways parallels the IAFs approach to trusted and answerable accountability. For example, a set of Responsible Data Use (RDU) Guidelines – what will and will not be done with data – sets a foundation for governance. These incorporate many Privacy by Design components and require artificial intelligence systems to address ethical and bias concerns. An extensive approach to assessing the impacts to individuals is contemplated through a RDU Assessment. The RDU Assessment supports the implementation of the RDU Guidelines as a mechanism for public and private entities to weigh the data benefits and privacy risks of digital products and services prior to deployment. The RDU Assessment focuses on transparency and extending protections to diverse groups and communities, in order to ascertain whether a particular technology or algorithmic use case negatively impacts individuals, groups, or communities due to biased decision-making.

The MIDP recognizes the sensitivity of this type of significantly new approach to both technology and data intensive activities as part of the Sidewalk Toronto project and starts to address the added trust mechanisms that will be required. It goes beyond the IAF’s oversight model by proposing the establishment of an Urban Data Trust that would entrust oversight and accountability of the RDU Guidelines and Assessments to a new non-profit entity. This entity would manage urban data and technologies usage independent of Sidewalk Labs and Waterfront Toronto and would oversee day-to-day digital governance of Sidewalk Toronto projects.  Sidewalk Labs states the data trust concept is intended to build on existing privacy laws while providing additional protection and review before data-related measures are permitted to go into effect. The Urban Data Trust would also govern third-party data collection and use.

The MIDP is very clear that this outline of a proposed form of data governance is by no means complete and much more collaborative work is required to put this innovative model into place. But just as the exciting technology and data driven approaches contemplated in this project that clearly have people benefits in mind, will require incubation, so too will the trusted governance model. It is “okay” to not have all the answers yet. The incubation of these new trust models need to be approached with the healthy objective they were designed around – Data should serve people, and organizations that serve people with data in a responsible and answerable manner should be able to thrive. That approach is the way all stakeholders benefit. Responsible and answerable data environments that hold the promise of people beneficial data use should not only be allowed to fully develop, but encouraged.

 

[1] An IAF Strategist has provided some  independent consulting to Sidewalk Labs

Accountability is As Enforceable as Any Other Privacy Management Mechanism

Accountability has increasingly become the nucleus of effective data protection in a world where the observation of people is critical to how machines and systems work and drives advanced analytics.  Canada was the first country to explicitly capture accountability as part of its privacy law, and therefore actions in Canada have impact beyond Canada.  Now… Continue Reading

IAF Issues “Trusted Digital Transformation, Considerations for Canadian Public Policy”

Many consider Canadian privacy law as the pragmatic mid-point between European omnibus rights driven data protection and U.S. sectoral privacy laws balanced against free expression and risk of harm.  The Personal Information Protection and Electronic Documents Act (PIPEDA) is probably the cleanest translation of the OECD Guidelines into law and by extension is a principles-based… Continue Reading

Comprehensive Data Impact Assessments Set the Stage for Accountability 2.0

There is no disagreement, whether in Europe, the Americas or Asia, that a fully connected world requires those that think and act with data to demonstrate that their processing of data is legal, fair and just.  Demonstration requires comprehensive data impact assessments that help organizations discover the issues for all stakeholders. Discovery of issues helps… Continue Reading

Fairness and Unfairness Moving Farther Apart

Fairness has become a huge data protection policy driver in Europe and the Americas.  Fairness is often hard to define in definitive terms, but the parameters of fairness are well known.  A fair data application creates identifiable value for individuals, mitigates risks to those individuals, and confirms the data is used within the context of… Continue Reading

IAF Announces International Advisory Board

The Information Accountability Foundation is truly international in its focus. As such, it relies heavily on non-U.S. supporters who provide insight and in-kind services that make its international programs so successful. To that end, the IAF has created an International Advisory Board comprised of members of its family that go well beyond just financial support.… Continue Reading

IAF Participates in OPC of Canada Stakeholder Meeting

On 6 October, the Office of the Privacy Commissioner of Canada (OPC) convened a stakeholder meeting in Halifax, Nova Scotia, for a discussion that included OPC’s strategic privacy priorities for the next five years. In particular, the meeting was part of a dialog on consent and privacy that the OPC launched with the publication of… Continue Reading

Accountability in an Observational, Analytics-Driven Digital Economy

Since a multi-stakeholder group first defined them in 2009, the essential elements of accountability have become well established in the field of data protection. These elements are reflected in guidance from data protection and privacy authorities in Canada, Hong Kong, Australia, Colombia and France. They have been adopted as key elements in the European General… Continue Reading

Autonomy and Fair Processing: Proportioning the Governance

The free flow of data to facilitate individual, business and societal needs as well as to facilitate the protection of individuals to whom the data pertains has always required proportionality. That proportionality is demonstrated in privacy law that protects both individual autonomy and fair processing. The constant evolution of information and communications technologies further emphasises… Continue Reading

OPC of Canada Announces Funding for IAF Big Data Ethics Project

The Office of the Privacy Commissioner of Canada (OPC) has announced that the Information Accountability Foundation (IAF) is the recipient of one of the OPC’s Contributions Program’s grants. (Link to announcement.) Awarded to advance the OPC’s privacy priorities, the grant will be used by IAF to help fund the Big Data Ethics Initiative: Assessment for… Continue Reading