Our Data, Our Privacy. Part 3.

In recent articles we stated that the City of Santa Monica gathers data about its citizens (and obtains it from other sources too), and suggested ways to protect that information, with oversight from citizens. Residents, we said, can certainly benefit from data obtained by the City in all sorts of important ways, from alleviating traffic to improving the quality of our water. But without proper protection and oversight, that data – gathered individually from residents and visitors, and outside sources – might also be used to invade people’s privacy and exploit their information, especially if the data is shared with third parties – deliberately or not. Since there is no Department of Data Transparency in City Hall, or a Public Data guardian, we must all resort to crossing fingers and hoping for the best. Is this the best we can do?

The European Union has in place new data privacy rules, and cities throughout Europe are implementing them successfully. Dublin, we said in our last article, can do it, why not Santa Monica? Here is Dublin’s detailed plan: https://tinyurl.com/y94uaame.

Since the articles appeared, we have received a number of interesting comments from readers. Here are three.

“So what if the city sells my data and some company shows me ads on Facebook?”

As we suggested earlier, we don’t know if the City sells any of the information it gathers, and it’s not really about advertisements, in any case. The problem becomes acute when many small pieces of disparate data are assembled, out of sight, to create a comprehensive “dossier,” which can then be used for other purposes without our knowledge.

Joseph Turow, author of the recent book, “The Aisles Have Eyes, How Retailers Track Your Shopping, Strip Your Privacy and Define Your Power”, recently said that mortgages are now being issued based on whether the applicants’ friends pay back their mortgages, and what graduate schools they went to. How do those banks know about an applicant’s friends and grad school?

“I have nothing to hide. I don’t look at pornography.”

This interesting bit of wishful thinking and the odd, unsolicited detail about the respondent’s personal habits reflect the kind of psychological denial that most folks employ these days when thinking about data privacy. Of one thing we can be certain: someone out there knows exactly the kind of pornography this guy views, and how often he does it.

“My health insurance premium might increase if they find something in the data about me? I don’t care, my health insurance is through my wife, at the university.”

Apparently this person lives on an island, and events around him leave him unaffected in the least. Does he have a bank account? How about car insurance? The City keeps a record of each time he parks at Santa Monica Place, by reading his license plate and entering the information into a database. After paying for parking, he has now provided them with his credit card number and his credit rating, as well as a record of his driving habits. Here’s a question: after tracking his driving habits, parking records, credit-card purchases and financial status, and correlating those facts with his on-going health-care costs, should the university increase his wife’s insurance premium?

Many of these situations occur in the private sector, of course. But, as we suggested earlier, we’re beginning to see pressure to combine these public and private data-gathering efforts, the beginning of a sort of cooperation between public entities and private companies. As technology improves and penetrates more deeply into our physical environment, more information about us will be available to both private companies and the city’s government. Its impact may be multiplied if they share the information, as we suggested above. That’s why it is critically important that we put in place mechanisms to protect the information we provide the City, as the city of Dublin has done. By protecting that information, we help protect our privacy.

Earlier this week, Britain’s data privacy watchdog (the Information Commissioner’s Office) ordered Cambridge Analytica to turn over all the personal information it had improperly gathered on an American academic, Professor David Carroll, of New York’s Parsons School of Design. Many privacy activists believe this to be a precedent that would allow millions of U.S. voters to demand information the company holds on them as well. This could eventually result in a cascading effect within our country too, down to the municipal level.

Unless Santa Monica implements data-privacy measures for the information it gathers from (and about) residents, the City should prepare for a wave of similar demands from its own residents.

Daniel Jansenson, Architect, Building and Fire-Life Safety Commissioner.