Cities are writing privacy policies

A smart city can vacuum up details like your location or daily habits — even though you probably haven't agreed to it.

What's happening: Seattle, Oakland and New York City — among the few cities with chief privacy officers — have laid down privacy guardrails for how data gathered in the cities will be used. This month, Portland's city council unanimously approved detailed privacy guidelines. But few have binding rules yet.

"A lot of people have been rolling things out and hoping they'll work out the details during the pilot phase," says Kelsey Finch of the Future of Privacy Forum.

By setting up guardrails ahead of smart-city projects, these cities hope to avoid the controversy in Toronto, where a popular uprising threatens to derail a massive smart city project backed by Google’s sister company, Sidewalk Labs.

• Torontonians expressed concerns about who would control the sensitive data collected by sensors.
• In its master plan released last week, Sidewalk Labs suggested establishing an "independent data trust" to set privacy rules for all companies involved in the city's new waterfront development.
• "We need to build public trust in how the city handles data and technology — especially because we want to handle more data and technology," Kevin Martin, Portland's smart cities manager, tells Axios.

What they’re doing:

• Portland’s newly approved privacy principles prioritize "transparency and accountability" and "ethical and non-discriminatory use of data." How that works varies from project to project.
• Oakland is likely to vote on its own citywide privacy principles in the fall, and on an outright ban on facial recognition in the coming weeks, says Joe DeVries, the city’s chief privacy officer.
• And New York has a privacy policy that binds its city agencies and contractors.

Go deeper:

• Special report: The human hurdles to smart cities
• Scooters, cities clash over rider data
• Living in a smart city laboratory (Axios)
• Smile, your city is watching you (NYT)