At the base of any crowd monitoring system are digital sensors, which capture information pertaining to the movement behaviour of individuals. Consequently, concerns with respect to infringements of the right-to-privacy of citizens are voiced frequently. The partners of the CityFlows project are committed to ensure that the systems that are developed as part of this project do not add to these concerns. Instead, we attempt to ingrain the safeguarding of the rights of citizens in the backbone of this system. Underneath, we have detailed how we plan to preserve this right while developing this system.
Tada Principles
The CityFlows consortium is an advocate of social responsible entrepreneurship, and thus incorporates TADA-principles (https://tada.city) in the re-development of the backbone and front-end of the CM-DSS. These guidelines, which were initiated by a broad coalition of citizens and organisations from the Amsterdam region, detail how the city of Amsterdam deals with both the threats and possibilities of digital technologies. The six principles of Tada are:
- Inclusive – We take into account the differences between individuals and groups
- Control – people stay in control over their data
- Human scale – People have the right to be digitally forgotten
- Legitimate and monitored – People monitor the development and social consequences of digital technologies
- Open and transparent – We are transparent about the purpose, outcome and results of data being collected
- From everyone – for everyone – Everyone can use the data that is being gathered
Please note, that the Tada principles and the protection of the right to privacy are sometimes at odds. Within the CityFlows project we will incorporate the Tada principles for as far as the General Data Protection Regulation allows us to do so.
General Data Protection Regulation (GDPR)
The GDPR is a regulation in the European law on data protection of privacy, which aims to give individuals control over their personal data. Various sensors featured in most crowd monitoring systems collect information regarding the movement behaviour of individuals. Thus, crowd monitoring systems need to adhere to the GDPR. The CityFlows partners do their best to ensure that all algorithms, sensor techniques and monitoring systems comply with the GDPR. As such, the partners will:
- Openly communicate about the locations and time periods at which a monitoring system is active in each of the four living labs
- Provide details with respect to the type of sensors and information that is being gathered
- Clearly explain the reasoning why crowd monitoring systems are used
Privacy by design
The Crowd Monitoring Dashboard (CMD), which is the predecessor of the CM-DSS, was already developed using a privacy-by-design framework. This means that the data gathered by the CM-DSS is, as much as possible, already encrypted at the source in a way that it is impossible to recreate the original data without the exact encryption algorithm, which changes dynamically over time. Besides that, only data which is essential to evaluate the crowd’s movements is captured by the CM-DSS and transmitted from the sensor towards the CM-DSS mainframe. Most importantly, the CM-DSS only stores anonymized aggregated statistics regarding the crowd, which cannot be traced back to any one individual.