Citizens’ Right to Privacy and Right to Information Access in Smart Cities: Evaluating the Smart City Initiative of West Baltimore




This paper will detail smart city initiatives in West Baltimore and evaluate different approaches to ensure the right to privacy and the right to information access of lower-income communities of color. After evaluating these approaches, this paper proposes recommendations to facilitate the right to privacy and the right to information access in lower-income communities.





Introduction
Smart cities utilize the Internet of Things (IoT) and big data to collect, analyze, and distribute citizens' data in order to enhance quality of life (Kitchen, 2016). The smart city initiative in West Baltimore, Maryland (USA) focuses on solving the chronic issues of complex and lengthy public transportation trips. Transportation is not only important in terms of quality of living, but can also be an indicator of economic mobility, as researchers state that long commute times can negatively impact residents' economic mobility over time (Chetty et al., 2015). Thus, smart cities not only aim to enhance citizens' quality of life, but also strive towards social justice. In order to realize this vision, smart cities need to address privacy concerns that arise from data utilization (Kitchen, 2016). This paper argues that smart cities often fail to address citizens' privacy concerns and citizens' right to privacy and right to information access should be guaranteed.
The concept of privacy varies depending on the context of the technology that it is situated in. Traditional definitions of privacy emphasize self-determination and communication of one's information (Warren & Brandies, 1890;Westin, 2003) that can be applied to the smart city context as the right to "accessing and disclosing personal and sensitive information about a person which includes locational and movement privacy" (Kitchen, 2016, p. 25).
Along with the right to privacy, individual access rights are critical drivers for establishing trust and support in new connected technologies, such as smart cities (Tene & Polonetsky, 2013). In the context of smart cities, access to one's data means "providing individuals with access to their data in a usable format and allowing them to take advantage of third-party applications to analyze their own data and draw useful conclusions" (Tene & Polonetsky, 2013). Thus, in terms of fulfilling civil liberty in a democratic society and facilitating a participatory democracy, the right to privacy and the right to information access in smart cities can be seen as two sides of the same coin. This paper will look into the smart city initiative in West Baltimore with the population of lowerincome communities of color in terms of residents' right to privacy and right to information access.

Smart cities' impact on lower-income communities: Case of West Baltimore
Lower-income communities are more likely to be impacted by the infringement upon the right to privacy and the right to information access from smart city technologies. Upon investigating the intersection of privacy and poverty, Madden et al. (2017) stated that "many surveillance systems that surround the poor are purposefully designed to deliver a message of stigma to the subject while reinforcing societal stereotypes about dependency" (p. 61), demonstrating how new technologies can be used to discourage the poor from engaging fully in the society. Madden (2014) also notes that lower-income and less educated populations are less informed about privacy issues and thus vulnerable to data privacy breaches. Against this backdrop, however, when investigating residents' concerns about smart city data in West Baltimore, Lung- Amam et al. (2019) found that residents wanted access to the data collected about their neighborhood. For example, residents wanted to better inform city officials about what data is missing or can be improved about the neighborhood. In other words, data subjects demanded participation throughout the process. Thus, understanding residents' privacy and data concerns and providing mechanisms for their right to privacy and information access are necessary for both successful implementation of smart city initiatives and for social justice.
The West Baltimore region consists predominantly of African Americans (96%), and most residents are less educated and lower-income (Lung- Amam et al., 2018). According to the U.S. Department of Transportation (U.S. DOT), Baltimore City was listed in the ten worst cities in America for the longest commute times, with residents spending an average of 55 minutes to commute using public transportation (The City of Baltimore, 2016). Along with neighborhood concerns on public safety and job opportunities, there was a need for high-quality and reliable transportation (Lung- Amam et al., 2018). For example, teens were affected by a month-long subway closure that increased their commute times to school (Lung- Amam et al., 2018). The public transit use and quality of service that residents experience in West Baltimore strengthen the socio-economic disparity that residents face (Kaufman et al., 2015).

Current practices and regulations to protect the right to privacy in smart cities
Privacy laws in the U.S. are sectoral, and data privacy is protected by the Fair Information Practice Principles (FIPPs) set by the Organisation for Economic Co-operation and Development (OECD). FIPPs was established in response to the development of automatic data processing and transmission of data between nations in order to prevent violations of human rights regarding data privacy (OECD, 2013). Since smart city technology utilizes personal data, it falls under the FIPPs principles for protection and regulation. FIPPs include eight basic principles that serve as a basis for national implementation, including collection limitation, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability (OECD, 2013). The U.S. Federal Trade Commission (FTC) adopted four out of eight principles, which are choice, notice, security, and access (Federal Trade Commission, 2000).
However, critics have argued that FIPPS have fallen behind technology, especially with the rise of IoT and big data (Barocas & Nissenbaum, 2014). Accordingly, amendments were made in 2012, and the revised FIPPs were proposed in the Consumer Privacy Bill of Rights (The White House, 2012). The main revision was to break from the traditional notion of "notice and choice" that assumes a passive user to "transparency and control" that assumes an active individual in achieving autonomy. Under the notice and consent scheme, the user would read long, complex legal documents and agree to terms and conditions, which are usually non-negotiable (e.g., end user license agreements). Under the transparency and control scheme, the focus is on effective design spaces for notice and increased control features for users. The revised FIPPs also acknowledge privacy as an evolving concept influenced by technological development. Lastly, rather than gathering all possible data, the new FIPPs promote data minimization in order to prevent possible misuse of data.

Evaluating Smart City Technology in West Baltimore in Accordance with FIPPs
The core of the smart city project in West Baltimore lies in its use of users, vehicles, and cell phones as probe sensors to collect location data in order to support customized, real-time travel information, passenger and freight trip planning, performance monitoring, and decision-making (The City of Baltimore, 2016). These probe sensors are embedded in everyday objects, which makes data collection ubiquitous and pervasive, thus difficult for users to be aware. The City of Baltimore has partnered with various private-public information organizations to accomplish its vision.
Considering that the intelligent sensor-based infrastructure is the core of Baltimore's smart city vision of utilizing citizens' data from their smartphones, there is a strong need to examine stakeholders' privacy policies. In this section, the CitiStat program, RITIS, and Google/Waze's privacy policy was reviewed based on FIPPs. First, CitiStat program violates the principle of transparency and access in FIPPs because the dashboard content is optimized for personal computer (PC) view. This is problematic since the majority of the residents in West Baltimore did not own a PC but relied on smartphones (Lung- Amam et al., 2018). Second, RITIS violates the access and accuracy principles of FIPPs as it provides little or no way of participation for its users to erase or modify their data. Additionally, RITIS infringes upon both transparency and control, and focused collection principles, as it claims to perpetually store data without clear explanations of its purpose. Last, behind the lengthy description of its privacy policy, Google/Waze violates the respect for context principle because its data usage is beyond its primary navigational purposes. Additionally, information is gathered as much as possible, violating the focused collection principles.

Recommendations
Based on the evaluation of West Baltimore's smart city program, the following recommendations will better address citizens' right to privacy and right to information access for smart city initiative in West Baltimore: • The initiative should increase transparency and control in its privacy policies with detailed descriptions of what and how the data is collected and address them in a mobilefriendly manner to reach its intended audience. • When there is the potential for increased access to user data, such as through mobile phones, there should also be features that allow users to erase or modify their data. • Stakeholders should engage in data minimization and limit data collection to what they need for their intended services and purposes. If they want to collect data for additional purposes, they should communicate it to the residents in advance with simple and straightforward language.
This paper acknowledges that FIPPs are principles that information organizations are encouraged to follow regarding data privacy and are not legally binding. Thus, this paper suggests governance and management-level solutions should supplement the lack of legislative enforcement regarding data privacy in smart city technologies. Having strong, principle-led governance and management will maximize the benefits of a smart city and minimize its harms (Kitchin, 2016).