Blog Post

How City Tech Prioritizes Data Privacy in Collaborative Solution Development

Tom McCoy • June 18, 2021
Do you want to share information with the developers to improve your experience?

The user hits accept and doesn’t think about it again – and probably never knows how those developers actually use their data to improve their products. 

On the other side, companies have quite a bit to gain when you opt-in to sharing data from tech, apps, and websites. However, information-sharing between consumer and organization too often becomes a one-way street; it’s a light lift for the consumer to hit a checkbox and entrust companies with their personal data, but organizations have the unique opportunity to interact with stakeholders and explain the value returned to them through using their data – especially when there isn’t a clear opportunity to opt-in.

Data privacy, the area of data protection that concerns the proper handling of sensitive information, is a topic often viewed through the lens of risks to avoid when designing products that collect data. Given the recent history of technology companies and public organizations’ privacy missteps resulting in compromised stakeholder trust and unfavorable data privacy headlines, this is not surprising. 

However, as the public gains a more nuanced understanding of the value of their data and the complex concepts involved in ‘data privacy,’ the role of privacy in technology solutions has been shifting from a constraint to work around into an opportunity to seize.

Increasingly, researchers and experts are urging product developers to build trust with stakeholders; in addition to improving relationships between developer and consumer, increased trust can kick off a virtuous cycle of faster solution development, better solutions and products, and lower transaction costs. 

While the benefits of implementing and communicating privacy principles are clear and compelling, the lack of a comprehensive approach to applying privacy principles when designing technology is often holding teams and organizations back from realizing this value. Building this trust is particularly difficult when collecting data in public, urban settings where the stakeholder interactions are not intermediated by the technology, and the teams designing the solution often span organizations and sectors.

Data Privacy in Collaborative Solution Development

In many urban technology projects, there is not a direct interaction between the product or service and the customers. Unlike an app on your phone, there is not a control panel with detailed privacy options to communicate privacy concepts and allow for users to control which information they share. Building sustained trusting relationships requires clever design of a stakeholder experience and a communications plan that shares how data is being created and used to advance communities’ goals.

 

For example, in January 2021, City Tech interviewed members of our Civic User Testing Group (CUTGroup) to gain their input and understand interest on an air quality sensing platform. Strikingly, 95% of the residents we spoke with were very engaged in the space; however, many preferred to have more context available in the solution about the platform’s founders, purpose, and data privacy. As a result, the team developed specific solution requirements and privacy related communications to help community members understand privacy concepts and how they have been applied in this project.

 

Additionally, urban technology projects, often spanning various organizations, multiple sectors, and impacting numerous stakeholders are complex to execute. Even when a team has executed an impeccably designed privacy and stakeholder engagement plan in one city, the team will likely find that an implementation one city over will have to consider entirely different local privacy norms and regulations to design within.

 

While there are widely accepted privacy principles (I.e. FIPPs), frameworks for applying them (i.e. Privacy by Design) and privacy regulations to guide privacy decisions, they are general by design and often fall short of being prescriptive when designing a solution. In such a complex environment, how do you know if you are asking the right questions at the right time to ensure privacy principles are fully expressed in your solution?



Privacy in Action

City Tech has led dozens of cross-sector teams to successfully implement innovative urban technology solutions. Using our Solution Development Methodology, we ask critical privacy questions in each stage of urban technology projects. The four-stage process that guides our teams include 1) defining the problem statement, 2) aligning resources and objectives to a concrete work plan, 3) executing demonstrations in live test beds, and 4) providing the structure to enable partners to scale market tested solutions. Here are examples of the questions and activities that have led our project teams to privacy outcomes that build trust and propel solutions forward.



1. Opportunity Discovery:


As is the case in most projects, many of the most important questions to answer come at the very beginning, and privacy considerations are no exception. At the outset of the project, City Tech and our partners define privacy-specific goals and constraints and outline the ways that data will be used to achieve the overall objectives of the project. Establishing and maintaining the primacy of privacy goals within the overall project and organizationally is critical.

 

This is also the time to engage community stakeholders who stand to benefit from the solution being implemented to understand their expectations and desires for how data is collected and used for their communities. In practice, this can be achieved through research methods that are already core competencies for both public and private organizations.

 

Sample Questions at this Stage:

  1. What data will be created within the scope of this pilot and how do we plan to use it?
  2. What are the privacy goals and constraints for each organization participating in the project?
  3. How will data audit, governance and management processes scale as data volume and uses scale?
  4. Are the privacy concerns complex enough that a privacy expert should be consulted?
  5. Do we understand the privacy related goals for the community and other civic stakeholders?



2. Solution Definition:


With the privacy goals and constraints defined, the next step is to select the technologies that will best meet the requirements for the project. The technology that is selected and/or developed will impact the privacy considerations within the project. While this may appear to be an obvious point, often privacy considerations are not re-visited once the technology approach is decided.

 

For example, let’s say a project team was tasked with selecting people counting technologies. Both video and lidar sensors are capable of counting people, however, each technology will collect different types of personal information. The technology that is ultimately selected to do the job will play an influential role in determining the data that can be collected, the supporting Privacy Enhancing Technologies (PETs) that are required, and the content of the communications to stakeholders.

 

Sample Questions at this Stage:

  1. How does the technology and supporting business model impact privacy goals?
  2. What privacy related learnings do we want to gather while testing the solution? What privacy hypotheses should be tested?
  3. What privacy KPIs do we need to define and track when the solution is tested?
  4. How will we know if our privacy related communications were successful in building trust?
  5. Are there Privacy Enhancing Technologies (PETs) that should be considered as a part of the solution?
  6. What agreements need to be in place to define data ownership, and how will data be managed, protected, and shared?


 

3. Solution Implementation:


Within City Tech projects, the opportunity to demonstrate technologies in a live testbed helps confirm the value of the solution and reveal additional opportunities or risks that may not have been obvious at the outset. While testing the solution, the project team will be able to compare the observed results to the developed privacy goals, KPIs, and hypotheses. Often, teams will re-engage community members to gather feedback to gain a better understanding of actual impact of the solution.

 

Sample Questions at this Stage:

  1. Did we prove / disprove our privacy related hypotheses?
  2. What is the attainment of privacy related goals?
  3. Can we expect this these results to hold as we scale our solution?
  4. To what extent are we realizing the benefits of our privacy implementation and communications plan?

 


4. Solution Scaling:


Finally, City Tech and our partners develop a plan for how the solution scales, putting in place the operational processes, governance, and audit structures necessary to ensure future uses for the data and the technology are following the same principles followed in the initial implementation. After a technology is implemented, organizations will aim to find more ways that it can be applied to use cases. At this point, how those future use cases are designed and deployed while staying true to the privacy principles of the project is the focus.

 

Sample Questions at this Stage:

  1. What processes, stakeholder input, governance and audit structures do we need to put in place to scale this solution?
  2. Are new stakeholders or privacy opportunities / pitfalls introduced as the solution scales?
  3. By location
  4. By volume of data
  5. By use case



Conclusion

Developing technology-enabled solutions for cities isn’t easy, and with new technologies and use cases come new data privacy considerations. Instead of shying away and viewing these considerations as constraints, we must lean in and find new ways to benefit everyone. As the opportunities grow, the importance of asking the right privacy questions at the right time, particularly when working in a collaborative environment with diverse stakeholders, cannot be understated.

 

Project teams must focus on learning responsibly while trying new technology solutions and keep structures in place to evaluate new opportunities while remaining consistent to core privacy policy goals. Teams that successfully embed privacy principles at each stage of the process, think through the implications of their decisions all the way through scaling, and involve end users and partner organizations throughout will be rewarded with greater confidence from stakeholders – which over time translates into a virtuous cycle of improved services and expanded trust.



About the Author: Tom McCoy manages the Solution Development process for City Tech. In this role, Tom oversees the development and management of pilot projects, including team formation, scoping, legal negotiation, execution, and evaluation/scaling. Tom has 10 years of experience leading teams to deliver innovative technology solutions in the Pharma, Retail and Consumer Technology industries. Most recently, Tom led a product development team at Nextdoor focused on helping locally owned businesses compete by strengthening their connections to their neighborhoods and local customers. Tom has a bachelor's degree in Industrial Engineering from the University of Wisconsin.

Share by: