Privacy Talk with Hector Dominguez, Open Data Coordinator at the city of Portland, : What is the Portland Privacy and Information Protection Principles and what is this for?
“This interview recorded on 31th March 2023 is talking about privacy and digital marketing.”
Kohei is having great time discussing smart city and privacy.
This interview outline:
- Why had it unanimously passed a surveillance technologies policy in Portland?
- How did you deliver the message to each stakeholders?
- What is the Portland Privacy and Information Protection Principles and what is this for?
- Why had it unanimously passed a surveillance technologies policy in Portland?
Hector: Yeah, you know all those experiences that I was sharing before about technology failing, given the right the promise deliverables or products that we were expecting. We start to create this skepticism, like not believing what the technology vendors were claiming, and then is like a mistrust and this is just from our program to all that.
Now, from the community perspective. Obviously, there is different history and you think about the cultural and historical context here in the US where, particularly black people, indigenous people, immigrants, they get immigrants from all over the world, right?
It doesn’t matter if not only immigrants from the Americas, immigrants from the Middle East, mostly in countries are sometimes immigrants from European immigrants.
They get exposed to all these different issues around immigration and how personal data that you are an immigrant, the handle and use sometimes without your consent, or even you know, what’s happening right.
Now, there is some mistrust in many cases on how technology is being used. And the mistrust comes from technology not working properly, but also, mostly because we don’t know how technology is being used in the development of the surveillance technologies policy.
We believe that it’s very important to get public engagement and public participation not only to get some initial input or more like co-designing the policy or understanding what is really happening. And we have been doing that since 2019 when we started our privacy and the information protection principles as general guidelines are what we are doing now.
And then the face recognition policy, which was back in 2019. When we finished one we finished the privacy and information protection principle. Other city, back then the city of San Francisco started banning the use of facial recognition because of bias against people with dark skin color, older people, women.
(Movie: San Francisco bans facial recognition)
And so we got the task to start looking into that and this helped the city what to do where they should like answer your question, should we ban the technology should we do something else?
And we did for that policy. About a year work we do the engagement and informing people organizing codesign events, working internally with our city leadership, with elected officials, with supervisors, middle management with bureau directors, with practitioners, the ones who are going to potentially use the technology so it was a lot of work.
We did the same for surveillance technologies policy, etc. So at the end, I think we keep this kind of perfect track of having policies that pass unanimously. Because everybody is informed. Everybody has been participating in this process. Everybody knows what they’re expecting.
And the reality is that sometimes not everybody is, sometimes nobody is really fully happy but we are in a place where okay, I can actually support these because these make sense to me. It could be better. That’s the work that we need to keep doing. And particularly with this last policy, the surveillance technologies policy.
It’s very complex, right? Surveillance technologies has things to do around human rights, how technology has been evolving so quickly and with the use of artificial intelligence. Many of those things go beyond what we can do as a series.
However, we’re starting with our starting point with this policy and what we were proposing was, so the first thing we need to understand is where we are right, and we need to make sure everybody understands where we are. So next steps are well informed and next steps we know where we want to go, right.
So this policy is actually focused on transparency and building some basic due processes for creating more information and more transparency. So we are going to build with this policy and a city wide inventory of all the surveillance technologies that we are using currently.
And we are going to start implementing privacy impact assessments in new surveillance technologies when we see that you want to procure or planning to use new surveillance technologies. So they need to come with a privacy impact assessment.
We are now starting from zero. Another thing that I should mention is that networks with communications with other cities have been really important for these projects.
Because we don’t need to reinvent anything. So we really are learning from other cities, which are different from the private sector where there is a lot of information like intellectual property protection in public sector is really open.
So we actually have meetings with other cities on the west coast with the city. The city of Seattle has been a great group that is advising us from the very beginning. We have meetings with the City of Seattle, with San Francisco, with Oakland, with San Diego, with San Jose, Santa Clara County.
And we also have meetings or belong to this international network of the coalition of cities for digital rights. It’s mostly based in Europe. That includes the city of Barcelona, Amsterdam, New York City, Doublin, London, Berlin, Reykjavik, Helsinki they met in Europe, so it’s quite extensive.
And you know, we share that’s actually pretty cool because even though our contexts are very different, we have a lot of common, so we have, we are doing is just the things that we can share, share and we adapted. We use it so that’s a lot of time and resources saving.
Kohei: That’s amazing work. Probably just to inform the citizens and the stakeholders, I think they have different surveillance, something especially for maybe just the local citizens who think it is there the data in the correct is the without their consent or something.
It’s been a part of the concerns but it has other stakeholders that have a different type of the context. So how did you inform those stakeholders you provide information at the same level each or you customize information to the different stakeholders in this case?
- How did you deliver the message to each stakeholders?
Hector: It’s both I think we have common information for everybody that we share on social media, sharing our blog posts, we share with big email messages to everybody in our mailing list.
And our mailing list includes private sector, small businesses, coalition of businesses, academic institutions and research institutions or colleagues in the Portland area or in Oregon, local advocacy groups and individuals, nonprofit organizations, so it’s quite diverse.
Of course, this is kind of the larger list at the end of that so a smaller group, the stakeholders or shareholders that are more active in this area, the contract together they ask us questions, we have meetings and things like that.
They depend on on who we’re talking to, we we actually can have one to one conversations and of course it’s very different when there is information that advocacy groups that is actually working around police issues, law enforcement issues, for instance, or immigrants issues, where they know or may understand about how artificial intelligence is going to impact them.
So it’s very different from how we prepare the message and how we work with them, sometimes we actually don’t want one education like for meetings for digital literacy, right.
And sometimes because I speak Spanish natively. We do it in Spanish. And in the future, hopefully we can actually do it with other languages. For instance, there is a big Somali population here.
They have actually reached out to us complaining that we don’t have enough information in Somali and they are right. Now as well, Portland has such a diverse community with everybody from all over the world, right but the main languages spoken here are Spanish, Vietnamese, Chinese, mostly Cantonese. Ukrainian and Russian.
Yeah, and Somali. So, there is obviously Iranian families that’s Persian for instance. And yeah, so it’s quite, it’s quite diverse and that could be also an issue around how we manage our limited resources in our program.
This is from the community perspective. Now there is a legal difference sometimes when we talk to the private sector because we work in the private sector. We approach small business networks, which is very different when we talk to a food car for instance, and foot care.
Or, there are or somebody who’s just having a small store in town, when we are actually talking to a big corporation like Google or Amazon or Apple that they have offices here or Walmart that were recently just departed from Portland, but we were talking to Walmart, or some of the local business association, right?
So we prepare the information that they need, or for instance, the airport reached out to us directly. For instance, other jurisdictions, because that’s also important to include, because we as a city only have jurisdiction or what the city manages, which is parks, the right of way the streets like that, but we don’t manage the schools for instances.
We don’t manage the airport, we don’t manage some of the natural reserves or place here other than parks and the right of way. So it gets complicated at times, yeah.
I can imagine that it is a tremendous effort. Owing to this kind of policy is going to effect. That’s a very great achievement. We should appreciate it that you are sharing the great insights.
So you mentioned the principles about privacy, especially in Portland. I think that’s a very great announcement. You said this principle before creating the new initiative relate to the smart city. So could you tell us about this information principle as well as what is this for the smart city?
- What is the Portland Privacy and Information Protection Principles and what is this for?
Hector: Yes, when we started all these works back in March 2018, so the general data protection regulation in Europe is actually coming into effect. European have this framework, legal framework, for a long time.
And when we were doing the first thing that I started doing personally, I was looking into hoping that law policy and then one goal right away was okay, we need to have some privacy principles.
The city of Seattle has the oldest privacy office in the nation, it was actually established in 2015. So they already had a number of years, three years before us and all that. So we reach out to them.
We look into the people that Seattle had put together. That was an important portion because when we look into the principles, I was working with my colleague Judith Murray from the Office of Equity and Human Rights. She mentioned this language is really not developed from the perspective of the community.
It’s really just developed for protecting the city. There is liability, you know, nobody’s going to sue us and things like that. We should think about that differently. And then looking into what Europe had done, the GDPR had all these privacy rights, based on, you know, the Eastern European philosophy around individual rights and all that.
And so we try, we say what about if we have some privacy rights here in Portland, when we’ve brought this idea to our city attorneys. They say no, or see the attorney say now privacy rights are going to take you a long time. They legally bind it the city .
What about the Privacy principles? It’s been this number of voices that okay, we started with principles we did that idea. We organized a hackathon and a conference. I don’t know if you’re familiar with that.
An unconference is basically a conference of course, but everybody comes there is a general topic. In our case it was civic data and privacy. And there is no specific talks or rooms and things like that.
So everybody who goes and attends our conference. We did something like that, dynamics just came and we started putting what we wanted to discuss in that event. So we group all these different topics together, we came up with like four or five different topics.
Within breakout rooms, discussions, people were taking notes, people were like sharing resources, links and things like that and at the end of that process, we came up with that with a Google Doc with all those notes and all those things, it was a really great starting point that we took that the ginger and Brewster, the chief privacy officer from Seattle, came to Portland to help us also to figure things out.
We tell the leadership at a time. We started from what is the Portland values from that which we put together, at least with our Portland values. We took all these different notes that we had, and then we translated that into the seven privacy and information protection principles that we have now. It’s a policy.
And so we did some innovation there. So basically, we reframe it, the language for the principles. We took several principles, we’ve reframed the language, principles around transparency, principles around accountability, no discrimination, all these five principles and then we added two new ones.
There I’ve got this public event, public engagement, which was data minimization, so we would only collect the minimum amount of information and that minimum amount of information needs to bring value to the city and the communities that we serve.
And, then automated decision systems so algorithms basically. So we need to look into the privacy concerns when we use an algorithm. We need to look into the whole lifecycle of data and information that includes like third parties, you know, all these black boxes behind something. And that’s how we put together our seven privacy principles that also pass unanimously in our city council. So that was the story.
Kohei: That sounds interesting, especially for just you invited from other cities and just learning from the essence. I think it’s kind of the knowledge aggregation is the power of the very important to set of the principal and define all the local issues.
I think you mentioned it on the website as well. In terms of the privacy risk assessment, as you mentioned, that risk assessment is very important. To induce new technology especially for the public interest.
The also the you are defined as the risk assessment with the separate pillars such as you put on the initial threshold, the impact assessment which is a very primary.
I think it is to define what kind of risk is suspicious working on the city development. Could you share about your risk assessment for citizens in Portland?
Thank you for reading and please contact me if you want to join interview together.
Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!
