MIDP: the Data Governance Proposal

Monday, Waterfront Toronto publicly released Sidewalk Labs’ much-anticipated Master Innovation and Development Plan (MIDP)— essentially, their smart city proposal for Quayside. There are already, and hopefully there will be many more, hot takes on the deal. Here, instead, I’m hoping to synthesize and update a few cold takes — specifically on the data governance component of the proposal, building on my initial analysis on the “Civic Data Trust” proposal, and my independent expert testimony in the Canadian Civil Liberties Association law suit against Waterfront.

Here’s the TL; DR: The data governance proposal is among the shortest, least developed, and virtually unchanged parts of the MIDP. In and of itself, that’s a fairly bleak indication of how seriously Sidewalk Labs takes privacy, digital fairness, and data governance in Quayside. Substantively, their data governance proposal is more of a workflow for granting licenses to collect data without public consent, than a credible steward of the public’s interest amidst a massive increase in surveillance.

The biggest change in the governance plan is the explicit move away from “legal” trusts to an undefined “legal structure” they’re calling the Urban Data Trust, significantly reducing clarity around legal personality, approaches to accountability, or credible enforcement authorities. Ultimately, Sidewalk Labs’ proposal devotes 4 pages of a 1,483 page proposal to describe the Urban Data Trust — and they raise more questions than they answer. Assuming good-faith, this proposal fundamentally misunderstands data governance as privacy law compliance, and doesn’t give any indication that Sidewalk Labs appreciates the political complexity of tying data collection to the dynamic management of a physical environment. There is no evidence base for assertions that whatever they mean by an “Urban Data Trust” can meaningfully protect the public’s interest, and no reason to accept this proposal as a serious attempt at designing progressive data governance.

Waterfront Toronto has already requested more clarity. All three levels of government should demand significantly more commitment from a company of Sidewalk Labs’ sophistication, including a lucid and detailed approach to meaningful accountability that protects the public’s interest in the way that Quayside develops and digitizes.

The Background, Scope, and Disclaimers

This is an analysis of Sidewalk Labs’ MIDP (MDIP?) as a data governance document. Data governance was an explicit requirement of Waterfront Toronto’s Request for Proposals, and it is a defining moment in the negotiation of rights between public and private interests in the increasing digitization, personalization, and surveillance implicated in “smart” cities.

It’s worth noting, before going too far, that there’a huge expectations mismatch happening here — Sidewalk Labs is treating this like a private acquisition, and tends to wildly underestimate the role of public accountability in securing public license to operate. Waterfront Toronto, meanwhile, is approaching this like a real estate transaction — and is trying to woo a potential investor, while trying to convince the public it can protect itself from tomorrow’s digital harms with yesterday’s legal tools. And, lost in the fray, are the individual, marginalized, and uninstitutionalized interests, who don’t have an obvious seat at the table, but will have to subsist at it, all the same. To each party’s great credit and disappointment, while starting from very different minimum standards, there are obvious signs of trying to accommodate each other.

It’s also worth recognizing the role of privacy law in catalyzing the data governance component of this proposal. Privacy law is one of a very few digital rights protections in Canada, which has clearly driven Sidewalk Labs to develop this data governance proposal. Privacy law, however, was not designed to protect communities from the issues raised by privately managed “smart” cities. As a result, most of the data governance proposal focuses on compliance with existing law and avoidance of compliance harms, willfully ignoring the extremely predictable discrimination, public commercialization, and contracting asymmetries that are unfortunately common in tech-led public governance proposals.

Perhaps the best articulation of the idea that this project has exceeded the scope of its authorities, and its potential to protect the public interest, comes from Waterfront Toronto’s Chairman, Stephen Diamond:

“Sidewalk Labs’ proposals require future commitments by our governments to realize project outcomes… They are also not commitments that Waterfront Toronto can make.”

Dan Doctoroff, Sidewalk Labs’ CEO, responded in classic fashion — assuring Mr. Diamond that he was in deep consultation with all three levels of government. Whether they are commitments any level government should make, especially under these conditions, remains to be seen.

What’s Different in the MIDP?

In short, the biggest difference with the MIDP is that it’s out and, ostensibly, complete. Substantively, the MIDP Data Governance section contains a few, key changes from the previously published research (MaRS’ Civic Data Trust Primer) and proposal (Sidewalk Labs’ Update on Data Governance):

1. They changed the name — from Civic Data Trust to Urban Data Trust (pg. 423). Their main reasoning is to avoid confusing anyone that they’re proposing a “legal trust,” and instead are proposing a “legal structure.”
2. They’ve proposed rushing implementation and prioritizing their use cases. It’s a small, but telling suggestion.
3. They’ve doubled down on urban data, as a licensing regime and classification system — as well as contract-based approaches to data management, accountability, and enforcement

Other than that — the data governance proposal is functionally identical to the Civic Data Trust proposal. Despite that, this analysis assumes that the parties to this deal are still acting in good faith and that negotiations will solve a number of the pitfalls of ‘technology-company-as-public-infrastructure provider’ that have become common knowledge.

Technology companies, for example, approach product development with less process and appreciation for user dependence than public authorities — meaning that foundational infrastructure systems could be discontinued with no plan for replacement, and very little notice, as happened with Google Fiber in Louisville, Kentucky. Alphabet also shutters services based on its business interests, not public interest or reliance, as evidenced through projects like Google Reader. This analysis assumes that the contracting processes surrounding the Quayside Project will prevent Sidewalk Labs, and any other licensees, from unilaterally discontinuing products or services with sizable public reliance, absent public approval and alternative planning.

Similarly, unless the Government negotiates bi- or multi-lateral authorities, Sidewalk Labs may have the power to unilaterally alter key terms of contracts. Alphabet did this recently, when they announced that Nest data — which they initially promised would remain separate from users’ Google profile — would be combined with the rest of their data infrastructure. This analysis assumes that the underlying contractual negotiations, beyond this plan, will establish mechanisms that prevent Sidewalk Labs, or any data vendor, from changing the underlying terms of data- and privacy relevant contracts without public approval.

Lastly, this analysis assumes that any approved development plan will fully define and contextualize the scope of “data governance,” — including how any data governance body would work with typical public governance and oversight bodies, like the city council. This is especially important, as Sidewalk Labs is likely to struggle with politically sensitive or contentious situations. While it’s easy to criticize the ethics of companies, the larger issue here is the vulnerability to accusations of political agency, especially at the international level. Whatever data governance mechanism does take shape in Quayside will need a capacity for resolving, or engaging with mechanisms designed to resolve, political controversies that arise from digital and data governance.

This analysis draws aims to highlight the ‘good’, ‘bad,’ and ‘ugly or undecided’ parts of the proposal, with a light reference to the themes identified here. Saving you some time, the good didn’t get better, the bad got worse, and the undecided is pretty much everything.

The Good (Updated)

Unfortunately, there’s not really anything to update from Sidewalk Labs’ original proposal here — the best parts of the initial proposal were that it was transparent ahead of consultation and that it focused on common standards.

The value of the initial transparency was that it might give the public consultations enough substance to influence better policy. While the MIDP must still be viewed as a “draft” proposal, Sidewalk Labs hasn’t added any specificity or substance to the data governance proposal since the October data governance update, based on that transparency or the ensuing consultations.

The appeal to common standards also remains a positive, but only counts as an improvement if the baseline expectation is that Sidewalk Labs should be allowed to outright buy cities. Common standards are standard operating procedure in public and technology development, as well as most fields of public interest service provision. Canada’s domestic technology companies, government, and academia are already engaged in setting data governance standards — which would have been an easy way for Sidewalk Labs to prove the values they suggest motivate the proposal. Instead, Sidewalk Labs is pre-empting regulatory oversight by proposing an independent, quasi-governmental body with no native authorities — which isn’t exactly a victory for public oversight.

The Bad (Updated)

What’s true of the good is also, mostly, true of the bad — not much has practically changed. The clearest, and worst, update is that Sidewalk Labs didn’t address, fix, or improve on any of the flaws in the original proposal — and removed the small amount of legally significant clarity that it contained.

The two most substantive changes in the MIDP are (1) additional detail on “urban data” — and, specifically, how it’s different than “transaction data”; and (2) the conversion from a Civic Data Trust to an “Urban Data Trust.” Both of these constructions are designed to substantially increase surveillance and data sharing, without any consideration for the problems they might cause, how the public can participate in solving those problems, or seek redress for the harms inflicted. The plan waves to regulator and civil court liability, instead of seizing this incredible opportunity to present a vision of digital justice. This plan takes “city from the Internet up,” quite seriously — and appears to want to relive all the horrific social, economic, and political consequences of opaquely and ambiguously governed technology platforms, in Quayside.

Urban Data: A Sleight of Law

Sidewalk Labs is doubling down on “urban data,” a mostly manufactured categorization of data, whose defining purpose is making it easier for companies to collect data without consent. Essentially, Canadian data privacy law requires private companies (or anyone collecting data with a commercial interest) to get explicit consent in a way that public entities aren’t — so the suggestion is that “urban data” that’s overseen by a quasi-public body could be “enough” governance to collect data without consent.

Importantly, despite being collected in the same places, under the same conditions, “urban data,” does not apply to privately owned “transaction data,” which is Sidewalk Labs’ way of making sure they don’t have to surrender any of their privately collected data to outside governance or oversight. In other words, while proposing to massively increase the amount of surveillance in the city, the Sidewalk Labs proposal is trying to minimize existing public protections, not helping develop the protections that Torontonians will inevitably need.

On its own, “urban data,” doesn’t make practical or legal sense. “Urban data,” is a legally complex and potentially quite dangerous concept, with no clear articulation of the problems it solves. Here, we’ll look at “urban data” as both (1) a practical concept and (2) as a legal approach to managing the benefits and harms that arise from data use.

Urban Data as a Practice

At the most basic and practical level, Sidewalk Labs is proposing that data should be regulated based on where it’s collected and how “personally” identified each data set is. Sidewalk Lab proposes four, confusing, categories of “urban data”: (1) personal; (2) non-personal; (3) de-identified; and (4) aggregate. Leaving aside that “personal” and “non-personal” are two parts of the same binary, there’s no indication of how a “legal structure” categorizing and compelling the selective republishing of these data types will result in any meaningful public interest outcome, like privacy, standardization, or inclusion.

As it turns out, it’s almost impossible to anticipate the harm, value, or private use that data can cause, based on a looking at a single data set. And here, Sidewalk Labs is proposing that all of the data collected in Quayside should be evaluated dataset by dataset. As has been repeatedly proven, the digital and data economies are based on cumulative externalities and rents —and transaction-by-transaction approaches to determining the public interest, almost never work. Think of 23andMe, for example, who sells DNA tests, transaction-by-transaction, but then shares that data with researchers, commercial partners, and law enforcement authorities. Their business growth comes from reselling data, not from consumer demand.

In other words, “urban data” doesn’t do anything to protect people from the obvious harms of openly accessible surveillance data, nor to level the digital playing field for other businesses that want to operate in Quayside. What it does accomplish is the external appearance of a fair access data market, with wildly asymmetric authorities inside of that market.

Ultimately, Sidewalk Labs doesn’t need proprietary access to data, the Master Developer component of the proposal gives them proprietary access to manipulate city infrastructure based on whatever data they do have. At a practical level, basing data governance standards on privacy law and compliance are dangerously inadequate, especially when combined with the quasi-public authorities implicit in a Master Developer agreement.

Urban Data under Law

Legally, “urban data,” is complex enough to unpick into its component pieces. Sidewalk Labs is saying that (1) data collected in a specific physical environment (Quayside) should have a unique legal status (Urban Data); (2) which should be as a “public asset,” but also “there wouldn’t be ownership of data,” which are conflicting concepts and based in property law, and; (3) therefore should be managed by an independent Urban Data Trust, without specifying what kind of entity it should be or how it would protect its independence; (4) whose primary function is to grant licenses, host and maintain data, and investigate and enforce license limitations, without any articulation of the basis, legal justification, or checks on those powers.

In other words, the idea of “urban data” draws on privacy law justifications to create a quasi-property law concept (urban data), which obligates it to be managed by a TBD, third-party, quasi-governmental entity — who is then responsible for ensuring data license enforcement. It’s worth noting that relying on data licensing as enforcement has been notoriously problematic — from giving rise to patent trolling to “consent washing.” But it’s simpler than that —that’s not really how any of this works. Urban data is plainly, and legally, an elaborate contortion aimed at giving Sidewalk Labs the regulatory cover it needs to collect data without consent in public places that it quasi-owns.

The Urban Data Trust: Lots of Data, Not Much to Trust

The Urban Data Trust is one major area that the proposal did change — and for the worse. The MDIP does not lay out a new or more specific vision for data governance or the workings of an Urban Data Trust. Instead, it removes what little organizational or practical clarity previous proposals offered, and replaces it with a vague sensor and data license approval workflow.

What is an Urban Data Trust?

The biggest change in the Sidewalk Labs data governance proposal is that they make it clear that their Urban Data Trust is not a “trust” in the “legal” sense, but an ambiguously defined “legal structure.” Beyond that, they’ve punted on nearly every aspect of defining the Urban Data Trust — except to provide in-depth guidance on the data license approval process. Despite those being its main activities, Sidewalk Labs claims that:

“The Urban Data Trust would help ensure privacy protections, make urban data a public asset, apply consistent and transparent guidelines, and be publicly accountable to all Torontonians.”

The over-arching idea is: companies, for a modest application price paid to the Urban Data Trust and a ‘to-be-decided’ commitment to ‘publish’ data, can apply to collect and use data in Quayside without individual consent. The proposal is, of course, more complex — but not much. As proposed, the Urban Data Trust is a financially dependent, consent and compliance tax enforcer, that leaves Sidewalk Labs in control of who gets the most valuable uses of the data (by controlling the lived and commercial environment). The proposal does not suggest that Quayside data subjects might have any other data governance concerns or interests, or how anyone manages accountability, beyond regulatory intervention and civil litigation.

Instead of proposing a trustee organization or structure, Sidewalk Labs proposed a data license approval workflow — with a few priority examples they’d like approved quickly. Beyond that, there is no meaningful discussion of who would create an Urban Data Trust, based on what authority, or how appointing a non-profit translates into public interest data governance. The proposal suggests support for the recent proposal that the Toronto Library be the trustee but — with great respect for the library and its incredible work — doesn’t explain why. It especially doesn’t discuss why the library is particularly well-situated to oversee any of the deeply thorny or complex public interest balancing inherent in city administration, let alone digitization. Some scholars suggest that the role of public interest, or fiduciary, data steward could become an expert, professional class unto itself. The Sidewalk Labs proposal is silent on what qualifies an Urban Data Trustee, the driving values of their work, or the shape of necessary data governance, outside of data sharing.

The Urban Data Trust is likely to have to weather a significant amount of political and financial pressures, which is a challenge for any institution — let alone one trying to maintain the public’s interest in data governance amidst financial dependence. The proposal doesn’t actually suggest any particular entity, or how it would protect its independence in a politically and financially influential position.

As proposed, the Urban Data Trust would have an independent authority to grant licenses, but remain functionally limited to Quayside, where Sidewalk Labs would be the Master Developer. Let me try that again. The Urban Data Trust grants licenses to organizations to place sensors and collect data, but Sidewalk Lab literally controls the physical infrastructure and space.

The Urban Data Trust will struggle to maintain meaningful independence and authority, particularly limited relative to Sidewalk Labs, but also in the general sense — especially if it’s dependent on the revenue generated by approving licenses to collect data. It’s similar to the way that Alphabet’s forced arbitration clauses rely on “independent” arbitrators, who are functionally dependent on tech company business and so often rule in their favor. There’s further no discussion of how an Urban Data Trusts’ right to determine uses for sensor data intersects with Sidewalk Labs’ rights as Master Developer to offer services in Quayside. The bigger issue, of course, is that the proposed business model ties the Urban Data Trust’s financial well-being to the amount of data sharing it permits, which isn’t an obvious or unalloyed good.

Sidewalk Labs’ proposal does not contain powers or provisions for trustee accountability, either. Specifically, there’s no discussion on foundational data governance considerations, like dispute resolution for short-term abuse, checks on defamation or commercial intermediation harms, or meaningful thoughts on who deserves representation, and why. There are no discussions of how to hold an “urban data trust,” accountable — or who would get to do so, and under what conditions.

Why Quayside Requires Data Governance

The only functions of the Urban Data Trust in the Sidewalk Proposal is to approve sensor licenses, somehow oversee those contracts, maintain a sensor registry, and either host all urban data, or enforce urban data publication standards. To that end, Sidewalk Labs’ proposal also relies almost exclusively on contracting and licensing compliance to protect data rights in fundamental and complex ways — an approach that has proven dangerously flawed, in scandals like Cambridge Analytica and security breaches like Equifax. And, unfortunately, there are no tools described or envisioned that might help an Urban Data Trust prevent or remediate bad actors and breaches (beyond ex post facto removing the license to operate). As recently noted by angel investor Bobby Goodlatte:

“Systems designed with only good faith participants in mind, often wind up defined by their bad faith participants at scale.”

The Sidewalk Labs proposal doesn’t cognize any meaningful threat model in their data governance proposal, and so the Urban Data Trust doesn’t have a meaningful base of authorities to deal with bad actors. In fact, Sidewalk Labs proposal goes out of its way to say that the Urban Data Trust’s opinions on legal compliance outside of its initial, undefined contracting remit, have no legal weight.

At the same time, the proposal extends Sidewalk Labs, the company, into some of the most compromised and abused digital services in the world, like digital identity, “responsible AI,” and using the internet of things to manipulate lived environments. Bad actors are, of course, inevitable at any real scale — and 77-acres qualifies. It is an awkward reincarnation of Silicon Valley’s blind techno-optimism, dystopically proposed 3 years after everyone knows better.

Rather than engage with clear concerns, help the public threat model, or suggest participation structures, Sidewalk Labs leaves all of the hard work of developing a theory of change, business model (financial independence), governance and representation structure (political independence), and operational design to… whichever institution with the authority to make that decision? Said more plainly, the Sidewalk Labs proposal doesn’t actually answer any of the hard questions around data governance — or suggest that Sidewalk Labs understands and engages with those problems at all.

The Topline

Ultimately, the Urban Data Trust isn’t so much a data governance proposal as it is a set of dictated market conditions, delivered with a condescending willingness to participate in performative oversight. It makes Sidewalk Labs look and sound magnanimous, while reserving the default right to control the commercializing space — without meaningfully limiting their ability to combine it with their access to other re-identifiable data systems, including call detail records and Android OS reports, among others.

When Sidewalk Labs proposed a legal trust, we could assume a basic set of legally meaningful duties, as MaRS Vice President Alex Ryan wrote in a telling Op-Ed. Without any meaningful update to, or articulation of, the types of authorities that should replace them, how they might work, or how they could protect the public interest — the proposal isn’t much of a proposal at all. In fact, their consultation summary says it all — they heard “establish an ethical data governance model for the long-term,” and they responded by “Implementing an entity.”

Sidewalk Labs’ data governance proposal is 4 pages of a 45 page section in a nearly 1,500 page report — which is probably a clear enough sign of how seriously they will take governing Quayside’s privacy and digital rights. Doctoroff has explicitly put the issue at the feet of the three levels of government, each of whom have launched data charters, principles, or consultations. The MIDP will be the first big test of the Canadian Government’s commitment to their vision for leadership through digital values. Thankfully, Sidewalk Labs has not set the bar particularly high.

The Ugly (updated)

The original “Ugly” section was aimed at critical things we didn’t know, including the default to open requirements, urban data, localization, and the source of legal authority. What we now know is that the proposals are functionally the same, with the same level of specificity. Now, they’re presumably considered “draft” final.

There are two, outstanding things worth revisiting: (1) localization, and (2) conflicts of interest.

On localization, Sidewalk Labs was, seemingly, responsive. The proposal includes language like “best effort,” and commits to “explain decisions to host data elsewhere.” While neither of those rise to the level of actual commitments, the larger issue isn’t storing data in Canada for the sake of Canadian businesses (although, sure) — the larger issue is whether that storage gives other countries the jurisdiction or opportunity to intercept or manipulate that data. Whether any country with the capacity to do so, would, is another question — but it’s one that’s hard to leave out in a year when Canada’s commercial alliances are particularly contested.

On conflicts of interest, the case is clearer. As Diamond observed in his initial response, Sidewalk Labs was never envisioned as the Master Developer — a role that throws all of their other concessions around oversight into stark relief. What meaningful penalty could an Urban Data Trust possibly levy against the company that controls the policy, market, and public infrastructure? Without leverage, an Urban Data Trust can’t credibly accomplish any of the privacy protections, harm prevention, or value creation that are touted as its driving purpose. At a more basic level, what part of this data governance proposal suggests that the Urban Data Trust — or any company it might license, when faced with the inevitable, difficult choices of public interest data governance, will choose what’s best for Torontonians? How would we define that — or know?

Ultimately, the ugliest part of Sidewalk Labs’ data governance proposal is how little it says — both as a show of respect for the people of Quayside, and as a sign that it’s ready to become a public steward of data.

The End(?)

Throughout this process, advocates on both sides have, strugglingly, emphasized each others’ good faith. The data governance component of Sidewalk Labs’ MIDP should serve as another, critical crucible for that emphasis.

As presented, this proposal creates a toothless, performative process to manage Sidewalk Labs’ privacy compliance, and very little else. The proposal neither articulates, nor accounts for, Sidewalk Labs’ very likely role in the kinds of abuse and insecurity that are common in digital transformations, and doesn’t give Torontonians any meaningful protections or agency in shaping those systems.

This proposal had a generational opportunity to re-imagine the role that data and rights can play in advancing the shared interests of a city. Instead, it removed the tiny amount of substance it had proposed, and focused on meeting today’s compliance goals, with no roadmap or consideration for tomorrow’s needs. This proposal foists all the difficult issues posed by “smart” cities onto a to-be-named non-profit, while asking for the social license to engage in unprecedented surveillance and environmental control in a major urban city.

Nevertheless, this proposal is a draft and there are decisions ahead of, apparently, all three levels of government. No matter what happens next, if it’s to be in good faith, it should include a substantially more ambitious, articulated, evidenced, and engaged approach to data governance, privacy, and protections for any other fundamental right that Torontonians hold dear. If the MIDP is any indication, this is just the beginning of ensuring they will exist in Quayside.