Legal, Technical, and Spatial Considerations
We have combined the Technical, Legal, and Spatial aspects of the Responsible Sensing Toolkit in one Step 3 as they are so closely interrelated. All three need to be approached together, guided by an ethical framework, to effectively address social values and privacy by design principles, to insure an effective and responsible solution.
Even if all technical, ethical and spatial challenges appear to be overcome, you will need to double-check your choices against laws and regulations. There are several laws, regulations, procedures, and documents you should be familiar with in the Legal Resource Library. But first – we recommend that you take a look at the ethical framework.
Technology, hardware and software
Technical choices need to be made to help you achieve the goals of your crowd monitoring project. This step is not just about what sensors or devices you use but also how you use them responsibly. There are many complex considerations that begin with taking a close look at the different technologies available and their degrees of invasiveness.
Spaces, installation and set up
After all the preparation, planning, and choices have been made, it is time start the physical installation. You need to know that everything is set up properly to get good data and achieve your goals. Successful installations of crowd monitoring projects are complex and different with each location, so we created an overview of spatial considerations to help get you started.
Visit the video library for expert interviews and advice.
In this section we’ll be speaking with the experts:
Douwe Smidt, Data Ethicist & Lead Tada
Beryl Dreijer, Privacy Officer, City of Amsterdam, Information Safety & Privacy, Space and Economy
Maarten Sukèl, AI Lead City Of Amsterdam
Tom van Arman, Future City Maker and Founder of Tapp
3.0.1 Dilemma Diagram
The Legal, Technical, and Spatial aspects of sensing projects are all interrelated and all require serious ethical considerations. In order to better understand this complexity, we have visualized these interrelations in a Venn diagram that places ethics at the center.
3.0.2 Applying an Ethical Framework
At this point, it is important to take a step back to get an overview of the ethical considerations involved to effectively address the social values involved in your sensing project and apply a methodology to measure strengths and weaknesses with key stakeholders.
You can use the values from the Tada-manifest as a basis, see below.
Our digital city is inclusive. We take into account the differences between individuals and groups, without losing sight of equality.
Data and technology should contribute to the freedom of citizens. Data are meant to serve the people. To be used as seen fit by people to benefit their lives, to gather information, develop knowledge and find room to organize themselves. People stay in control over their data.
Tailored To The People
Data and algorithms do not have the final say. Humanity always comes first. We leave room for unpredictability. People have the right to be digitally forgotten, so that there is always an opportunity for a fresh start.
Legitimate and Monitored
Citizens and users have control over the design of our digital city. The government, civil society organizations and companies facilitate this. They monitor the development process and the resulting social consequences.
Open and Transparent
What types of data are collected? For what purpose? And what are the outcomes and results? We are transparent about those aspects.
From Everyone For Everyone
Data that government authorities, companies and other organizations generate from the city and collect about the city are held in common. Everyone can use them. Everyone can benefit from them. We make mutual agreements about this.
3.0.3 Measuring Ethical Principles
We suggest that at this stage you hold an ethics workshop to apply a methodology to measure ethical principles related to the Legal, Technical, and Spatial considerations of your project. In Amsterdam we have used the Tada principles and workshop with success, consider using this format or source a data ethics workshop in your city.
3.1.1 Legal Compliance
In Europe, GDPR compliance guided by Privacy by Design principles are where to begin when you start gathering and understanding all the information you need to start a legally responsible crowd monitoring project.
General Data Protection Regulation (GDPR) (Dutch: AVG – Algemene Verordening Gegevensbescherming)
The GDPR is the umbrella reference for all EU member states regarding regulations for any organization that targets or collects data related to people. It’s very important to comply with the new EU law for data privacy in every way as the fines for violations can be very heavy. It’s complicated, but The Guide to GDPR Compliance is a good place to get familiar with regulations that you need to consider in the beginning phases of a responsible sensing project.
Important: In order to make sure you are GDPR compliant you should complete the GDPR Compliance Checklist
Other useful links:
3.1.2 Privacy by Design
The privacy by design framework is an engineering design approach which calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process. In general it is a seven step process framework to guide the design process.
More Specifically, Privacy by Design is a key regulation in the GDPR as described in Article 25: Data Protection by Design and by Default.
General information about Privacy by Design as a framework
Specific information about Privacy by Design as a regulation in the GDPR
Procurement Law (Aanbestedingwet)
This is a good place to start with any project. We need to make sure that local and regional procurement practices are being followed in such a way that we can create real impact, innovate and level the playing field. You should be aware of exceptions when there are not competitive vendors for a novel solution and/or the innovation is involved with stimulating the startup ecosystem, for instance. The tendering process differs based on city, country and region.
EU: About writing a GDPR compliant privacy notice (template included)
The Netherlands: Protection of personal data
Amsterdam: Privacyverklaring Verkeersmanagement
For example here in Amsterdam, if the budget is over 50K, the call must be nationally competitive and published on tenderned.nl. If the budget is over 211K it has to become a EU tender.
Data Protection Impact Assessment (DPIA)
The Data Protection Impact Assessment (DPIA) process aims at providing assurance that controllers adequately address privacy and data protection risks of ‘risky’ processing operations. By providing a structured way of thinking about the risks to data subjects and how to mitigate them, DPIAs help organisations to comply with the requirement of ‘data protection by design’ where it is needed the most, i.e. for ‘risky’ processing operations. (Text copied from EDPS website.)
European Data Protection Board
DPIA Information page from the European Data Protection Supervisor EDPS which is a good overview and will help determine if it is necessary to complete a DPIA.
Also related to what the EDPS describes as “accountability on the ground.” And additional documentation from the Data Protection Officer on Privacy by Design.
Guidelines for determining if data processing is likely to result in “high risk” in which case registration and/or application with the EDPR is required (note: this is also related to assessing proportionality described in Step 1 “Use Case and Goals” resource library of this Toolkit).
A sensing project that collects data from the “systematic monitoring of a publicly accessible area on a large scale” is required to complete a DPIA and submit to the EDPS for review.
The Data Processing Agreement
A data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the processor. (Text from www.gdprregister.eu.)
Data Processing Agreement Basics
Data Processing Agreement (template)
The DPA is all about clear definitions, roles and responsibilities of the data owner and the data processor in a “client vendor” relationship. When a city innovator enters into a business relationship with a solution provider that processes personal data they must complete this agreement.
TADA Principles and Manifesto
At the core of any successful sensing project are the ethics regarding data use and reuse. How you, as a government innovator, uphold data ethics in your project will ensure the public best interests are in mind and inform your team how to communicate your ethical data practices. Understanding how Data Ethics relates to the Technical, Legal and Spatial considerations for your project is also important in the beginning stages.
You should be aware that whatever information or data you create in a project that generates data in public spaces or acquires data from people needs to be accessible to the public. Make a plan to publish your data on an open data portal.
Dutch Public Access to Government Information Act (Wet openbaarheid van bestuur: Wob)
Otherwise known as the Dutch Freedom of Information Act, the Wob is specific to the Netherlands rules and regulations for access to and reuse of public sector information including data. Unless there are valid legal reasons to withhold, citizens and organisations have the right to access or request any government information and/or data and reuse for commercial or non-commercial purposes including apps, visualizatoins and analysis.
Freedom of information (Wob) and reusing public sector information (English)
Organisation of government communications (English)
Dutch Public Access to Government Information Act (Wob) (English)
Wet openbaarheid van bestuur (Dutch)
You should be aware that whatever information or data you create in a project that generates data in public spaces or acquires data from people might to be made accessible to the public. Make a plan to publish your data on an open data portal. In addition, it is wise to document important considerations.
The Reuse of Government Information (Wet hergebruik overheidsinformatie: Who)
In European law this is also known as the Open Data Directive. This law provides a common legal framework for a European market for government-held data (public sector information). It is built around two key pillars of the internal market: transparency and fair competition. In the Netherlands the policy is “open by default” meaning that if there are no security, privacy, or copyright issues, government data must be open and accessible.
European legislation on open data (English)
Wet hergebruik van overheidsinformatie (Dutch)
Handleiding Wet hergebruik van overheidsinformatie (Dutch)
Handleiding Wet hergebruik van overheidsinformatie (Dutch)
Government published data is a great way to use data-fusion to add value to your project. Open data portals are available in many countries, in Amsterdam and in the EU.
The Prohibition on State Aid and EU law (Het verbod op staatssteun en EU-wetgeving)
State Aid is defined as an advantage in any form (not just funding) given to a selected undertaking by national public authorities. This is prohibited by European law when it distorts competition or may affect trade between EU member states. Make sure that when you are funding your responsible sensing project or if you are granting funds for such a project that you are following transparency requirements and complying to fair competition policies.
State aid (English)
Het verbod op staatssteun (Dutch)
There are exceptions when the project is innovative and the goal is to stimulate a well functioning and equitable economy. An example of this in Amsterdam would be the Startup in Residence Program.
Transparency and informing the public about how their data are being used are two basic goals of the GDPR. This article explains what is a privacy notice and offers a privacy notice template to help you comply with the law.
About writing a GDPR compliant privacy notice (template included)
Legal Compliance Overview
Among several laws, procedures, documents and ethical principles you must consider before moving forward you needed to make sure you are familiar with the specific legal aspects of crowd monitoring in public spaces in your country, region, and city. For responsible sensing projects in the EU and the Netherlands here is a list of items we know are important from our experience. For full details download the Legal Resource Library (PDF).
- European Data Protection Officer (DPO) | Link
- The Dutch Data Protection Authority (DPA) | Link
- Right to Erasure Form (Part of GDPR) | Link
- IoT registration (Amsterdam) | Link 1 | Link 2
- Video Camera Registration (Amsterdam) | Link
- AI Register (Amsterdam) | Link
- Legally required signs and stickers (Amsterdam) | Link
- Project Description | Link
Additional General Legal considerations that will vary greatly by region and use case:
- Governance, ownership and responsibilities
- Contracts and liability
- Open Data publishing, use, and reuse compliance issues (EU)
3.2 Technical choices
Definition of a Sensor
For the Responsible Sensing Toolkit, a sensor would be used in the public space to measure various phenomena such as the weather, sound, and movement. They could detect objects such as vehicles, bicycles, and people and this would require an Internet of Things (IoT) device that communicates with the internet, therefore a very simple definition would be:
A device that measures and transmits change states to a database.
For a more detailed definition for all sensors visit Wikipedia.
As technology grows, so does the number and complexity of sensors and devices that can be used to monitor public space. The technical choices you make will relate to decisions made in the previous steps when you established your goals, use case and planned your project accordingly. What is important in this step is that you first familiarise yourself with the different options available and then take a closer look at the Degrees of Invasiveness to help guide a responsible and ethical decision.
Current computer-vision systems do a decent job at classifying images and localizing objects in photos, when they’re trained on enough samples but it takes a lot of work to achieve a high level of accuracy. Computer vision applications include facial and object recognition, also biometrics which can be very invasive.
An acronym for Closed Circuit Television, CCTV has been around for a while and is used mostly for security purposes. It’s all about recording video footage of people either in public or private spaces and can be applied to computer vision applications but not necessarily. Also known as video surveillance, it is perhaps the most invasive technology you can use.
These come in all shapes and sizes. They can record sound or just detect it. They can be highly accurate and measure volume (dbl), tone, pitch, and/or frequency or simply detect the existence sound above a certain threshold. They all use microphones but not all deliver insights related to the nature of sound or sound identification which is enabled by using existing libraries or training using machine learning.
Or Thermal Imaging Cameras used for crowd monitoring use infrared technology to measure object radiation and vary greatly in range and accuracy, from detecting the existence of a person at night at long range to a fairly accurate temperature reading at close range.
Convenient because almost everybody has a Smart Phone with them wherever they go but also problematic depending on what you want to achieve. Geolocation services, Bluetooth, Wifi, and/or Mobile Data must be on for instance depending on the application.
Or Motion Detectors can be one of several technologies including Passive Infrared (PIR), Microwave, Sonar, and Ultrasonic. Although this technology is useful to detect single object presence, iit is not effective for multiple objects or crowds in large spaces.
Or high resolution radar uses an ultra high frequency radio wave to detect, locate, and track moving targets with a very high level of accuracy but with a limited distance. This technology is also used for security screening to detect weapons and other dangerous objects under clothing.
Also known as a packet sniffer. This technology detects smart phones on Wifi mode searching for networks. The sniffer intercepts probe requests and the MAC address of the device making it useful to track an individual in a large space but also potentially invasive.
A depth sensing technology that uses three different techniques to detect and image map objects: stereoscopic vision, structured light pattern, or time of flight (ToF). All capture or produce 3D images which are anonymous and trackable in crowded spaces with a high level of accuracy.
3.2.1 Technical – Degrees of Invasiveness
Different sensing technologies have their own degree of invasiveness depending on how they are used and where. You should be aware of how different sensors and devices can compromise privacy and compare them to others to understand your options.
The image below shows an abstract representation of how certain technologies compare to each other on invasiveness. This graph will change based on application. In some cases it is possible to lower the invasiveness of an intervention by adapting or changing the technology. For example: facial blurring software on camera feeds or decibel meters instead of microphones.
Challenge yourself and your team to apply this graph to your project in order to find less invasive alternatives. If two technologies could solve the same problem, the least invasive one is preferred.
3.2.2 Technical – Invasiveness Matrix
A quick guide to the various kinds of data that different sensing technologies generate. The Invasiveness Matrix will tell you what solutions will create biometric data versus anonymous data, location data and more.
The NYC IoT Strategy: Example of Assessing Privacy Risk
Every city is different but it’s a good idea to asses privacy risk as part of a city wide policy for sensing projects in public spaces. When using these various technologies we need to be aware how invasive they can be. In March 2021, the New York City Mayor’s Office of the CTO published their IoT Strategy to plan for more inclusive sensing projects in public spaces. As part of this report they created a three tier framework to aid decision making when gathering data in public spaces. For details download the full report.
Different spaces have different requirements when designing and implementing a sensing project. We have created a simple example with six spatial categories and specific considerations. Below you will find these considerations and some important questions you need to ask yourself and your team.
In Amsterdam it is compulsory for all data gathering devices or sensors to be registered. Make sure you follow the requirements in your city. More information on the Amsterdam sensor register. (Dutch)
Signage: Does your project area have signage, boards, or flags to inform public that they are in a monitoring zone?
Privacy: Does your project area provide the public the right to be invisible or anonymous? How so?
Permission: Do you need permission from property or facility manager? In public space, you’ll need specific permissions or exceptions from the municipality.
Agreements: Do you need data processing agreement, data protection or any other regulatory requirements?
Registration: Should the cameras, project documents or FAQ’s need to be registered?
Overview of spatial considerations
Cities are mostly made up of private properties. Owners of these properties control access and are allowed to collect data from visitors for security reasons.
City parks are owned or managed by the local municipality. You’ll need special permission from authorities to collect data from these areas.
Waterfronts and Harbors
Mixed management between the city, water authorities and sometimes private boating clubs or marinas. Collecting data needs to be approved by every stakeholder.
Campus and Business Parks
Hospitals, universities, commercial or industrial properties are mostly private. Collecting data is usually permitted by facility management or the owner.
Hotels, Bars and Restaurants
Hospitals, universities, commercial or industrial properties are mostly private. Collecting data is usually permitted by facility management or the owner.
Sports Grounds and Recreation
Clubs, pitches, playgrounds or stadiums can be mixed between private and public ownerships. Collecting data of guests should be for legitimate safety reasons.
In this example we are using the Marineterrein Amsterdam Living Lab: inner-city test ground for a sustainable living environment. This 1/2 square mile district is a wonderful microcosm of any city space, function or activity. More information
3.4 Video Library
Our expert interviews are a quick way for you to get some great advice. Before moving on to Step 4 of the Toolkit please take a few minutes to learn from personal experience and insights in the video's below that will help you think about Legal, Technical, and Spatial Considerations for your sensing project.
All expert interviews ask these three questions:
What are the biggest challenges when using sensor technology in public spaces?
What are some approaches to address these challenges?
What advice can you give innovators thinking about deploying sensors?
Data Ethicist & Lead Tada
Tada is all about the ethical and responsible use of data. As the formal lead for Tada, Douwe is concerned with informing the public properly and ensuring they benefit from crowd monitoring. He suggests involving the people we are monitoring but you should always ask “is this the right solution to the problem?”
Privacy Officer, City of Amsterdam, Information Safety & Privacy, Space and Economy
Beryl provides valuable insights about why we should develop crowd monitoring projects in open, inclusive and transparent ways. GDPR compliance is important but so is informing the public about what sensors are doing, why they are there, and where they can complain helps people feel safe about your project.
AI Lead City Of Amsterdam
As the AI architect behind the Object Detection Toolkit www.odk.ai Maarten shares his experience specific technical aspects of Computer Vision as a crowd monitoring tool. Regardless of the techniques used, we should always use sensors for the benefit of the public and using Living Labs to test your solution will avoid many problems.
Tom van Arman
Future City Maker and Founder of Tapp
Tom is an architect and urban planner using open data, api’s and IoT solutions to create more social, sustainable and resilient cities. He tells us why ethics is at the heart of good design practice in public space and how using the data to make informed decisions creates value for future cities.
You have finished step 3 of the six steps.
Responsible Sensing Toolkit Workshop Trial
As you can see this whole process is quite complex. Even as a municipal innovator with experience in sensing projects it can be difficult to implement these tools on your own.
If you need help, sign up for our Responsible Sensing Toolkit Workshop Trial. This workshop (Workshop 1) will help you and your team to identify your dilemmas with the Decision Canvas as a guide. The Workshop Trial takes only one hour and helps you to set up a clear roadmap to a responsible and ethical sensing project. In particular cases this workshop is free of charge.
Please check out our workshops or contact Sam Smits.