What if there were no privacy laws for smart buildings? Would it really be good for business? Would it really be bad for occupants? Would the building be smarter? Would anyone want to live or work there? These are some of the many questions floating around the smart building sector as rapid technological development outstrips our ability to secure the huge amounts of occupant data being generated in our intelligent facilities.
Building data is full of information about occupants; where they have been, who they have been with, what they have done, how productive they were, and even their mood. By combining this information over days, weeks, and months we begin to gain actionable insights that can lead to more effective decision-making. For example:
- Alex is more productive in a good mood. Sitting by the window improves Alex’s mood.
- The optimum temperature for productivity in this team is 23 celsius (73 fahrenheit)
- When Ashley and Alex meet, both have less productive days.
- There is a demand for more quiet spaces. There is an excess of meeting rooms.
- Ashley’s productivity has been declining for months.
This is an extension of human observation, and just as our classroom teachers separated those pupils who were too chatty or mischievous together, workplace observation can also aim to create the most productive environment for the office as a whole. Smart building applications depend on such data to bring about the value they promise, and there would be no smart buildings without occupant data, even energy efficiency monitors occupants. However, the idea that sensors and cameras are surveilling occupants at all times does not sit well with much of society, and the fact that surveillance data can be combined with personal data such as race, gender, or income then raises discrimination issues and triggers data law.
“While the advocates of connected buildings may argue that data is used on a purely aggregate basis to manage matters such as building sustainability, there is clear scope for intrusive use of personal data, potentially enabling detailed monitoring and profiling of individuals’ movements, behaviours and preferences,” says Faye Harrison, senior associate in Bristows’ data protection team. “In reality, connected buildings will only reach their full potential if mass volumes of data can be shared between multiple devices operated across open networks.”
“Ultimately, a balance needs to be found between supporting innovation and ensuring the privacy of individuals,” continues Harrison. “While innovators need to find ways to work within the boundaries of the law, ensuring that privacy is borne in mind as new technologies are developed, the regulators need to take a commercial and risk-based approach to interpreting the law to avoid completely stifling innovation.”
Law is necessary to protect building occupants but they are not really protected unless that law is enforced. There are over five million buildings in the US alone, and even if inspections could uncover misuse, authorities could only inspect a small fraction of building stock, meaning laws guiding corporate use of personal data can never work. However, without effective laws, occupants will always suspect that the expanding surveillance infrastructure surrounding them might be surveilling them. This creates mistrust from the occupant towards the smart building and that trust is the foundation of user acceptance for new technology.
“Different regulations differ somewhat. GDPR requires meaningful human review of any significant automated decisions. CCPA, on the other hand, requires detailed documentation and tracking of onward transfer of data to third parties or partners, especially for data that is sold. Different regulations also differ on how much they emphasize “consent” and any multinational company is likely to have to comply with the union of all those regulations,” says Amol Deshpande Co-Founder at WireWheel.io. “Given the impossibility of anticipating what de-identification attacks may be possible in the future and what side-information may be available to aid those attacks, it is considered safe to assume that any data collected about an individual is personal, unless it is heavily aggregated.”
We must find a solution that protects building occupant privacy, develops trust between the user and the system, and allows buildings to improve through smart technology. According to a growing number of experts, the answer is to take personally identifiable data off the table completely. If the data gathering devices themselves are required to delete all personally identifiable data and only send anonymous and aggregated data, we remove the privacy problem and still provide valuable data to smart building applications.
“Privacy is the foundation of our freedom. You don’t give that up for smart tech. You do both,” Dr. Ann Cavoukian said in an interview with .coda. “I was the Privacy Commissioner of Ontario, in Canada, for many years. What I know from that time is that privacy laws do not apply if there’s no personally identifiable data. We make it a win-win. That’s what the concept of privacy by design, which I created, is all about. Make it a win-win. Data utility and total privacy. We can do both.”
Cavoukian, the former Privacy Commissioner of Ontario, was hired by Google’s sister company, Sidewalk Labs, in 2017 to support their Toronto Quayside smart city project. She then resigned in 2018 over concerns that the project could not guarantee privacy due to personally identifiable data being made available to third party companies involved in the project. Cavoukian says that the Sidewalk Labs board claimed, “we will ask the companies involved in the IT to de-identify data, but we can’t make them do it,” and that response was her reason for leaving the project, which continued to see public resistance until it was cancelled in 2020.
“When I started working with Sidewalk Labs, they were all committed to embedding privacy and de-identifying data at source. I looked at all the technologies that would be on 24/7 and told them we’re going to have to de-identify it at source,” says Cavoukian. “By that, I meant all data, no matter what it is, the minute it’s picked up, scrub it of any possible personal identifiers. You still have very valuable data that can be used for a variety of purposes in the smart context that will not have privacy risks, because all associated Identifiers will have been removed.”
De-identified data may not be as valuable as personally identifiable data, certain applications may not work as well and some of those applications may be important, such as contact tracing during virus outbreaks. However, if building occupants are uncomfortable it undermines the purpose of collecting the data in the first place. If smart building technology is intended to improve the occupant experience then giving occupants confidence over their privacy is part of that mandate. Occupants must trust the building, and while promising never to misuse data is positive, de-identifying data from the source is a much more tangible action for occupants to build trust with.