Walkshops. Innovative methodology for citizen involvement in Smart Cities.
Jonas Breuer, Ine Van Zeeland & Jo Pierson
In smart cities, urban spaces integrate physical and digital worlds through new technologies, capturing and processing (personal) data. The benefits of ‘datafied’ urban life may seem obvious: better mobility, better understanding of climate change challenges, more safety and security, or real-time decision-making. But when data is processed throughout public spaces, there are also risks. Urban dwellers may feel that better quality of life for some comes at the expense of surveillance for all, exacerbating inequalities, and creating risks to people’s rights and freedoms. The EU’s General Data Protection Regulation (GDPR) contains provisions that can support more citizen-centred smart cities. We therefore studied an inclusive methodology for citizen involvement, a learning experience that is equal parts urban walking tour and workshop: ‘walkshops’. The study aimed to gauge citizen responses to the collection of personal data in public space and feed those back to smart city administrators. We also evaluated the utility of the method as an informal survey of citizens’ perceptions of the introduction of new technologies in the city, and their risks. This aspect could eventually even become a valuable contribution to Data Protection Impact Assessments (DPIA) for smart cities.
|The walkshop methodology shows positive potential regarding the involvement of individual urban dwellers and their perceptions into smart city decision-making. It might even be used to enrich Data Protection Impact Assessments for smart cities.|
|Participants discussed that data processing should be effective, not too expensive, or unnecessarily complicated.|
|Concerns and perceptions of urban dwellers can become risks to personal data processing operations in smart cities even if all steps have been taken to be compliant with the law (e.g. because of ‘chilling effects’).|
|Transparency is perceived differently by different people. Even in cases of compliant information provision, citizens often do not feel (sufficiently) informed in a meaningful way. Contrariwise, some people feel more anxious after being informed.|
|Perceptions of being informed, transparency and trust have a strong mutual relationship. Feelings of obscurity create mistrust but openness and involvement in decision-making can avoid negative perceptions at early stages and allow more purposeful interactions between municipalities and urban dwellers.|
1. The Walkshop Methodology
The necessity of public participation and stakeholder involvement has often been emphasised, but there is little clarity about how to put these notions into practice. We therefore tested a low-threshold approach to engaging city dwellers in discussions about smart technologies in public space. The walkshop methodology provides a relatively simple and cost-effective way to do so. Walking is a tried-and-tested methodology to study the environment, co-produce knowledge, or teach about a space. After testing, evaluating, and refining the method over several months, we organised 14 walkshops in the Belgian cities of Brussels, Ghent, and Leuven, between September 2021 and March 2022. The walkshops were centred around citizens’ experiences with and their perceptions of the collection and processing of (personal) data in public space.
Pre-set routes led along a variety of technologies, depending on what was present in each city: different types of CCTV cameras, cell phone towers, parking sensors, public Wi-Fi, bike-sharing schemes or e-scooters, Bluetooth, and Wi-Fi trackers and more. The facilitators provided information about the smart city concept, data protection concepts, and the sensors encountered during the walk. Conversations were guided in such a way that different perspectives, advantages as well as disadvantages of data processing activities, were discussed.
In total, more than 100 citizens participated. In Brussels and Leuven, a complimentary walk was organised with smart city decision-makers to share and discuss the input gathered from citizens. In this policy paper, we discuss our findings from the walkshops with citizens as well as smart city decision-makers.
2. Smart City Decision-making
When public authorities process personal, it must happen in the interest of the public, which is a lawful basis according to the GDPR. This means that the processing is necessary to perform a task that is in the public interest or for official functions, and the task or function has a clear basis in law. While consent of the ‘data subject’ (the person whose data are processed) is not necessary in such cases, the concept of ‘the public interest’ remains rather vague: Participants did reflect on who decides what the interest of the public really is.
The elements of reflection and planning emphasised by the walkshop methodology could be used productively in the balancing act public authorities need to do in their decision-making. Our study illsturates that different perspectives and tacit knowledge generated during the walks could contribute to better and more democratic decision-making with a focus on public interest.
Also, most of the decision-makers that participated thought the methodology interesting and instructive, both to learn more about citizens’ perceptions and to inform them and could be useful for involving citizens more in smart city decision-making.
|Organisations must have a lawful basis to process personal data. There are six lawful bases in the GDPR, and none are ’better’ or more important than the others. Which is most appropriate will depend on the purpose of the processing. The means used to process personal data must be necessary to achieve that purpose, and proportionate. If the purpose can reasonably be achieved without personal data, there is no lawful basis for processing the data.|
3. Safety in the Interest of the Public
To determine whether any personal data should be processed in the interest of the public, the principles of necessity and proportionality must be heeded. The participants provided some interesting input for considerations of what is necessary and proportional related to data processing in public spaces.
For example, the main argument in favour of cameras, which were not per se rejected, had to do with feelings of safety and security. Some asked what the limits of ‘safety’ are. Others questioned whether more cameras really reduce the number of crimes. Also less intrusive methods were put forward to achieve the same objectives, such as citizen watches (not police), (more) street lighting, or decibel meters to limit noise pollution as an alternative to more privacy-sensitive camera surveillance. In other words, when considering if processing is necessary and proportional to achieve a purpose in the interest of the public in the smart city, there is a sometimes-difficult balancing act: on the one hand the pursuit of safety in public space and on the other hand the protection of citizens’ personal data. This reflection was recurrent during the walks.
Another example was the argument that cameras may not be the most effective way for the intended purposes. Many practical examples were given in which camera monitoring did not contribute to solving a crime (e.g. bike theft) or preventing infractions (littering). Some participants argued police can also monitor what is happening in a location and achieve the same results without “expensive” technology.
It was also argued that efficiency needs to be weighed in terms of how much a technological solution costs and whether there are cheaper alternatives to spend public money. Someone argued that cameras are a tool of power inaccessible to communicate with, but a person would be approachable. Others contradicted that a camera feels less intrusive than a real person observing what you’re doing.
These examples show that citizen responses could be valuable for assessing pros and cons to the collection of personal data in public space, and that the walkshop methodology might indeed be utile in this regard. Involving urban dwellers (the urban data subjects) in decisions about what are the best solutions to problems in their urban environments, about what is in the interest of the public and what not seems feasible to a degree. However, they also exemplify how complex these responses will be.
|Necessity and Proportionality|
|Data processing must be purposeful; not just any means can be used if that does not fit the intended purpose. Necessity and Proportionality are principles of EU law to assess purposefulness. A data processing activity needs to be necessary to be carried out, data that is processed must be limited to what is strictly necessary for the purpose of the processing (data minimisation). Proportionality is about finding a balance between means and purpose: ensure that types and amounts of data processed and the way in which they are processed are proportionate to the purpose.|
4. Urban Dwellers and Data Subject Rights
At the core of the GDPR is the empowerment of individuals, to give data subjects more control over their personal data. For this, data protection rights are legally defined in the regulation, such as the right to being informed. The results of the walkshop show, however, that these rights have little meaningful direct effect on most urban dwellers’ lives. Some participants knew about data subject rights, like the right to access and the right to erasure but others were unaware and thought that most people they know would not be aware of such rights. When asked whether they thought they needed to be informed if data were processed about them, most participants did not think that was a requirement. We might therefore conclude that most participants were unaware of their right to be informed and none had actively exercised the right to access.
Also when information provision is compliant with rules it is not always effective, or rather: it may not be perceived as effective. The discussion during the walkshops seem to indicate that perceptions of being informed about having access to the right information, are highly subjective. This complicates matters in some respects for municipal governments that want to build a trustworthy relationship with urban dwellers. The perception of being informed also depends on citizens’ interest, willingness, and capacities.
Most participants indicated they had not paid attention to signs about cameras or other data-processing technologies. For instance, no one had ever noticed the Bluetooth and Wi-Fi tracking signs at a shopping mall, including some smart city administrators. One participant mentioned that perhaps they should be more aware of what happens with their personal data, but due to a lack of technical knowledge they would not know how to question responses.
In contrast, many participants had reservations regarding the necessity to purchase or reuse mobile network data from commercial providers in the public interest. And they did not like data about them being traded without their knowledge. Some argued that city marketing leads to the homogenization of city centres or an imbalance in public spending towards retail and tourism. Others felt that mobile network providers should not profit off their usage data without some direct benefit to them as data subjects. Rather, they found this an opaque practice and wondered whether the goals justify risks of collaborating with private companies, such as re-identification when combining different datasets.
|Data Subject Rights|
|The GDPR has a chapter on the rights of data subjects (individuals) which includes the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated processing. (GDPR Chapter 3)|
5. Trust and Transparency
Transparency is another principle in the GDPR. The walkshop study has clearly demonstrated the mutual relationship between subjective feelings of being informed, transparency and trust. Transparency does not seem to depend simply on availability of information, but also its reliability and finding the right approach for different target groups of the information. The discussions have shown that also when organisations felt they were doing an honest job being transparent, some participants wondered to what extent they can believe that the information is also correct. What constitutes good, sufficient information and transparency thus differs between individuals.
Unfortunately, perceptions of untransparent information also create mistrust. Some of the smart city decision-makers seem to think that citizens trust their (municipal) governments less than the big platforms, which many citizens use to share substantial amounts of personal data. However, the discussions during the walks rather show that there is no lack of trust but higher expectations towards the public institutions. A decision-maker that participated then also stated that building trusting relationships between citizenry and authority “is really a challenge of our time.”
What the walkshops have shown is that by providing more information about goals, inclusiveness and effectiveness, and better informing citizens about their rights, concerns can be reduced. Cameras, for example, and a lack of clarity about objectives, inclusion and effectiveness are a source for unpleasant feelings of surveillance. Citizens would appreciate proof, as they are currently judging camera monitoring based on anecdotes and disappointing personal experiences. More proactive communication about purposes and results, not only on information signs but also in the press, could help to lower concerns and support trust. Open, public discussion about different solutions to problems such as illegal dumping might increase the acceptability of technological interventions. Municipalities, based on the high expectations citizens have towards them, could be a leading example not only in finding good ways to serve the public interest with smart city technologies but also in creating citizen-centred smart cities that are transparent and trusted.
|Transparent processing is about being clear, open, and understandable from the start about who is using personal data, and how and why they use personal data. Individuals have the right to be informed about the collection and use of their personal data, which is a key transparency requirement.|
6. Lessons Learned
The purposes of our walkshop study were to investigate citizen responses to the collection of personal data in public space, and to evaluate the utility of the methodology. Regarding the former, it has become clear that perceptions are as significant as they are challenging to operationalise in decision-making. If not taken into account sufficiently, concerns and perceptions become risks themselves. This has a lot to do with how information is provided and perceived. The GDPR might have many good intentions and positive concepts regarding the role of data subjects (or urban dwellers in datafied cities) but too little of that actually reaches urban dwellers in their everyday lives. Additional efforts are required to be transparent, to understand what is required by citizens to feel at ease and to get involved. The walkshop methodology may be a good, cost-efficient, and meaningful way to do so. The nuanced reflections by participants demonstrated how city dwellers’ input could become valuable when processing personal data in the interest of the public.
Regarding the utility of the methodology as a low-threshold tool for involvement, we feel that it will not solve all the challenges linked with public participation: lack of awareness and literacy, lack of time, opportunity or patience, the complexity of topics, and reaching all layers of society. Still, the methodology has shown actual advantages, for decision-makers as much as for citizens. Every walk produced meaningful input; perceptions regarding data processing in general and specific projects, suggestions on how to engage citizens meaningfully, or feedback on what information citizens need to understand and trust data processing.
Also regarding the GDPR (and its emphasis on empowering individual data subjects) the walkshop methodology and its foci on raising digital literacy and emancipating citizens to participate in discussions seems to show some potential. The personal, individual approach to space, data processing and its impacts also fits well with the GDPR’s individual rights regime. In theory, it could even provide input for data subject consultation in smart city data protection impact assessments (DPIA) as encouraged by Art.35(9) of the GDPR. to identify risks arising out of the processing of personal data and to minimise these risks as far and as early as possible. However, it remains to be seen how operationalizable this is in practice, with limited time and resource of those that conduct DPIAs for cities.
|B||Recommendation 2 – Provide the right kind of meaningful information|
Citizen involvement is challenging but providing the right kind of meaningful information, i.e. raising awareness and knowledge, solves many issues and can even do away with issues before they arise. This includes understanding first what information needs there are for specific target groups.
|C||Recommendation/Action 3 – Build trusted relationships based on transparency|
Citizens do not want to distrust their municipality. They expect it to take good care of them, especially if they are not interested in taking decisions about processing their personal data themselves. These are high expectations. Doing efforts to be transparent enough, and showing these efforts, will result in increased trust.
|B||Recommendation/Action 4 – Execute walkshop and let us know what you think |
As described above, the walkshop methodology shows some potential to strengthen the relationships between urban dwellers and municipalities, potentially even to enrich parts of DPIAs.
 The concept has been developed Alison Powell at the London School of Economics. E.g. here and here. For a more in-depth discussion of the methodology please check here: Van Zeeland, Ine, Breuer, Jonas & Pierson, Jo (2021) Walkshops for citizen involvement: Walk the talk with smart city citizens, Paper in proceedings of Workshop on Serendipity in the Smart City, part of the IEEE Smart Cities Conference (ISC2) 2021, 7 September 2021, Virtual Event. (DOI: 10.1109/ISC253183.2021.9562922) (https://ieeexplore.ieee.org/document/9562922)
 Data protection impact assessments (Article 35(9) GDPR) call for “seeking the views of data subjects” without clear instructions or guidelines on how to do it in practice.
 For a more in-depth discussion please check: Christofi, Athena, Breuer, Jonas, Wauters, Ellen, Valcke, Peggy & Pierson, Jo (in press -2022) Data Protection, Control and Participation beyond Consent – Why we ‘seek the views’ of data subjects, and how, In: Kosta, Eleni & Leenes, Ronald (eds.) Research handbook on EU data protection, Edward Elgar.