Cities urged to act on private sensors in public spaces

Greater oversight is needed of sensors installed by commercial organisations in privately owned public spaces, according to a new report. It calls for cities to pay more attention to the likes of digital billboards, shopping centre cameras, retail Wi-Fi tracking, and automatic number plate recognition systems.

The When Billboards Stare Back report has been launched by UK innovation foundation Nesta and the Cities Coalition for Digital Rights with funding from the City of Amsterdam.

According to the authors Dr Tomislav Marsic, a consultant, and Katja Bego, Principal Researcher, Nesta: “This report seeks to raise awareness about a new quality of privacy infringements that take place, hidden in plain sight, in what is becoming known as the ‘digital public space.’

“The term seeks to highlight how physical public areas – town squares, pedestrian zones, shopping centres and bus stops – are increasingly subject to unfettered digitalisation, with commercial sensors tracking eye movements for feedback on digital advertisements, or cameras recognising faces in shopping centres.”

Cities themselves use a range of sensors to help reduce congestion, monitor pollution and manage waste but the report focuses on commercial sensors in privately owned public spaces (POPS) or ‘pseudo public spaces’, where it says there is less scrutiny.

“Privately owned spaces are much harder to regulate and much harder to control than publicly owned spaces,” commented Marsic during a panel discussion at the Public Spaces conference this week.

He added: “A lot of cities don’t know about this problem even though it’s clearly happening in their cities as well.”


The report argues that cities need more information on the sensors being deployed in POPS and what they are capturing, to maintain trust and ensure residents’ privacy is protected.

It highlights some potentially concerning examples such as advertisements that use eye tracking, a proposal for a digital billboard with cameras that would have ‘deep faked’ spectators’ faces onto a screen, and instances of debt collection companies using automatic number plate recognition to track individuals down.

While most cities don’t have the remit to ban or prohibit new sensors in POPS or enforce legislation such as the General Data Protection Regulation (GDPR), they can use the powers that they do have to exert more control.

The Public London Charter, for example, sets out principles for how new public spaces including POPS should be operated. The principles apply as a condition of planning consent and require Data Protection Impact Assessments to be shared with the city. London also published an Emerging Technology Charter which is a voluntary initiative based on four principles that should be accommodated when deploying technology in the capital.

London’s Chief Digital Officer Theo Blackwell is quoted in the report as saying: “We’ve gone from a situation where…the rules were unclear, to a place where key questions have to be satisfied.”

Shifting power

In another example, Amsterdam introduced a mandatory sensor register which requires private companies, research institutions and government organisations to report sensors in public spaces. The information on how, where and what data is collected is displayed via an online map. Private sensors, such as smart video doorbells, and sensors for “investigation and public order” including police cameras are exempt. The obligation was part of a regulation update passed by the City Council.

During the panel, Amsterdam City Councillor Elisabeth IJmker said “transparency is a step” but further work is required in areas such as how residents can access their data from sensor owners.

“The power imbalance is still something we need to deal with,” she said.

The City of Leeds has implemented an Internet of Things supplier questionnaire which asks specific questions about connectivity, the type of data collected, and the provenance of components within IoT devices to ensure they are from trusted organisations.

The report urges local governments to use the levers at their disposal such as licensing and purchasing to set privacy conditions for POPS, and lobby for better enforcement of GDPR as well as a new requirement for Data Protection Impact Assessments to be submitted to local authorities and regulators for sensors in publicly accessible spaces.

“This would bring GDPR out of ‘online only’ and into the physical, offline world,” the report says.

The authors also call for cities to bring residents, civic society and businesses on board. Activists and media can help draw attention to issues and smaller businesses may benefit from co-operation to better address privacy implications. Driving privacy knowledge and responsibilities throughout city departments is another recommendation.

IJmker noted that cities themselves should also avoid a “technofix mindset.” Giving the example of video analytics for crowd monitoring, which has been used in Amsterdam, she said: “The real problem is not enough public space…we may forget that there’s a solution where we [could] remove some more parking spots and then we would have more public space.”

Image: Chingyunsong | 

Our partners span the globe

Lorem ipsum dolor sit amet, consectetur 

Lorem ipsum dolor sit amet, consectetur