Your Devices Are Watching…

While they may provide convenience and more control over our environment, connected devices are also acting as soundless surveillance sentinels, collecting mountains of information about us – a virtual treasure trove of sensitive personal data.

It’s just another ordinary day. On your way home from work, you notice it’s gotten quite chilly outside, so you adjust your smart thermostat using the app on your phone. Once you arrive home, you unlock the front door using a fingerprint ID system, and then disarm the house alarm using a facial recognition feature. Now in your entryway, you pick up your tablet to turn on the lights in the kitchen and bedroom. As you walk towards your bedroom to change into your running outfit, you ask Alexa to turn on some music. Before you head out on a run, you check your wearable fitness tracker to see how far you ran two days ago. When you arrive back home, you kick off your runners, curl up on the couch, and turn on your smart TV.

The entire time, mostly without your explicit knowledge, each and every one of these devices was silently and stealthily collecting information about you, analyzing it, and sharing it with untold entities. Like a steady but invisible tap, this personal data was flowing to companies that might try and sell you more items, or could share your data with market research and data mining companies that want to learn more about you – what you watch and where you go – considered highly valuable information in the data marketplace.

This new generation of connected devices have added cameras, microphones, sensors, computing, and network access to products we don’t even think of as internet-enabled. They are becoming so deeply embedded into our surroundings, they have faded into the virtual woodwork. And not just at home, but also in public spaces, as new ‘smart city’ infrastructure technologies collect information about us from cars and our mobile devices, including information about our movements around the city.

To dive into the topic of data privacy, meaningful consent, and connected devices, the British Columbia Freedom of Information and Privacy Association (BC FIPA) partnered up with the Vancouver Design Nerds Society (VDNS) to organize a Design Jam supported by funding from the Office of the Privacy Commissioner of Canada.

Finding creative solutions

Developed by VDNS project leads Sarah Hay and Jesi Carson, with ongoing feedback and direction from BC FIPA’s Bryan Short, Joyce Yan, and Jason Woywada, the two-day gathering brought together multiple privacy experts, advocates, and activists – from the worlds of academia, civil society, government, and industry – to find creative solutions through a collaborative and interdisciplinary approach. The goal was to reimagine new models for consent that can help mitigate the negative impacts ‘smart’ technologies have on our privacy.

VDNS’ Design Jam framework and methodology is based on the “Double Diamond” design process developed by the UK Design Council, which involves exploring an issue more widely or deeply (divergent thinking) and then taking focused action (convergent thinking). VDNS also designed an “Open” Design Jam concept, which enabled participants to pitch ideas that acted as a jumping-off point for teams to form around.

“It was an experiment and an opportunity to push our collective imagination in the direction of possibilities and systems change,” explains VDNS Co-Director Sarah Hay. “We recognized that this route would require a great deal of trust, but given the expertise of registrants, this felt like the right way to go. And it was.”

Concepts and prototypes for protecting data privacy

The teams focussed on connected devices used in everyday life, like personal wearable technologies, as well as those used in ‘smart’ homes and cities, and the relatively recent ability for these devices to collect large sets of data – so-called “big data”. The two-day Design Jam format enabled participants to form teams and dig into their chosen problem areas. This initial research eventually influenced their proposed concepts.

For instance, one team proposed developing “privacy etiquette” for hosting guests, including the creation of a cover that can be placed on top of smart speakers like Alexa to block them from collecting data from guests. It’s a technically functional solution, and also provides a visual cue that serves as a reminder to guests that their host is considering their privacy.

“There seems to be consensus that Canadian policy needs to be updated. We hope to see more regulatory control of entities that collect data, and more rights for citizens.”

Another team proposed the design of a ‘toolkit’ for unionized workers to enable them to self-assess their privacy knowledge and become more informed about data privacy issues at work, to initiate positive change through already established collective bargaining or grievance processes.

These and other ‘prototypes’ that emerged after the second day of the Jam varied in how they approached meaningful consent, but an underlying common theme was a focus on empowering individuals to take control over their personal information. While some design proposals need more research and refinement, some concepts are ready for user testing. The research team produced a final report summarizing the Design Jam process, their recommendations, and the proposed prototypes.

As stated in the report, the team agreed that when it comes to data privacy, much remains to be done across Canadian society: “There seems to be consensus that Canadian policy needs to be updated. We hope to see more regulatory control of entities that collect data, and more rights for citizens. …our education systems must support children and youth to be informed and prepared to deal with issues related to data privacy; corporations need to be reigned in and new products considered in a more intentional way before they are released … to mitigate impact on the public; both public and private sector employees must be educated and protected with respect to data privacy; and rights-based data privacy etiquette must be ingrained into the very core of our culture, beginning in the home.”

A transformative process

While acknowledging that more work remains to be done, such as directly collaborating with key user groups and affected communities, BC FIPA’s Jason Woywada found the “design thinking” process to be “transformative”.

“I was glad to see design thinking applied to concepts of consent,” says Woywada. “Critical and analytical thinking dominates legislative and policy development, yet the Organisation for Economic Co-operation and Development (OECD) has frequently emphasized the importance of design thinking to create innovative and responsive policies for governments that address emergent issues and overcome the status quo. Design thinking can be a very transformative process that enables participants to break out of entrenched thinking, opening up new ways of problem solving.”

According to Woywada, the project is not the final stage in BC FIPA’s work on meaningful consent and connected societies, but rather “a jumping-off point that will launch future research and events to further address these complex issues with simple solutions.”

The organization is already exploring the feasibility of hosting another design jam, but this time with everyday consumers from various backgrounds.

“The Design Jam process we used can be adapted for either a representative sample of the general public or a predefined select target audience,” notes Woywada. “By providing a similar initial problem and thought process, the results could provide useful insights to how the public views issues of consent in a modern context.”