Exclusive

Sidewalk Labs requires detailed safeguards for its own employees’ data

article-aa

Sidewalk Labs requires that all data collected on its staff must be carefully safeguarded by contractors working on the company’s proposed smart city development.

A document obtained by The Logic shows that Sidewalk Labs insists contractors agree to protect any information that could be used to identify a member of Sidewalk Labs’ own staff, including biometrics, location information, names, emails, telephone numbers and “payment card numbers.” The company also requires that individual IP addresses, network and hardware identifiers and geolocation information are kept secure.

The request for qualifications (RFQ) was sent to a small number of architectural firms in August, seeking building design proposals for the development. However, Dan Levitan, a spokesperson for Sidewalk Labs, said that these terms are a “matter of course” as part of Sidewalk Labs’ “services agreements and advancement of data privacy and responsible data use.”

The Google sister company won’t say if it’ll offer the same protections to Toronto residents as part of its proposed smart city development on Toronto’s waterfront.  

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking Point

Sidewalk Labs wants all personally identifiable data collected on its staff, from names and emails to location information and biometrics, to be kept secure by contractors working on its proposed smart city development. The Google sister company won’t say if it will offer the same kinds of data protections required for its staff to Toronto residents. 

Contractors are required to safeguard Sidewalk Labs employees’ personal information in ways that meet or exceed industry standards, according to the document. They must also “limit the collection, storage, disclosure, use of, or access to” the data, log details of how any data is accessed and retain those records for at least 90 days.

“What you’ve got in your hands is a one-sided contract. The terms are all favourable to Sidewalk Labs interests. It kind of makes it clear about what people have been concerned about,” said Myra Tawfik, a professor of intellectual property commercialization at the University of Windsor.

Levitan said that Sidewalk Labs’ services agreements require contractors to comply with “applicable data protection laws and Sidewalk Toronto’s privacy policy to the extent that personal information is collected or used in connection with the services provided.”

In May, Sidewalk Toronto, the formal partnership between Sidewalk Labs and Waterfront Toronto, released a document laying out general principles regarding data collection.

Carol Webb, a spokesperson for Waterfront Toronto—the tripartite government agency overseeing Sidewalk Labs’ proposed development—said: “It’s too early to know what data may be collected,” but the policies around that collection will be published for public feedback in early 2019 prior to them being finalized.

The news of the data protections for Sidewalk employees comes as the company faces renewed scrutiny over its proposed development. Last week, The Logic reported that the auditor general of Ontario is conducting an audit examining Waterfront Toronto’s operations related to its partnership with Sidewalk Labs.

And, a second member of an advisory panel for the project resigned in protest over concerns about how data and intellectual property would be managed.

In addition to information that could be used to identify a specific employee, Sidewalk Labs asks contractors to agree not to disclose “any information that is not specifically about an identifiable individual but, when combined with other information, may identify an individual.”

The full text of the contract repeatedly warns that it cannot be made public, and that contractors cannot make public statements about it without Sidewalk Labs’ written approval.

Share the full article!
Send to a friend

Loading...

Thanks for sharing!

You have shared 5 articles this month and reached the maximum amount of shares available.

Close
x

The document also stipulates that contractors cannot disclose any information regarding Sidewalk Labs or its affiliates’ clients, prospective clients, employees or contractors, including “the fact that an individual has a relationship with Sidewalk and/or any affiliate.”

Those clauses are common for agreements between two private companies. However, they’re concerning due to the general secrecy around the Sidewalk Toronto project, which will eventually be collecting data on Toronto residents, said Tawfik.

“If, on the one hand, they’re all saying, ‘We’re going to do this differently, we’re going to build trust, we’re going to have an open and transparent process, we’re going to safeguard your interests, it’s going to be great for the public,’ but everyone is bound by these non-disclosure agreements, there’s a disconnect there that people should be worried about,” said Tawfik.

The privacy safeguards in the RFQ stipulate that contractors must protect Sidewalk Labs’ data, but do not spell out whether Sidewalk Labs is obligated to protect the data of contractors that it chooses to work with. However, Levitan said Sidewalk Labs “holds itself to the same requirements.”

Contractors that want to work with Sidewalk Labs must also obtain a variety of personal information on their employees through background checks, including credit and fingerprint checks for certain employees.

The agreement also requires contractors to waive their right to pursue a class-action lawsuit, and to agree to binding arbitration for all their employees and subcontractors.

Excerpts from the RFQ also raised intellectual property concerns previously reported by The Globe and Mail. Specifically, Sidewalk Labs claims the right to all intellectual property prepared by contractors, including that of contractors whose work they do not select.

A lack of response by Waterfront Toronto to questions raised by these intellectual property concerns was cited last week by Saadia Muzaffar as one of the reasons for her resignation from a volunteer advisory committee established by Waterfront Toronto to guide it on the proposed smart city development.

In an op-ed in The Globe and Mail on Friday, Jim Balsillie, former co-CEO of Research in Motion (now BlackBerry), criticized what he called Waterfront Toronto’s ability to “weaponize ambiguity” over a lack of public debate on the intellectual property and data surrounding the project.  

The final agreement, called the Master Innovation and Development Plan, is expected to be completed by spring 2019 before going to both Waterfront Toronto and Sidewalk Labs’ boards for approval.

The RFQ concludes by stating that if there is a data breach, the contractor cannot make any statement about it “that references Sidewalk either directly or indirectly unless Sidewalk provides its explicit written authorization.”

The architectural firms who received the RFQ from Sidewalk Labs were initially given eight days to agree to the privacy provisions and complete their bids. However, following pushback, the deadline was extended by two weeks. At the time of publication, the winner had not been announced.