Closing governance gaps around public realm data

Consumer data protections don't cover how governments collect data, and rarely deal directly with information gathered in the public realm. In New York City, which has a municipal Identifying Information Law and a new office of Chief Privacy Officer (CPO), "there are still few limitations and little oversight over how City agencies gather and make use of data."

These shortcomings are already causing problems. An e-scooter pilot launched in 2021 required operators to hand over real-time data on customer location and identity , but existing laws don't require the city "to document why it needs that information, what the agency will use the data for, who it might be shared with, and how it will be stored." There is no mechanism, beyond City Council hearings and lawmaking, to provide oversight.

Rebooting NYC: An Urban Tech Agenda for the Next Administration. proposes filling this gap with clear rules that delineate how the city should handle data collected in the public realm, and local laws to extend these principles to cover private sector collection of data in the public realm as well. This points towards a future where cities move to fill in the regulatory gaps around public data—with some getting there before the tide of new technologies and scrapers are deployed, and others arriving late.