Pandemic Response CoLab is in read-only mode.
Learn more at
Skip navigation
Share via:


The Privacy Clinic is a platform that helps individuals protect their data & privacy rights in the context of rapidly evolving legislation.



Why the Privacy Clinic?

The title of our project is an homage to Henri Lefebvre’s idea that responsible citizenship means having an impact on the future of your city. This idea has never been more relevant: building citizen-oriented smart cities depends on the transparent, coordinated efforts of legislators, citizens, and the private sector.

Today all North American cities are smart cities: real-time and augmented data are being collected and employed by the public and private sectors, law enforcement agencies, and individual users of IoT devices. The rapid spread of COVID-19 has encouraged the use of data for public health applications, including contact tracing, monitoring public adherence to quarantines, and regulating the business hours of essential services. This is possible through networks whose elements include smartphone apps, wearable gadgets, street cameras, sound detectors, and environmental and traffic sensors.

The privacy and data protection concerns raised by smart cities are not unique to the COVID-19 pandemic. Smart technologies allow for the collection and cross-referencing of large amounts of data across many sources. The governance of smart-city data has been the subject of heated debates for almost two decades. On the one hand, smart technologies bring massive economic and social benefits as part of the global transition to energy-efficient urban infrastructures and open government; on the other hand, there are valid concerns about citizens’ data becoming a commercial asset and about the surveillance creep associated with the use of digital systems in the cities. Additionally, smart cities are hackable, making personal and even aggregated data more vulnerable than ever before.

To address some of these challenges, the United States and Canada have introduced new legislation and regulation. In the US, these include the California Consumer Privacy Act, the Washington Privacy Act 3.0, and several new state data privacy/consumer protection bills. In Canada, governments have introduced the Digital Charter, Bill C-11 (which, if passed, would enact the Consumer Privacy Protection Action and the Personal Information and Data Protection Tribunal Act), Quebec’s Privacy Bill, and a number of local by-laws.

Modelled after the GDPR, these legal frameworks put an onus on the individuals to trace the data collected about them, report abuse, and protect their rights in court or via privacy commissioners. Furthermore, under the patchwork of new laws­, private owners of smart devices are at greater risk of invading someone else’s privacy if they fail to conform to the region- or city-specific legislation. In a recent report, the EU Commission has concluded that a lack of public education and engagement is the main impediment to the implementation of the GDPR.

The Privacy Clinic will fill this gap by acting as a public education hub and a resource to help citizens enact their digital rights. Through the Clinic, individuals and community groups will be able to learn about their data and privacy rights and take steps to protect them.

What is the Privacy Clinic?

We envision the Privacy Clinic as an online platform that connects individuals with data governance professionals and with cybersecurity and data protection lawyers.   

The Privacy Clinic will provide five types of services:

  • Online information sessions that help individuals trace their data, negotiate with service providers/data controllers, and file complaints;
  • The Represent Me tool that connects individuals with locally based lawyers (in partnership with legal firms specializing in privacy and data security);
  • Online information sessions that educate individuals on common cybersecurity risks, such as government impostor scams, remote access scams, and other online security, privacy, and identity concerns, helping to prevent fraudulent use of personal information;
  • Information on the central provisions of the new legislation in plain language (static but periodically updated content);
  • Information for individuals interested in sharing their data in the public interest.

Why both Canada and the United States?

The United States and Canada have historically existed as a single socio-cultural realm, where people, goods and, recently, data continuously crossing the border. With many individuals, families, and businesses straddling the two countries, our services will be in high demand across North America. The Team is based in Toronto, Canada, yet like existing platforms, the Clinic will span national borders.

The Clinic will seek to engage with and work closely with the US and Canadian public and private actors working in the areas of digital literacy and data governance (e.g., The Governance Lab; Canadian Internet Policy and Public Interest Clinic; Information Society Project at Yale Law School; The Berkman Klein Center for Internet & Society at Harvard University; Canadian Civil Liberties Association; Stanford’s PAC, etc.).

Canada is the ideal place to kickstart for three reasons:

  1. Canada is a world leader in digital literacy. Two years ago, the Government of Canada launched a digital literacy program to help marginalized communities; the publicly funded Smart City Challenge helps communities across Canada use digital technology to address the challenges of urban growth, inclusion, and economic inequality; and digital literacy is an essential part of the school curriculum.
  2. Canada is a country that values privacy, and there are institutions to this effect, including the Office of the Privacy Commissioner of Canada (OPC) and the First Nations Information Governance Centre. Several provinces are working on their own legislation encouraging the use of AI in municipal services while protecting citizens’ privacy.
  3. The Clinic will seek to partner with Canadian non-profits working in the areas of digital literacy and data governance (e.g., Code for Canada, Canadian Civil Liberties Association, Canadian Open Data Society, etc.).

    MIT Sponsorship: Competitive Advantages

    The Privacy Clinic is an excellent testing ground for the new legal frameworks and data governance initiatives. From the privacy/data protection strategies to cybersecurity to public engagement, our Clinic is a great tool to measure the impact of new policies on the post-COVID smart cities.

    We are excited to collaborate with and learn from the Media Lab’s Alex Pentland, Kent Larson, Senseable City Lab, and other social innovation leaders.

Who will take these actions?

The team is qualified to work on the design and content of the Clinic. The digital platform and partner content will need to be procured:

Website backend: Faculty of Information, U of T (the same team that worked on the IXMaps project), or through partnering with the Media Lab.

Website frontend+design: Team and interns/volunteers with experience in website design and maintenance.

Content, including live sessions: Team and guest experts (legal firms, legal scholars, fraud strategists from financial institutions).

What are the projected costs?

The document linked below details a five-year budget for the project totalling $1,379,491


  • 2021-09-01 — 2022-05-01

Website development (soft launch)

  • 2021-09-01 — 2022-09-01

Website content/partner programs development

  • 2022-02-01

Start of the promotion campaign

  • 2022-09-01

Launch of the Clinic

  • 2022-10-01

Start of the public engagement events, incl. w/partners

  • 2022-09-01 — 2026-09-01

Diversification of services/consulting programs

About the author(s)

Anna Artyushina is a PhD Candidate in STS and research fellow in data governance at York University, Canada. Her doctoral dissertation examines the potential of data trusts in smart cities, using Sidewalk Toronto and Barcelona’s DECODE as case studies. The results of the study have been published in peer-reviewed journals, and featured in the media (e.g., MIT Technology Review, Toronto Star, BBC). Currently, Anna serves as a science advisor to the Information and Communications Technology Council of Canada (ICTC) and CIO Strategy Council as part of the team working on the National Data Governance Standards of Canada.

Katelyn Wan Fei Ma is a PhD Candidate in STS at York University where she examines cyber financial crime. She has practiced extensively in the areas of financial crime and cyber fraud for the Canadian banking industry for over five years. She has held a variety of roles, including fraud analyst (case investigation and suspects interview), business resource officer (financial crime project manager), and horizontal strategist (fraud business insights analysis). Katelyn is a member of the U.S. National Criminal Justice Honor Society, American Society of Criminology, and the Center for Cybercrime Investigation at Boston University.

Nabeel Shakeel Ahmed is a Senior Programme Officer at Open North, part of the Advisory Service that provides support and guidance on open smart cities to communities across Canada. He has helped develop over 50 learning products, including courses, case studies, and research briefs on topics such as open data, digital literacy, and data governance.

Nabeel is a skilled facilitator and public speaker with over a decade of experience. He is also a member of the Digital Communities Advisory Panel at the Centre for Free Expression at Ryerson University.

Share conversation: Share via:
No comments have been posted.Be the first one to add a comment.
You must be logged into your account to post a comment.
Click on the box