The Chula Vista City Council has approved a new policy that will govern how the city can use technology and protects residents from data collected by its surveillance equipment.
The policy was developed by a city task force formed after residents learned in 2020 that the police department had allowed numerous law enforcement agencies, including Immigration and Customs Enforcement, to access data gathered by its Automated License Plate Reader program. Chula Vista’s signature drone program had also raised public concern over whether it could violate people’s privacy.
Residents have wanted strong oversight of the city’s technology systems from experts who could understand emerging technologies and review data gathered by law enforcement gadgets. The forthcoming Privacy and Technology Advisory Commission mandated under the policy aims to serve that role.
“Ultimately, the policy is designed to get any kind of technology that the city uses to come through this new commission,” said Jim Madaffer, CEO of the public relations firm the city hired to guide the task force in creating the rules.
The commission will review new acquisitions and reports prepared by city staff on potential impacts the tools could have on the public and city systems, as well as facilitate public discussions on related issues. The commission may consist of technology experts, financial auditors, public safety professionals and activists focusing on government transparency.
Under the new policy, technology is categorized into three types: general technology, which includes emails and cellphones; sensitive technology, like drones and traffic signal cameras; and surveillance technology, such as the license plate readers.
Surveillance technologies will require the highest level of oversight.
If Chula Vista wants to acquire a new surveillance tool, for example, the city would have to develop a policy explaining why it is needed, how it would be used and protocols for data collection and access. A report evaluating potential impacts and ways to mitigate any negative effects would also be created. The privacy commission would then review the report and make a recommendation to the City Council, who would ultimately permit an acquisition. If approved, the city manager would report at least once every two years how the technology had been used, any adverse impacts and the status of the data collected.
Residents and privacy activists who pushed for oversight said the policy is a good start, but it doesn’t go far enough. Some worry that vague language will lead to an ineffective policy with too many loopholes.
The rules grant the city manager or City …….