Summary: Creating local data privacy policies that center equity is a complex challenge. How can the City of Pittsburgh develop data principles that respect community values and lived experience? The Community Data Justice Collaborative (CDJC) is finding the answer. Read our report on our latest workshop, where we partnered with legal expert Beth Schwanke to build a framework for data justice in Pittsburgh.
On Thursday, February 19, 2026, Members of the Community Data Justice Collaborative (CDJC) met to take a critical step in building community-centered data governance in Pittsburgh.
Our goal is to create a core set of data privacy principles for the City of Pittsburgh that reflects our shared values of transparency and equity, which built on January’s meeting where members of the group discussed privacy implications related to two different scenarios.
The group also suggested that they’d like to have a conversation with an attorney familiar with data privacy issues in local government. Fortunately, we didn’t have to look too far to find an attorney with expertise in data privacy.
Beth Schwanke, Executive Director at the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security, also known as Pitt Cyber, was able to join us.
She played a key leadership role with the Pittsburgh Task Force on Public Algorithms in partnership with Allegheny County and the City of Pittsburgh.
The Task Force devoted resources toward public engagement and produced a set of recommendations for local government partners for the application of public algorithms in local government.
You can view the full report and summary of recommendations from the Task Force online.
The CDJC members and city partners asked questions and engaged in conversation with Ms. Schwanke on the call.
The discussion spanned several subjects and began with some general advice regarding the development of privacy policies for city data.
She suggested focusing on establishing privacy principles, which can be more-durable given the way technologies and data change so rapidly.
While it can be an astute strategy for governments not to move too quickly in adopting new technologies, it is important not to move slowly in the development of privacy policies.
Providing fact checking and community notes can help to enforce rules and guidelines related to data products such as data visualizations. The FDA may provide a model for this, and some people have recently created “nutrition labels” for datasets.
Privacy Protection
The discussion also touched on the importance of educating people about the risks and asking questions about privacy policies if they’re purchasing software or are part of an enterprise agreement.
She stressed that everyone should assume that we aren’t protected when using online tools and platforms, and while changing settings in tools may help protect users a little, companies will always win.
This is especially important with the widespread use of AI where people must be especially careful to never share private information in a tool or chatbot, even if it’s part of an enterprise system.
A standard to follow could be to never share anything online you’re not comfortable sharing at a dinner party.
Building a Foundation: Establishing Ethical Data Principles for Local Government
Cities don’t have the ability to prevent companies from collecting data from people in their jurisdiction, but they can limit employees from using specific tools, using tools for specific uses, or installing unapproved tools on computers and networks through an acceptable use policy.
These policies are an important way to protect network security and devices. One of the limiting factors for many cities involves the fact that software exists in siloes and many products are developed for specialized purposes.
This effort to integrate data across systems is largely happening in cities that also operate social and human service programs.
Principles can reflect values. Some cities have developed equity as a privacy principle, and it’s important to institutionalize public participation in the process to develop principles and policy.
In Pittsburgh, these systems are operated by Allegheny County. These efforts also can run counter to a common privacy principle of data minimization.
Seattle is one of several cities looking to centralize data collection so that people don’t have to enter personal information more than once when accessing public services.
Understanding the Legal and Policy Landscape: A Federal View
Data Privacy Policy is not uniformly governed.
Federally, the political climate is to not regulate data privacy, and limit or prevent state regulations. Some states such as California have developed state data privacy laws, but Pennsylvania is not one of them.
Dr. Schwanke suggested one of the most effective data privacy approaches we could take in our society involves the creation of a federal data privacy law. While protections for specific data applications exist (HIPAA, FERPA), there is no comprehensive federal privacy law.
Accessibility
AI and other technologies can benefit people with a disability, support language translations, it is important to keep in mind that humans providing training data for these systems are biased, and companies may not invest in improving the quality of this data.
People with the inability to pay for subscriptions to tools and platforms may often find more of their data being extracted than users who have the means to pay for services that come with more privacy protections.
The Critical Need for Community Voice in Data Governance
Many people feel like they lack technical expertise, but it’s important to emphasize that their own lived experience is extremely valuable and worth sharing.
Ms. Schwanke emphasized the importance of encouraging people to participate in conversations about data privacy.
Other lessons on public engagement:
1. Meeting people where they are. It is easier to be invited to existing meetings rather than organizing your own.
2. Grass-tops leaders can help you reach a larger community
3. Be clear on what you can and can’t change, and what power people in government have in the process
4. Talk about how feedback will be used
5. Make it clear in how you’ll report back
6. Design participatory activities that can make it fun for people to engage in the topic.
After the discussion about privacy, the group looked at privacy principles in use elsewhere, including Seattle, Long Beach, the Organization for Economic Co-operation and Development OECD (see part two #7-14), and New York City (see page 17 in the pdf, which has a page number of 7). Themes that surfaced in the discussion included:
- The principles developed by the OECD were older than any of the city -specific principles we examined, and all of them were visible in each of the city-specific principles we looked at.
- Seattle had a protection of use principle which limited how data held by the city was used by the city.
- The OECD principles established how incidents are addressed.
- Some communities include community engagement and equity as separate principles.
- NYC and Long Beach have principles related to third-party vendors, but it is important to have the capacity to audit vendors and enforce their behaviors.
- We don’t know what has been averted by privacy principles.
- Criminal justice data has the largest number of protections, culture of protection, and compliance regimes in local government.
- Cities often task data privacy managers with developing privacy policies.
What’s next? Data Justice in Pittsburgh
Next, members of the Community Data Justice Collaborative will continue to discuss privacy principles that could guide the work of policies in Pittsburgh and talk about how more people and communities can be involved in conversations about data privacy.
