Whose Data Is It Anyway?

By Eric Postow, Esq.

Local governments are quietly building AI intelligence infrastructure, and most citizens have no idea it is happening.

Somewhere in America right now, a city council is approving a technology services agreement. The agenda item is routine: a software contract, a data-sharing arrangement, a public safety platform upgrade. The vote is often unanimous. There is little public comment. And within that agreement, buried in the operational specifications and vendor terms, is the architecture of something that did not exist a decade ago: a real-time, AI-capable intelligence system drawing on citizen data across previously siloed municipal systems.

This is not speculation. It is happening in cities and counties across the country, and it is accelerating.

The Moment We Are In

We are at an inflection point that most people have not yet noticed, because it does not announce itself. There is no ribbon-cutting for a surveillance center. There is no public referendum on whether a city should aggregate, correlate, and analyze its residents’ behavioral data in real time. Instead, there are procurement contracts, technically framed as software-as-a-service arrangements, that in their operational design closely resemble what intelligence professionals would recognize as a fusion center architecture.

These systems are capable of aggregating data across law enforcement, traffic, permitting, utilities, emergency response, and social services. They visualize patterns, identify anomalies, and increasingly apply analytical capabilities that carry the hallmarks of machine learning and AI-assisted inference. The framing is modernization. The language is efficiency, safety, and smart city governance. In many respects, the benefits are real. Faster emergency response, better resource allocation, and reduced operational costs are legitimate public goods.

There is, however, another dimension to this development that is receiving almost no public attention, and it concerns something fundamental: the rights of the people whose data makes these systems possible.

What Local Governments Are Being Asked to Do

Across the country, counties and municipalities are entering into agreements with private technology companies to build out integrated data platforms for public safety and operations. Some of the most active development is occurring in jurisdictions that have explicitly committed to AI-forward governance, leaning into zero-latency operations, predictive analytics, and the seamless integration of data streams that were never designed to interoperate.

The ambition is understandable. Local government has long been under-resourced and overburdened. The promise of AI is that it can do more with less: surface patterns that human analysts would miss, flag risks before they escalate, and automate the administrative overhead that consumes so much of public sector capacity. For elected officials and city managers trying to deliver services to constituents, the value proposition is compelling.

What is less visible, and less often discussed, is what these agreements typically do not contain.

In reviewing several such agreements, a pattern emerges. They tend to be structured as data-sharing or software-as-a-service arrangements, which places them in familiar procurement categories with established legal frameworks. The operational capabilities embedded in these platforms, however, often extend well beyond what those frameworks were designed to govern. Absent from many of these agreements are: clear definitions of what artificial intelligence means and how it may be used; machine learning governance standards; explainability requirements; meaningful audit rights retained by the municipality; human-in-the-loop mandates for consequential decisions; and explicit restrictions on how aggregated citizen data may be used downstream, including whether it may be used to train commercial AI models.

The standard governance provision tends to be some variation of the obligation to comply with applicable laws. In a period when technology is rapidly and materially outpacing the legal frameworks designed to govern it, that standard may be doing far less work than it appears to.

Whose Data Is It?

This question is deceptively simple, and the answer has not been settled, legally, ethically, or politically.

Citizens interact with their local governments constantly. They drive on city streets. They call 911. They apply for permits. They use public transit, access city services online, and appear in public spaces monitored by municipal cameras. Each of these interactions generates data. In the aggregate, that data begins to constitute something more than a transaction record. It becomes a behavioral profile, a movement history, a pattern of life.

When a city enters into a technology agreement, it is implicitly making a claim about that data: that it has the authority to aggregate it, share it with a vendor, and deploy it in furtherance of public purposes. That claim is not obviously wrong. It raises, however, a question that most agreements do not address: whether the city is the owner of that data, or whether it is a custodian, a steward of information that originates with, and in some meaningful sense belongs to, its citizens.

The distinction matters considerably. An owner may do with data what it chooses, within the limits of applicable law. A custodian holds data in trust, subject to obligations of care, proportionality, and accountability to those whose information it holds. Most of the agreements being signed today are written as if the city is the owner.

If the city is the owner, several questions follow. What happens when that data, aggregated and processed through AI systems, is used to draw inferences? When does a pattern of behavior become reasonable suspicion? When does a correlation become an actionable flag? When does an algorithmic output, generated by a system that may not be fully explainable and that may reflect biases embedded in its training data, become the basis for a consequential decision about a person’s life?

These are not hypothetical questions. They are already arising in courtrooms, in civil rights litigation, and in the growing body of documented cases where AI-assisted law enforcement tools have produced outcomes that would not withstand careful scrutiny.

The Inference Problem

One of the underappreciated risks in this space is what may be described as the inference problem. AI systems do not merely retrieve information. They generate conclusions. They identify relationships, surface probabilities, and in some configurations produce outputs that function as assessments of individuals.

An AI system trained on historical law enforcement data may flag a person as elevated risk based on patterns that, upon examination, reflect historical patterns of discriminatory policing rather than genuine predictive signal. An aggregation system that correlates location data, network data, and behavioral data may produce an inference about an individual that no single data point would support, and that the individual has no way to know exists, much less contest.

Of particular concern is the possibility of what might be described as hallucination inference: an AI system generating a confident output that is simply wrong, an artifact of the model rather than of the underlying evidence. In a medical or commercial context, that failure mode is serious. In a law enforcement or public safety context, the consequences may be irreversible.

At present, most agreements between municipalities and AI platform vendors contain no provisions addressing these risks. There are no requirements that outputs be explainable, that algorithmic conclusions be subject to human review before action is taken, or that individuals have any meaningful avenue to understand or challenge inferences made about them.

The Commercialization Question

There is a further dimension that deserves attention, and it is one that rarely surfaces in public discussion of these agreements.

AI systems learn. The models that power these platforms are not static. They are refined and improved through exposure to data. When a city provides a vendor with access to aggregated operational data across law enforcement, public safety, and civic services, that data may not simply be used to serve the city. It may also serve to improve the vendor’s models, which are then deployed across other markets, other clients, and other commercial applications.

The question of whether citizen-generated data, data produced through interactions with public government, may be used to create commercial value for private technology companies is one that current agreements often leave entirely unresolved. In the absence of explicit restrictions, the answer may be yes.

What Is Actually at Stake

The constitutional framework governing government surveillance was built around a set of assumptions that AI-enabled fusion infrastructure fundamentally challenges. The Third Party Doctrine, the legal principle that information shared with another party loses its Fourth Amendment protection, was developed in an era of paper bank records. It was not designed to address the aggregation of behavioral data across dozens of systems, analyzed in real time by algorithms capable of generating inferences that no individual data point would support.

Courts are beginning to grapple with these questions, but the legal framework is still catching up. In the meantime, cities are signing agreements, deploying systems, and building infrastructure that will be difficult to unwind.

This is, in a meaningful sense, an existential choice. It is not a choice deferred to a distant future. It is being made right now, at the local government level, in the procurement agreements being reviewed by city attorneys and approved by city councils across the country.

What Communities Should Be Asking

Local government is, in theory, the most accountable form of government. It is closest to the people it serves. It is most responsive to public pressure. And it is where decisions about AI-enabled public safety infrastructure are actually being made.

That proximity creates an opportunity. Community engagement on these questions, in town councils, in public comment periods, in local journalism, and in civic organizations, has the potential to shape the terms under which these systems are deployed. That engagement requires awareness, however, and awareness requires that someone ask the questions.

Some of those questions are relatively straightforward: What AI capabilities are embedded in this agreement? What data is being shared, retained, and analyzed? Who owns the data, and under what terms? What can the vendor do with aggregated or derivative data? What happens when the system produces an erroneous output? What oversight rights does the city retain?

Others are more fundamental: What does it mean to live in a community where movements, transactions, and behaviors are continuously aggregated and analyzed by systems that are not visible to the public, producing inferences that citizens cannot contest? What are the limits of public safety as a justification for the erosion of private life? When does a smart city become a surveilled city?

These are not anti-technology questions. They are questions of accountability. And they are the ones that most communities have not yet been given the opportunity to ask, not because the opportunity does not exist, but because the moment to ask them is passing quietly, embedded in agenda items that few people read, at meetings that few people attend, about agreements that few people understand.

That window is still open. It may not remain so indefinitely.

This article is part of Holon’s ongoing work to support informed decision-making at the intersection of technology, governance, and civil society.

—

Postscript: Cases to Watch

Two cases currently in the federal judiciary are likely to define the constitutional boundaries of AI-enabled surveillance. Holon’s litigation and technology teams are monitoring each as presenting issues of first impression with direct implications for municipal AI procurement, vendor accountability, and citizen rights.

Chatrie v. United States, No. 25-112 (U.S. Supreme Court) Geofence warrants — Third Party Doctrine — mass location data aggregation

Argued April 27, 2026. The Court will resolve a circuit split on whether geofence warrants, which compel companies to produce location data for every device within a defined area and time window, violate the Fourth Amendment. Decision expected summer 2026. The holding will directly determine whether AI-enabled mass location aggregation requires constitutional safeguards or remains accessible as ordinary business records.

Schmidt v. City of Norfolk, No. 2:24-cv-621 (E.D. Va., appeal anticipated) ALPR surveillance — continuous aggregation — Fourth Amendment aggregation doctrine

Challenge to a citywide network of over 170 automated license plate readers, capturing and storing resident movement data at scale. District court granted summary judgment for the city in January 2026. Appeal anticipated. The appellate decision will address whether continuous, aggregated public movement surveillance by AI-enabled municipal infrastructure constitutes a warrantless search.

A Note on Holon’s Approach

These cases reflect the environment our clients are operating in. Holon’s litigation and technology teams collaborate from the outset; spotting issues before they become disputes, advising on risk in vendor agreements, and litigating issues of first impression where the law has not yet caught up to the technology. Early, integrated engagement is a material advantage in this space.

For more information, please contact us directly.