Nick Bowden, Replica's CEO and co-founder, tried to address privacy fears in a blog post announcing the spinout. He stressed that no single user's location data would be identifiable under Replica. "Replica is not interested in the movement of individuals; we are interested in the collective movement of a particular place. For this reason, we only start with data that has been de-identified. This data is then used to train a travel behavior model — basically, a set of rules to represent the movement in a particular place," he wrote.

But others argue that the sensitivity of mobile phone location data, when held against Big Tech's poor track record in safeguarding user privacy, isn't exactly an encouraging combination. Critics maintain that location data is easy to re-identify, even if it has already been de-identified. "We see a lot of companies erring on the side of collecting it and doing coarse de-identifications, even though, more than any other type of data, location data has been shown to be highly re-identifiable," said Canadian Internet Policy & Public Interest Clinic's Tamir Israel to The Intercept. "It's obvious what home people leave and return to every night and what office they stop at every day from 9 to 5 p.m."

So far, Replica has worked with Kansas City, Chicago, Sacramento and Portland. Bowden said that it will be launching full-scale operations in those cities over the next few months. Meanwhile, Sidewalk Labs is working on a proposal for a smart city development in Toronto that has drawn criticism from city legislators for its vague wording, including its plans around mass data collection. As Google's work with urban planners expands, it will very likely need to answer lingering questions about the type of data it is collecting from a city's residents and what exactly it plans to do with it.