Adoption of GDPR for Personal Data Protection in Smart Cities

Introduction

In cyberworld, the clash between digital technology and personal data protection rights is an evident reality. Smart cities are one of the most recent fields where the referred conflict takes place. The notable development of digital information and communication technologies (ICT), especially the Internet of Things (IoT) or cloud computing, and its application to activities of planning and administration of the cities, even if merged with traditional infrastructures, is the genesis of the concept of smart cities that use ICT to enhance the quality of daily life and the efficiency of services provided by the municipality, in a sustainable way, ensuring that the needs of present and future generations will be safeguarded with respect to a multidimensional approach involving economic, environmental, cultural, educational or social (International Telecommunication Union, 2016).

Smart cities comprise various components related to urban services, energy, e-economy, smart living or smart environment (Magare et al, p. 40) that are related not only to the administration of the city itself but also to the optimization of different aspects of each individual’s daily life. As envisioned by the National League of Cities (2016, p. 5), in a smart city of the future, a community member will wake up in a house where an artificial intelligence will automatically control smart and connected household appliances, monitoring light levels, temperature, food stock or even the resident’s health. A multi-modal transportation system where different means of smart transports will be interconnected providing and processing real-time data will minimize the risks of accidents or traffic jams. A network of smart streetlights embedded sensors will be used also for safety purposes and will be able to detect violent activities or to flash their lights in case of emergencies. Collecting and processing quantitative data related to rain level, solar light level or others will smart cities to save and to use energy resources in a sustainable and efficient way (p. 6). From traffic surveillance to efficient energy consumption or 24/7 healthcare services, smart cities may offer an optimized and enhanced living experience.

The digital infrastructure of a smart city necessarily implies collecting big amounts of heterogeneous information, including citizens’ personal data or measurements provided by IoT devices, and its subsequent processing by software and applications designed to acquire analytical capabilities regarded to public spaces in order to enable efficient control over it. Big Data systems are required to mine data, to collect, to store and to process information not only on quantitative aspects of the city but also on personal data such as the identity, health or personal tastes of citizens, capable of tracing the profile of each one. Smart cities will be able to recognize digital identity wallets and interoperable digital identities for their residents. Therefore, transactions made by digital citizens in smart cities will be observable, which will create abundance of data on user behavior on an unprecedented scale. Such heterogeneous information will be needed to improve different smart city services and will be considered by programmers and decision-makers when planning for the expansion of smart city services and resources (Al Nuaimi et al., 2015).

Privacy concerns may arise from the use of ubiquitous surveillance technology. In the European Union (EU), the activities of collecting and processing personal data must comply with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), a legal document that foresees the fundamental right of each individual to informational and communicational self-determination. The GDPR has recognized citizens the power to be in control of their personal information, which may clash with technological solutions that smart city planners intend to implement.

Some civil society organizations have also questioned possible misuses of the technology given the fact that it provides smart cities’ authorities or programmers the capability to monitor and register the behaviors, the transactions, and the routine of the user (#WhyID, n.d.). The ubiquity of the technology provides multifaceted uses related to the behavior of the individual in his/her private sphere but also in public spaces, which will promote a panoptic surveillance system that may not comprise with fundamental rights and freedoms of a democratic society.