European Commission logo
English English
CORDIS - EU research results

Article Category

Content archived on 2023-04-12

Article available in the following languages:


Are smart cities ready for Europe's new privacy measures?

By providing citizens with bigger power and control over their personal information, the EU General Data Protection Regulation (GDPR) represents a challenge to smart cities, which use also personal data to offer intelligent services.

As the number of smart cities increases, the heavier are their responsibilities towards citizens. Several questions rise spontaneously: are they smart enough when it comes to using big and personal data? If even technology’s giants, such as Facebook, cannot guarantee the absence of leaks in their systems, are we sure that nothing will ever touch the smart cities’ precious data? Eva Blum-Dumontet, research officer at the NGO Privacy International, underlines the fact that “people should always know that their data is being collected, and that these can be accessed and deleted”. Moreover, a city’s services should not be accessible only to citizens willing to surrender their data: “All the initiatives developed by a smart city should be carried out in the name of public interest and not in the one of companies providing cities with the technologic infrastructure.” The way smart cities deal with data may cause troubles to administrations if adequate measures are not adopted. This case is particularly true as the General Data Protection Regulation (GDPR) became effective since May 2018; it was designed to harmonise privacy laws across Europe. The appointment of a new professional figure, the data protection officer, is one of the responses that companies and governments put in place to comply with the regulation. The DPO provides different departments and offices with advice on how to implement and maintain the GDPR, and increases awareness within the organisation on data protection. It is however not easy to find someone who has this required mix of IT and legal skills. “The DPO has to guarantee that the law is executed. Cities can be hugely affected if they don’t have enough competent staff,” says Ingrid Reynaert, expert on smart cities from the Belgium-based business association Agoria. In most cases, cities have not yet developed an appropriate cyber security plan at a local level. Although this may cost hundreds of thousands of euros, it is a compulsory step as data must be stored in a secured manner. “For this reason, they may choose to work with a third party, a private actor, which will treat data in accordance to the GDPR,” Reynaert adds. An example is Water Link, a smart solution developed in Antwerp, Belgium, where data on water consumption are stored by a private company, which signed a contract with the city. “With the consent of citizens, the company collects data related to consumption and eventually transfer it to the City which will invoice citizens,” explains Reynaert. This allows cutting bureaucracy. “Once the collection is done, the company has the obligation to destroy those data. On the other hand, the City’s departments in charge of invoicing citizens may still store them.” Another example comes from Pamplona, Spain, one of the “lighthouse” cities of the European project Stardust, which is developing smart solutions for energy, mobility and ICT to be integrated in urban areas. Luis Antonio Tarrafeta Sayas, in charge of the IT systems of the city, explains: “One of the initiatives is the implementation of an Open City Information Platform, which will combine and exploit all data by different administrative departments for managing urban infrastructure and services. This platform will help us to detect inefficiencies and propose straightforward solutions to citizens, private actors, researchers and other administrations.” Read more:


smart cities, data, smart devices, security


Belgium, Spain, Croatia, United States