How the EU’s GDPR will be a game changer for cities using open data

Mon, 2018-02-26 11:28 -- SCC Europe Staff

Open data is one of the key elements when it comes to building a smart city and improving urban life. Cities like Mechelen in the province of Antwerp are leading the way when it comes to open data-driven projects to improve parking and monitor air quality, as well as encourage energy efficient vehicles and buildings. By looking at public service information in a different way, open data may have a value as great as €300 billion when it comes to offering valuable smart city solutions that tackle urban issues. While open data can be seen as a gold mine in terms of driving forward smart initiatives, it can also pose a risk, with cities becoming just as hackable as smartphones and computers. Let’s take a look at how cities in Europe will have to re-evaluate the way they use open data once the EU’s General Data Protection Regulation (GDPR) comes into play this spring.  

New privacy setting

In an IoT Analytics research, out of 1,600 publically known enterprise IoT projects, almost a quarter are related to smart cities, almost half of which are in Europe. As smart cities look to the Internet of Things and open data as a backbone in developing and offering solutions for citizens, they need to take another component into consideration: privacy. Personal data is collected in sectors from smart metering and connected vehicles to healthcare, with the most intimate of medical data collected from wearables and connected medical devices that allow for remote health monitoring. Not only does this pose a security risk due to the potential loss or theft of personal data, it also isn’t clear to most consumers how—and when—their data is being used. According to a study conducted by the Information Commissioner’s Office, six in 10 IoT-connected devices don’t properly tell consumers how their personal information is being collected. The EU’s forthcoming GDPR legislation aims to change that, regulating how city governments and administrations collect and use personal data.

In an article on IDG Connect, Jason Hart, CTO, Data Protection at digital security company Gemalto, says: “The biggest change we’ll see is the shift in power between who owns the data—the city or the citizen. When GDPR comes into effect, consumers will have the right to demand to know how their data is used and give consent to this, where it’s being used and reserve the right for certain information to be forgotten. The legislation will force cities to be more open, which, providing they are, should not affect their ability to share data.” 

When the GDPR framework comes into play on 25 May, future smart city developments will have to reconsider how they use data, integrating privacy management into their solutions and complying with the GDPR’s “citizen-centric approach to data.”