Smart cities: the privacy risks of living smart

Imagine living in a world where cities have hexagonal wooden blocks on the pavements that heat up to melt ice so you never slip again on frosty pavements, or having ‘raincoats’ on buildings to make you feel warm in the winter and cool in the summer. While this may sound futuristic, this is just what is being explored in Google’s smart city, ‘Sidewalk’, in Toronto. However, Google is not the only company involved in smart city projects. There are a number of projects taking place across the world including the iCity project in Barcelona and Smart Nation in Singapore.

Smart cities aim to use technology in the form of ‘smart’ sensors and connected technologies that utilise big data analytics and apply it to transport, health, energy, workplaces and our homes, with the aim of improving our lives and our city service use. In order for these ‘smart’ cities to develop, huge amounts of data needs to be collected. Although some have raised concerns about its proliferation, citizens of most large cities will be relatively familiar with being monitored via CCTV. However, the monitoring and tracking potential of a ‘smart’ city may leave many citizens feeling uneasy. The ability for governments to combine a wide range of data on individuals from connected devices will present many risks, as this may well lead to the profiling of individuals without any apparent legitimate purpose. Any government or local authority looking to implement a ‘smart’ city will need to consider the concepts – now enshrined in the General Data Protection Regulation (GDPR) – of data protection by design and default, and consider the anonymisation of its data sets. This may be of particular importance if the project was on a public-private partnership basis, under which an IT or other infrastructure provider, was looking to have a greater say in how the data is used and potentially commercialised (for example).

Security will also be a key consideration. Connecting critical infrastructure to the internet and placing significant data in the cloud (for example) increases the risk of hacking and other forms of cyber-attacks on the connected infrastructure. The frequency and level of sophistication of these cyber-attacks have increased significantly over the years, and in many cases, attacks are known or suspected to emanate from state entities or actors. How the infrastructure is connected will also present risks. The Internet of Things (IoT) is largely reliant on Wi-Fi as a means of connecting non-smart devices to the internet. Many IoT devices allow for auto-connecting to various networks, meaning a device will follow the strongest Wi-Fi signal in order to make a connection. If the critical infrastructure was then Wi-Fi enabled without the necessary encryptions and firewalls, it would not be difficult for hackers to intercept the connections.

While smart cities certainly have potential to transform lives, privacy should not suffer as a result – and if it does, then those responsible risk legal and regulatory sanctions, and reputational harm. Personal data is just that, personal, and should be respected as such. All parties involved in designing smart cities will need to design with privacy in mind.