Smart cities need intelligent approach to privacy.

The public want to feel safe but not have their privacy invaded.

There are currently dozens of smart city initiatives in progress around the world. From Amsterdam to Zurich, municipalities are leveraging digital technologies to bring improved services and enhanced working and living experiences to citizens. Frost & Sullivan has projected that the global Smart Cities market will be worth US$1.6 trillion by 2020.

All these smart cities utilize Internet of Things (IoT) and machine to machine (M2M) technologies to connect people, workplaces, devices, apps, and services. In doing so they employ the latest digital technologies to generate unprecedented levels of data which is subsequently analyzed and utilized to improve all those elements and make the city a better place to live and work for all. But at the heart of all that data, privacy remains an essential and defining issue.

How are smart cities handling the data vs privacy debate?

There is a delicate balancing act to make between leveraging data to enhance services and ensuring citizens’ rights to personal privacy. Across the world, there are differing approaches to achieving this balance.

Earlier this year, in San Jose, California, the city council ran up against a privacy challenge when proposing to install more than 39,000 “smart streetlights.”  The streetlights themselves were not specifically a problem; what was a potential risk was that the lights were equipped with ports that can host video cameras and microphones which could be used to monitor people without their knowledge. The issue was flagged up by the Electronic Frontier Foundation (EFF), as part of their “web of street-level surveillance” initiative in smart cities today, which certainly presents smart cities with an ongoing challenge.

In the US, many cities have implemented E-ZPass, a technology solution that lets drivers pass through toll road pay booths quickly and easily. Drivers’ E-ZPass data is made available to the jurisdiction of the city where they pay that particular toll, but other data is gathered without the driver’s knowledge using sensors that track traffic congestion – another example of smart city technologies gathering data on citizens without a firm privacy policy in place before doing so. Furthermore, and controversially, some cities have subsequently sold data on citizens to marketers, profiting commercially again without the citizens’ knowledge or permission.

Balancing opportunities vs threats

Smart city projects utilize video technology for many of the services they provide, but this too presents its own challenges. In Dubai, as well as in New York and London, camera systems have been installed in response to the threat of terrorist attacks. These camera systems record citizens’ movements in both public and private locations. This is another area where smart cities need to have appropriate, and forward-looking, policies and procedures in place to ensure they strike the right balance between citizens’ security and their right to privacy as smart cities grow and utilize more and more smart, data-gathering solutions and applications.

This balance of citizens’ data privacy rights versus general security threats to smart cities is one which has grown in seriousness in recent times, leaving authorities with no alternative but to legislate for it. The US Department of Homeland Security’s Office of Cyber and Infrastructure Analysis (OCIA) recently released a document entitled The Future of Smart Cities: Cyber-Physical Infrastructure Risk, a paper that focuses on possible smart city attack types and the consequences that could ensue, while at the same time factoring data privacy rights of residents and citizens into the equation.

The public cares about privacy

In Ireland, the Data Protection Unit of the Department of the Taoiseach (the Irish Prime Minister), has also focused on the same challenges, publishing a paper entitled Getting Smarter About Smart Cities: Improving Data Privacy and Data Security. The Irish approach focuses on speed of adoption versus risk minimization, with an emphasis on rolling out smart city solutions and enjoying their benefits while at the same time maintaining infrastructure and systems security.

Key elements of Ireland’s smart city planning include the data privacy, data protection and data security issues, and the creation and capture of Personally Identifiable Information (PII) and household data about citizens. The country is very aware of the need to avoid negative impacts on people’s privacy and the potential privacy harms that could arise from sharing, analysis and misuse of big data in smart city projects. As forecast by a range of industry stakeholders at the end of the last century, personal privacy and the use of data has become a highly political issue in the 2000s.

In this vein Orange introduced Flux Vision, a high performance marketing tool that balances data analytics used to enhance services with the need for privacy. Flux Vision converts 4 million pieces of mobile data per minute into statistical indicators that public authorities can use to better understand, assess and optimize activity centers in a given region. Into the bargain Flux Vision also constantly anonymizes that data to eliminate possible identification of individuals and to address the need for protecting citizens’ personal data.

What options do smart cities have?

One key method of promoting privacy is utilizing a process called data minimization, by which the collection of personal information is limited solely to that which is directly relevant and necessary for the specific task in question, rather than for ulterior motives.

For example, if implementing sensors or cameras to monitor data on traffic or people on certain streets each day, city authorities would need to make decisions and rules about appropriate levels of identifiable information to collect – do they really need to capture facial images or merely count the number Wi-Fi and Bluetooth-enabled devices passing that point?

Another technique often cited by privacy advocates when discussing smart cities is data de-identification. Under this practice, city authorities could modify collected datasets so information in them can no longer be used to identify individuals. This is done by removing details like names, personal identification numbers, email and home addresses and basic information like age, gender and job. To succeed in enhancing life for citizens and businesses, smart cities need to overcome the data challenge and prove themselves trustworthy: end-users need to be reassured that data collected for one purpose will not necessarily be reused in future for other purposes.

To read more about how Orange is working with municipalities around the world to develop innovative smart city projects that leverage digital transformation while overcoming the challenges of data privacy, please visit: