Smart Cities, Data Protection and the Public Interest Conundrum

What Legal Basis for Smart City Processing?



Smart city initiatives are projects leveraging information technology and data, often in and/or from the public space, to pursue various public interest and economic related objectives. They process vast amounts of data that in many cases are personal data, triggering the application of the relevant legal framework. This paper analyses the application of the lawfulness principle, which is a fundamental principle of data protection law, in the smart city context. It provides a detailed analysis of the relevant legal bases in the General Data Protection Regulation and the Data Protection Law Enforcement Directive. Two key challenges are demonstrated.

Firstly, in terms of public interest processing, the General Data Protection Regulation and the Data Protection Law Enforcement Directive may be insufficient to ensure the lawfulness of processing. Even though both include provisions on legal bases for public interest processing, such provisions require further implementation at the EU or national level. It is therefore important to reflect on additional and foreseeable laws possibly needed to supplement the EU data protection acts and enable smart city development. Secondly, regarding private interest processing, the data protection’s harmonisation objective may be eroded when diverging national practices emerge as a result of regulators’ desire to offer citizens increased protection in public spaces.






Refereed Articles