We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Smart Cities: green revolution or mission control?

14 April 2014

2014 promises to be the “year of the smart city”. Football World Cup host Rio de Janeiro’s success in winning the World Smart City Award 2013 is likely to spur on similar initiatives around the globe, with several projects already underway in the GCC.

However, there is no single model for a smart city. Much depends on the city or national authorities’ identification of the most pressing issues applicable to them.

Rio’s priority was to establish a “mission control” to monitor and allow swift response to infrastructure problems, power failures, and extreme weather or law enforcement issues.

The global exposure that comes with hosting the World Cup provided a compelling occasion, but the damage, gridlock and loss of life caused by unexpectedly severe weather in April 2010 was also a strong factor in Rio’s determination to implement a smart city solution.

For other cities, such as Shenyang in China, “smart” relates primarily to environmental performance, focusing on energy generation and consumption, water and waste management.

In even more sophisticated models, piloted in Stockholm and Dublin, realtime data produce a dynamic map of human behaviour, revealing the city’s needs and pressure points and allowing authorities to plan and refine infrastructure and service provision.

Where does the GCC fit into this picture? It depends where you look.

For both Dubai’s Expo2020 and Qatar’s World Cup preparations, it would appear that “smart” means giving priority to a “command and control” centre approach, geared towards efficient and agile traffic control, intelligent public transport and crowd control for major events.

In Qatar, Lusail City is providing an early glimpse of how ambitious and effective that approach can be. However, within Dubai there are also plans to implement a “green” version of the smart city concept as part of its “Silicon Oasis” development.

The factor common to all types of smart city, though, is the central role of electronic communications, data-mining and data-analytics. Information is both the crucial enabler for smart cities and, arguably, their point of greatest vulnerability.

Data: the price of progress?

Interconnectedness between the private sector, local authorities and individuals is a central part of the “spirit” of a smart city.

In Rio, for example, citizens can highlight a problem, from potholes to pollution, simply by taking a picture of it on their smartphone and uploading it.

CCTV and even drones might be used to locate and identify issues requiring intervention from the authorities, whether civil disorder or public health. The idea is to create as close a connection as possible between data collection and government response.

The data flows are immense. Even when they are not purposely uploading data, citizens are constantly giving up information about their movements, activities and economic choices.

Radio-frequency identification, or RFID, devices such as travel cards or metro tickets, log data about individual movements, readily supplemented by data from mobile phone base stations that can also identify factors such as the angle of arrival into a cell, dwell time and even purchasing choices.

Add to that the constant stream of CCTV images and an exceptionally detailed picture of individual life can be constructed. Apply analytics to that data and it is possible to build an actionable picture of collective life, allowing authorities to move towards the “liveable” city.

To date, the global focus has tended to be on gathering rather than protecting data, though data security is rapidly emerging as a central concern of governments, municipal authorities and individual citizens.

Information held by authorities offers a vast honey pot to cybercriminals and “hacktivists” and places a significant burden of responsibility on governments and municipal authorities to secure and protect that information.

For example, the economic and energy efficiency benefits of connected infrastructure and building control systems come with the risk of criminal intervention.

In October 2013, the UK government listed trust in data privacy and system integrity as a barrier to smart city projects.

However, it offered no solutions, merely reciting that “good cyber security implementation will be essential: and clear communication with service users about how data about them is used and protected, and how the use of that data benefits them, will help build trust”.

That reads as an aspiration rather than as a plan, and it is far from clear that other governments are significantly more advanced in terms of preparedness.

Equally significant is the potential for authorities to succumb to the temptation to regard data as commercially exploitable. Smart city projects are expensive, so it is a logical enough step to seek access to private sector funds otherwise than through taxation.

However, the already fragile confidence in government handling of information is easily dented by controversies such as Edward Snowden’s revelations concerning the US National Security Agency and the UK’s NHS Care data project which was delayed when it emerged in February 2014 that hospital data had been given to the insurance industry and used to assist with the pricing of its products.

Big Brother or BigCo?

While authorities seem to accept that there is a need for cybersecurity to combat malicious activities, it is less apparent that there is any clarity of thought when it comes to defining the legitimate use of data gathered by those authorities, particularly when gathered through partnerships with private sector organisations.

In regions with developed or developing data protection laws, the key battleground is likely to be the definition of “personal” data relating to identified or identifiable individuals.

Even in jurisdictions with highly developed data protection laws, determining whether something is held as “personal” data is not always easy.

By way of example, the UK’s Information Commissioner recently published 30 pages of guidance on the question. It identifies several borderline cases, where the same information could fall either side of the line; a photograph of a crowd taken by the police to identify troublemakers should a riot erupt would be personal information - the same photograph taken by a photojournalist with no intention of identifying individuals would not.

Anonymous or anonymised data, packaged and passed on or sold for statistical purposes, may not be personal data unless it includes elements such as code numbers that could be used to identify individuals. There is similar scope for debate in GCC jurisdictions, including the DIFC whose data protection laws were amended in December 2012 to bring them into line with international best practice.

In other jurisdictions across the GCC, further uncertainty is created by the fact that data protection laws are in their infancy and are largely “untested”, if they exist at all.

However, the call by Sir Tim Berners-Lee to mark the 25th anniversary of the web with a global Bill of Digital Rights, a “Magna Carta” for the online community, suggest that there is little agreement on what, in fact, should constitute best practice.

Historically, information gathering has often turned rapidly to commercial gain. The UK’s Mass Observation project set up in 1937 to produce an “anthropology of ourselves” unsurprisingly became, by the 1950s, a market research company. Information is not only power, it is value.

Even if governments adequately address the risk of malicious access, private sector participants in smart city projects are likely to face and seek to find ways around legal restrictions on data processing and disclosure.

The issues will be extremely complex. Individuals often inadvertently click through screens requiring agreement to terms and conditions including the sale of data, to get to the product or service they require.

From a government perspective, disclosure of personal information might easily be regarded as fair exchange for improved services and “liveable” cities, with at least some costs being recouped by selling information to the private sector.

The debate is not about narrow regulation, but about the extent to which any concept of data privacy ought to yield to a greater need to address the stresses and resource-hunger of modern urban life.

Whichever side of that debate you fall, governments and authorities across the world, and particularly in the GCC, need to address the issue of data protection laws, or in some cases lack thereof, and the importance of implementing a suitable and adequate data protection and cyber security regulatory framework to allow smart cities, or at least the concept of smart cities, to be developed whilst still protecting the right of individuals to privacy in respect of personal data.

This article was written by Simon Green and Malcolm Dowden.

For more information please contact Simon on +974 40 316610 or simon.green@crsblaw.com.