General security

3 Reasons the Smart City Needs Data Privacy

Susan Morrow
July 28, 2018 by
Susan Morrow


By 2050, it’s expected that 66% of the world’s population will live in urban areas. By 2030, there will be 43 “mega-cities” with populations of more than 10 million each. And once you get massive numbers of people living in close proximity, needing to utilize resources and utilities on a large scale, creating waste and needing speedy communications and transport, you need to get smart about how you provide that.

The development of the “smart city” is a reaction to the increasing need to maximize resources in an urban environment. We are starting to see cities across the world developing smart technology and systems; this includes Barcelona, Jakarta, and a number across the United States. China is set to have over half of the global total number of smart cities.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

So what is the definition of a smart city? Most descriptions of smart cities mention the use of technology to deliver services and infrastructure in a smart, data-driven way. All are about creating a sustainable future. Smart cities have the potential to solve serious issues in accommodating a growing population and creating resilient economies; for example, the Smart Cities Council believes that investment in smart infrastructure will result in prosperity for everyone.

Data and the Smart City

These smart cities rely heavily on the use of data. Data is like the blood flowing through the body of the city. It is collected, collated, aggregated and analyzed. The output from that analysis gives insights into the system it describes; this information is then used to optimize that system.

Big data is a major phenomenon — not just of our age, but of the smart city itself. While the so-called Internet of Things (the network of physical devices permitting cars, home appliances and so forth to exchange data) has been instrumental in allowing the concept of the smart city to develop, the decreasing costs of sensors and the creation of highly connected networks is what the smart city is based on. This network has formed a “data superstructure,” creating a new, expanded version of a critical infrastructure. This infrastructure, based on data, means that we have entered a challenging era in data privacy.

3 Reasons the Smart City Needs Data Privacy

Article 12 of the Universal Declaration of Human Rights states: “No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.”

This declaration is one that, although written back in 1948, has just as much relevance today as we move into our new smarter cities. There are a number of reasons why privacy is important as we up sticks and get smart. Here is a sampling of three of them that I believe will impact us greatly:

1) A Healthy Attitude – Health Data

Smart technology applied to smart-city citizens can have massive benefits in creating a healthy population. Highly-connected healthcare systems are being developed that give patients ways of continuously monitoring their disease profile. These data are then shared with healthcare professionals who can use them, both on an individual basis, as well as in aggregate form. For example, Singapore has over 400,000 citizens with type 2 diabetes. To help manage health in a smart way, the city offers “HealthHub,” a centrally-managed system that allows citizens to monitor various aspects of their health and lifestyle using an app. The data generated is then aggregated and analyzed and the output is used to inform better lifestyle and dietary choices and to help with research — ultimately keeping people off medication and out of hospital.

Confidentiality of health data is a fundamental right. At a basic level, these data are very personal, and it should be up to the individual to decide if they want these data to be used and by whom. Various laws and regulations, including HIPAA and GDPR, have put structures in place to manage the privacy aspects of data, including health data.

However, data that is being monitored in a continuous manner and often aggregated is open to confidentiality violations. In addition, analytical methodologies are now able to use behavioral data to determine insights into a person’s health, including the likelihood of addiction. The type of data being generated by smart apps and wearables gives not just a glimpse of personal data, but the intimate behavior of an individual. This information is highly personal!

The handling of such continuously-monitored, private health data can be complicated. As smart cities incorporate smart health, privacy needs to be placed as a central tenet of the use of health data.

2) Listening In – Living Data

Communication, exchange of data and hyperconnectivity are the fundamental building blocks of the smart city. Our homes, our places of work, and everything in between has the potential to be connected in the smart city. In the smart city, we will be woken up by our digital assistant, who will then suggest to our wardrobe what clothes are suitable for us today. As we take our smart car to the office, a parking space will be located for us, and as our car navigates the traffic our journey will be perfectly choreographed from the continuous monitoring of the road.

We will use our smart identity throughout the day, which will control our access to resources and track our movements. The information generated from all of our daily living events will be used to make our journeys easier, work less stressful, and hopefully, our days more productive.

The smart city needs an array of highly-connected sensors to operate. Each collects data which is centrally aggregated and analyzed. The structure of this network includes everyday objects, cars, buildings and anything that can generate useful data. The old idea of two people communicating in an end-to-end manner is long gone in the smart city. Everything communicates with everything else, and the data they communicate represents our personal data, our lifestyle, our behavior and our day-to-day movements.

The Internet of Things (IoT) is now the Communication of Things. In an FTC workshop on privacy and security, it was mentioned that a typical IoT device can generate one data point every six seconds for each household. These new highly-complex, branched communication channels are generating massive amounts of data and offering multiple points of entry to these data. This leaves data open to abuse and privacy violations unless strict usage models of privacy are integrated into their design.

3) Surveillance and the State – Identity Data

Smart cities are built on data harvesting. The residents of the cities and the actions of those residents feed the city and make it work more smoothly and more efficiently.

Take transport as an example. Smart transport can give cities a new lease on life. Currently, cities like Beijing have enormous issues with traffic congestion. Data from TomTom shows that, on average, travelers in the city often spend an additional 179 hours per year in traffic jams.  But smart transport works across the transport infrastructure and inside our smart cars: sensors can help to manage congestion, traffic lights, and make vehicles work within a more dynamic and optimized transport system.

This type of approach extends to all aspects of the smart citizen, from their home life, purchases, eating habits, work, and on and on. We have already experienced how “creepy” tech can be but imagine a world where all of our daily activities, where we like to go to eat, which films we watch, and where we went last night at midnight were freely available.

“I’ve got nothing to hide, so why should I be worried?” is a statement privacy professionals often hear. It seems logical, after all: why would any state entity be interested in an ordinary citizen?

The Chinese government is using AI-based facial recognition systems across the country in a number of initiatives. Once such initiative is in schools. Here, facial recognition is being used to gauge students’ behavior to calculate an “attentiveness score” which is shared with the teacher. The creation of systems that track our everyday behavior and movements may seem innocuous under a non-authoritarian government, but governments change. Ensuring data privacy is not just about the now, it is also about the future we can’t yet see.

Once It’s Gone, It’s Gone

Being smart is not only about using clever technology, it’s about using that technology wisely. Like the singer said, “You don't know what you’ve got ‘til it’s gone.” Privacy is like that: once it’s lost, it’s very difficult to get back. We need to take our data privacy seriously.

Smart cities have real potential to take our overpopulated world into a new era where we have more control over our resource use, creating more sustainable living environments. But to ensure that this does not come at the cost of our personal privacy, we have to be sure that privacy is part of the design.



World’s population increasingly urban with more than half living in urban areas, United Nations

Smart Cities USA, Smart America

China to account for 50% of smart cities in Asia by 2025, Enterprise Innovation

Smart Cities Council

Data as a smart superstructure: a warning to the wise, CSO Online

Universal Declaration of Human Rights, United Nations

Internet of Things: Privacy & Security in a Connected World, FTC

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Facial-recognition technology used to monitor student engagement in Chinese school, IAPP

Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.