Skip to content

Privacy, Security and Data Protection in Smart Cities:

A Critical EU Law Perspective

Lilian Edwards


‘Smart cities’ are a buzzword of the moment. However, a growing backlash from the privacy and surveillance sectors warns of the potential threat to personal privacy posed by smart cities. Key issues include the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data; the degree to which smart cities collect private data from inevitable public interactions; the ‘privatisation’ of ownership of both infrastructure and data; the repurposing of ‘big data’ drawn from IoT in smart cities; and the storage of that data in the Cloud. This paper argues that smart cities thus combine the three greatest current threats to personal privacy, with which regulation has so far failed to deal effectively; the Internet of Things (IoT) or ‘ubiquitous computing’; ‘Big Data’; and the Cloud. I will discuss how and if EU data protection law controls possible threats to personal privacy from smart cities and given legal inadequacy, suggest further research on a number of solutions.

Professor of E-Governance, University of Strathclyde, Glasgow. My thanks to Anastasia Gubanova, LLM candidate at the University of Strathclyde, for helpful and timely research assistance; and to CREATe and the Horizon Digital Economy Hub at Nottingham for helping sponsor the international conference, Designing Smart Cities? Opportunities and Regulatory Challenges, Strathclyde, April 2015 from which many insights were drawn for this paper. A full web resource of the conference can be found at and papers from the conference were published as a special edition of the journal of Society for Computers and Law (SCL Journal, vol 26, issue 2, June 2015/July 2015 ( ) some of which are referred to below. My thanks also to Lachlan Urquart (doctoral candidate, Horizon) who provided enormously useful research assistance for the conference, and editorship for the special edition; to all the speakers at the conference, whose expertise has helped me accelerate up my learning curve about smart cities; and particularly to Francesco Sindico (also of Strathclyde) who took charge of the environmental and energy side of the conference. Finally thanks are owed to the participants in the Amsterdam Privacy Law Scholars Conference 2015 where this paper was workshopped, especially Bert-Jan Koops and Eleni Kosta, and to Daithi MacSithigh for helpful reading and comments.


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation