Privacy, Security and Data Protection in Smart Cities: journal article A Critical EU Law Perspective Lilian Edwards European Data Protection Law Review, Volume 2 (2016), Issue 1, Page 28 - 58 ‘Smart cities’ are a buzzword of the moment. However, a growing backlash from the privacy and surveillance sectors warns of the potential threat to personal privacy posed by smart cities. Key issues include the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data; the degree to which smart cities collect private data from inevitable public interactions; the ‘privatisation’ of ownership of both infrastructure and data; the repurposing of ‘big data’ drawn from IoT in smart cities; and the storage of that data in the Cloud. This paper argues that smart cities thus combine the three greatest current threats to personal privacy, with which regulation has so far failed to deal effectively; the Internet of Things (IoT) or ‘ubiquitous computing’; ‘Big Data’; and the Cloud. I will discuss how and if EU data protection law controls possible threats to personal privacy from smart cities and given legal inadequacy, suggest further research on a number of solutions.