Makaleler
Data Concerns in Smart Cities
Introduction
Local governments across the world appear as the main actors of many technological developments within the scope of smart cities. For smart management of cities, local governments have to monitor the data that is present in city registers, the data from government or corporate surveys, and the data from social media updates. All these data are linked to each other and should use for the development and well-being of the city.
In line with these, concerns regarding who has legitimate access to the aforementioned data, which data should/can be opened up to public usage, and what is the most efficient privacy framework for the linkage of different data has arisen.
This article aims to examine the privacy concerns in smart cities, which security measures regarding data privacy should be taken, and the main issues should start-ups pay attention to while developing smart city technology in Turkey.
- Data in Smart Cities
Sensitive information, communication protocol, key management and authorization, data transfers are the main concerns in smart cities regarding data privacy and security.[1] Since smart technologies such as CCTV cameras, transport systems, or robots simultaneously use and generate enormous amounts of data, these concerns need to be enlightened.
In smart cities, data is collected through the use of sensors, kiosks, meters, personal devices, appliances, cameras, smartphones, implanted medical devices, the web, and other similar data-acquisition systems. This data integrates into an enterprise computing platform and the communication of such information among the various city services.[2] These data processing activities raise the possibility of security vulnerabilities.
In the scope of possible security vulnerabilities, the privacy of citizens in a smart city is the prior concern. Especially, when it comes to protecting information about their identity, the kind of information they look for, their location, energy usage, and possessions.[3]
It is possible to see smart city technologies in several sectors such as government, health, infrastructure, transportation, and building sectors. For instance, the purpose of healthcare services is to help people live healthy by providing access to a range of facilities. In a smart city, public health professionals can access the medical information of patients at any time and from anywhere through connected devices, especially when circumstances do not allow for physical presence.[4]
Smart cities can also provide a way to manage electricity in a sustainable, reliable, and economic manner through computers and sensors placed in the grid.[5] Also, to alleviate the traffic congestion and increased pollution problems, one solution is intelligent transportation systems. In a smart city, intelligent transportation systems offer multiple services, such as reducing mobility by facilitating transport mode selection, optimizing trip planning and management, detecting drivers exhibiting malicious behaviors, improving driver and passenger safety, reducing CO2, making available parking places information known on smartphones, and tracking cars.
This massive amount of data collected in smart cities need to be protected from cybercrimes. It is possible to create solutions to privacy risks in smart cities that focus on particular technological solutions, such as cloud computing, privacy-enhancing technologies, or transparency-enhancing technologies.
- Privacy Concerns Regarding Smart Cities, and Security Measures
An increase in the digital interactions within the public/private institutions and citizens/consumers caused burgeon of the data privacy concerns.[6] The main concern is providing a balance between the purpose of the data usage and the benefits obtained through the data collection. In line with this, an imbalance between the amount of data collection and benefits received in exchange can lead to a sense of being watched rather than being serviced. [7]
The data controller is also one of the main reasons for privacy concerns. It is a known fact that people trust medical institutions and banks the most when it comes to their sensitive data.[8] On the other hand, the main question is whether people trust the local governments with their data. Some research shows that people tend to trust their local governments much more than their national ones.[9]
Local governments collect and use the data to monitor demographic patterns and increase the quality of living. In order to achieve this purpose, the data is used to underpin city management and planning, enhance city services and support local citizens. In this scenario, because of the service purpose, citizens are likely to experience a positive tradeoff between handing over personal data and receiving, for instance, social benefits.
On the other hand, people may consider some data use as data surveillance. For instance, the mine by local governments on registers in case of justifiable doubt about fraud. This is a controversial practice and particular groups of citizens may experience a thin line between service and surveillance here.
The police data from minor violations to stop and search to criminal offenses and the data of local authorities such as public transport or port authorities may also be considered as surveillance. Digital and software innovations have added another layer to these data, for instance, the use of facial recognition software to analyze the images captured by CCTV cameras. All such data are directly personal and citizens will often experience such data as highly sensitive.[10]
In order to prevent infringes of personal data, the use of these data by local governments and other authorities is subject to legal and regulatory frameworks. For instance, the European Union General Data Protection Regulation (“GDPR”) sets strict rules regarding legitimate usage of personal data, offers a stronger position to citizens to control their data (including, among other things “The right to be forgotten”), and imposes high fines on data abuse, for which the data controller/data processor will be held responsible. Hence, for city governments, a solid knowledge of the privacy regulations has become a new top requirement.
A big chunk of current smart city technologies and data usage concern impersonal data collected and used for the direct benefit of the city environment, the well-being of citizens, and more efficient city operations. For instance, in smart waste management, monitoring systems for air, noise, and water quality, the data used about ‘things’ rather than about people, and may therefore be less sensitive.
The monitoring of traffic flows, public transport, crowd, sports, and event management through, among others, infrared video, CCTV, or heat sensors can also be considered in this quadrant. The data in this quadrant concern all data that cannot be linked to an individual person and are used for surveillance and control purposes.
To manage the challenges, local governments should identify the privacy concerns for their citizens that may be at stake with specific technologies and data practices, how these are subject to the data protection regulations, and develop a specific city policy on new developments that accommodates the concerns of citizens, beyond the bare legal necessities.[11]
- The Main Issues Should Start-Ups Pay Attention to While Developing Smart City Technology in Turkey
Smart city projects in Turkey are fewer number than in Europe and the United States of America. The main reason is a lack of funding and qualified human resources. However, the Ministry of Development[12] with the help of all the other relevant ministries, has prepared the 2020-2023 National Smart Cities Strategy and Action Plan.[13] Accordingly, many cities have already introduced smart applications, particularly in transport and urban services. Accessing services through electronic channels and e-government is the most popular application within municipalities.
The security and confidentiality of personal data are explained as two separate concepts under the Turkish legal system. The security of the data means that the relevant data has been verified; confidentiality means protection from unauthorized interference. Law No. 6698 on the Protection of Personal Data and Turkish Penal Code No. 5237 and the Turkish Constitution are guiding in this regard.
Article 4 on Law on the Protection of Personal Data set forth general principles regarding the processing of personal data. The following principles shall have complied within the processing of personal data:
- Lawfulness and conformity with rules of bona fides.
- Accuracy and being up to date, where necessary.
- Being processed for specific, explicit, and legitimate purposes.
- Being relevant with, limited to, and proportionate to the purposes for which they are processed.
- Being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed.
In addition to this, Article 5 on Law on the Protection of Personal Data regulates the situations in which personal data can be processed without the need for explicit consent:
- it is provided for by the laws.
- it is mandatory for the protection of the life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid.
- processing of personal data belonging to the parties of a contract is necessary provided that it is directly related to the conclusion or fulfillment of that contract.
- the controller must be able to perform his legal obligations.
- the data concerned is made available to the public by the data subject himself.
- data processing is mandatory for the establishment, exercise, or protection of any right.
- it is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
Applications that are not of a personal nature but use public and anonymized data or data independent of individuals do not pose any inconveniences in terms of the protection of personal data. However, some smart city applications process the personal data of users in terms of being urban. The issue of whether these applications process personal data in accordance with the procedure in Law on the Protection of Personal Data needs a legal evaluation.
Conclusion
Smart cities are based on technology-driven and stream-of-thinking that continues to influence current urban development policies and priorities on a global scale. In this paper, a framework was presented to identify what kind of privacy concerns the use of smart technologies and (big, open, and linked) data produce may raise among people in smart cities.
Many new and technological applications have become indispensable even for daily activities. However, it is very risky for these practices to remain unrestrained, and the principle of transparency must be ensured perfectly to eliminate this risk. In particular, matters such as the nature of the data used in applications, for what purpose and for how long it is used, and whether it is destroyed after use should be disclosed to the public.
The fact that smart city applications mostly aim to establish a public service does not make the applications innocent. Because all the data material obtained is related to the privacy of individuals. Data privacy is at least as much as physical privacy and must be protected both by the law and by the users themselves.
REFERENCES
Chourabi, Hafedh. “Understanding Smart Cities: An Integrative Framework”. 45th Hawaii international conference on system sciences. 2012. (2289-2297)
J.C, Minu Mariyam Panicker and Smitha. 2017. «Privacy on Data Overcollection in Smart City.» International Journal of Computer Science & Engineering Technology 8 (04 Apr 2017): 167-173.
Khatoun, Rida, and Sherali Zeadally. “Cybersecurity and Privacy Solutions in Smart Cities”. Communications Magazine. 55(3). 51-59.
Law on the Protectıon of Personal Data (Law No. 6698). < https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/aea97a33-089b-4e7d-85cb-694adb57bed3.pdf >
Turkish Ministry of Environment and Urbanization. 2020-2023 National Smart Cities Strategy and Action Plan. < http://www.akillisehirler.gov.tr/wp-content/uploads/strategyplan.pdf >
Zaheer Khan, Zeeshan Pervez, and Abdul Ghafoor. 2014. «Towards Cloud-based Smart Cities Data Security and Privacy Management.» 7th International Conference on Utility and Cloud Computing. 806-811.
Zoonen, Liesbet va. 2016. “Privacy Concerns in Smart Cities.” Government Information Quarterly. 472-480.
[1] Minu Mariyam Panicker and Smitha J.C, “Privacy on Data Overcollection in Smart City”, International Journal of Computer Science & Engineering Technology, Vol. 8 No. 04 Apr 2017, p. 168.
[2] Hafedh Chourabi, “Understanding Smart Cities: An Integrative Framework”, 45th Hawaii international conference on system sciences, 2012, (2289-2297), s. 2290.
[3] Liesbet van Zoonen, “Privacy Concerns in Smart Cities”, Government Information Quarterly, 33 (2016), 472–480. p.473.
[4] Rida Khatoun and Sherali Zeadally, “Cybersecurity and Privacy Solutions in Smart Cities”, Communications Magazine, 55(3), 51-59, s. 53.
[5] ibid.
[6] Liesbet van Zoonen, “Privacy Concerns in Smart Cities”, p.474.
[7] ibid.
[8] ibid, p.475.
[9] “In general, opinion polls consistently report that people tend to trust their local government much more than their national ones, for instance, 72% trust in local government versus 24% in national government in the US (reported in Goldsmith, 2015[9]), and 79% in local government versus 11% in national government in the UK (reported in Walker, 2013[9])”ibid.
[10] ibid.
[11] ibid. p.479.
[12] The Turkish Ministry of Development and the General Directorate of Budget and Financial Control of the Ministry of Finance were combined to form the Strategy and Budget Department under the Turkish Presidency. Development Agencies affiliated to the Ministry of Development were affiliated to the Ministry of Industry and Technology on July 10, 2018.