Although last year showed a legal interest for ‘smart cities’, there is no legal definition of them, but rather academic responses from technological, urban, environmental and sociological studies.[1] However today, several key features can be found about smart cities, which include: [2]

  • networks of sensors attached to real world objects such as roads, cars, electricity meters, domestic appliances and human medical implants which connect these objects to digital networks. These Internet of Things networks, describes the network of physical objects, are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.[3] These networks generate data in particularly huge amounts known colloquially as “big data”;
  • networks of digital communications enabling real time data streams which can be combined with each other and then be mined and repurposed for useful results;
  • high capacity, often cloud based, infrastructure which can support and provide storage for this interconnection of data, applications, things and people.

In addition, there are eight key activities that help to identifiy a smart city: a smart governance, infrastructure, building, connectivity, healthcare, energy, mobility and citizens:[4]

However, a growing backlash from the privacy and surveillance sectors warns of the potential threat to personal privacy posed by smart cities.[5] A key issue is the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data. Other issues are also raised, such as the degree to which smart cities collect private data from inevitable public interactions,  the “privatisation” of  ownership of both infrastructure and data,  the repurposing of “big data” drawn from IoT in smart cities and the storage of that data in the Cloud. [6]

Eventually, the question is to know who owns smart cities’ data?

Current legislation on Personal Data Protection

There is a lack of universal open or proprietary standards for exchange of data. The European Union is attempting to find solutions by building protocols for private tech suppliers operating in smart cities, in fields like energy and, generally, Internet of Things systems.[7] Examples of open data in Glasgow data repository noted above is open to researchers and in Rio also made a data portal open to the public with key datasets. [8]

The current legislation on Personal Data Protection includes the latest European reform bill, which will harmonise legislation about smart cities. However, this regulation creates legal uncertainty to discourage investment in improvement of “smart city” projects.[9]

Due to the growth in Big Data that is stored within “smart cities”, this deserves a reflection on the concept of profiling. [10] It means to create profiles of the consumers of various public or private services in order to obtain large amounts of information via data-mining techniques and to analyse common behaviour patterns.[11] One of the example is the intelligent transport technology which can profile about a person’s travel, habits based on certain urban public transport usage. [12] Data can be profiled through domestic energy consumption information to know how many people live in the household and their timetables as well.[13]

The political and legal consequences of smart cities

The flow of data can be realised not only by public but by private companies as well. This flow must be framed by the principles of respect for privacy and personal freedom. This innovation presents an obvious risk in terms of respect for personal freedom. [14]The issue that most immediately springs to mind is privacy protection.  For example, data flowing through smart cities includes a lot of personal data, for instance where we physically are at a given time, our water and power consumption, how we use certain public infrastructure.[15]

There is an example in French Law, called The rules of France’s 6 January 1978 law on information and freedom of the individual, to protect  from digital intrusion into private life which does not mention the context of the smart city .[16] It is important to understand that the data needed for smart cities to function is not necessarily held by the public authorities. It may be in the hands of some of their partners involved in the local public business, like public service operators of water, electricity, gas or even in the hands of purely private operators or example. [17]

Hence the current emergence of the notion of “general interest data” that the holder should make available to the public authorities.[18]

Smart cities will have to adapt to a context in which smart city regulations require many concerns and constraints to be managed concurrently. [19]Finally, local  law will not escape from reforms  as it will undoubtedly be necessary to find new ways of articulating the relationship between local governments. Smart city management law has, by and large, yet to be invented.

Oleksandra Miroshnychenko
Master 2 Droit international public – Université Jean Moulin Lyon 3

Notes de bas de page

[1] Privacy, Security and Data Protection in Smart Cities: a Critical EU Law Perspective, CREATe Working Paper 2015/11 (December 2015)

[2] Deakin, Mark; Al Waer, Husam (2011). « From Intelligent to Smart Cities ». Journal of Intelligent Buildings International: From Intelligent Cities to Smart Cities. 3 (3): 140–152. doi:10.1080/17508975.2011.586671; United Nations, Department of Economic and Social Affairs, Population Division (2014). World Urbanization Prospects: The 2014 Revision, Highlights (ST/ESA/SER.A/352).

[3] Rouse, Margaret (2019). « internet of things (IoT) ». IOT Agenda. Retrieved 14 August 2019

[4] Building the Smart City: 8 Things To Get Right,Benson Chan,May 10 2018,

[5] Edwards, Lilian, Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective (January 5, 2016). European Data Protection Law Review (Lexxion), 2016, Forthcoming, Available at SSRN: or

[6]Lilian Edwards, Privacy, Security and Data Protection in Smart Cities: a Critical EU Law Perspective,January 2015,DOI: 10.5281/zenodo.34501

[7] Privacy, Security and Data Protection in Smart Cities: a Critical EU Law Perspective, CREATe Working Paper 2015/11 (December 2015); Communication A Digital Single Market Strategy for Europe COM (2015) 192 Final. Available at:

[8] Ibid.

[9] Winden, W. and D. Buuse (2017), “Smart City Pilot Projects: Exploring the Dimensions and Conditions of Scaling Up”, Journal of Urban Technology, Vol. 24/4, pp. 51-72,

[10] Dylan Tarín, “Privacy and Big Data in Smart Cities”,

[11] Ibid.

[12] OECD (2012), Recommendation of the Council on Principles for Public Governance of PublicPrivate Partnerships, OECD Publishing; Al Nuaimi, E., Al Neyadi, H., Mohamed, N. et al. Applications of big data to smart cities. J Internet Serv Appl 6, 25 (2015).

[13] Ibid.

[14] Edouard Geffray and Jean-Bernard Auby, « The political and legal consequences of smart cities », Field Actions Science Reports, Special Issue 16 | 2017, 11-15

[15] Ibid.; Jonathan WoetzelJaana RemesBrodie BolandKatrina LvSuveer SinhaGernot StrubeJohn MeansJonathan LawAndres Cadena, and Valerie von der Tann, “Smart cities: Digital solutions for a more livable future”, June 5, 2018 , McKinsey Global Institute

[16]  Loi 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (version consolidée au 27 août 2011) [Law 78-17 of January 6, 1978, on Information Technologies, Data Files and Civil Liberties (consolidated version as of Aug. 27, 2011)], LEGIFRANCE,, unofficial English version available on the CNIL website, at

[17] Ibid.

[18] Edouard Geffray et Jean-Bernard Auby, « The political and legal consequences of smart cities », Field Actions Science Reports, Special Issue 16 | 2017, 11-15

[19] Ibid.