Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective

European Data Protection Law Review (Lexxion), 2016, Forthcoming

37 Pages Posted: 7 Jan 2016

See all articles by Lilian Edwards

Lilian Edwards

University of Newcastle - Law School

Date Written: January 5, 2016


"Smart cities" are a buzzword of the moment. Although legal interest is growing, most academic responses at least in the EU, are still from the technological, urban studies, environmental and sociological rather than legal, sectors and have primarily laid emphasis on the social, urban, policing and environmental benefits of smart cities, rather than their challenges, in often a rather uncritical fashion. However a growing backlash from the privacy and surveillance sectors warns of the potential threat to personal privacy posed by smart cities. A key issue is the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data; other crucial issues include the degree to which smart cities collect private data from inevitable public interactions, the "privatisation" of ownership of both infrastructure and data, the repurposing of "big data" drawn from IoT in smart cities and the storage of that data in the Cloud. This paper, drawing on author engagement with smart city development in Glasgow as well as the results of an international conference in the area curated by the author, argues that smart cities combine the three greatest current threats to personal privacy, with which regulation has so far failed to deal effectively; the Internet of Things (IoT) or "ubiquitous computing"; "Big Data"; and the Cloud. It seeks solutions both from legal institutions such as data protection law and from "code", proposing in particular from the ethos of Privacy by Design, a new "social impact assessment" and new human:computer interactions to promote user autonomy in ambient environments.

Keywords: privacy, law, data protection, smart cities, Internet of Things, big data, consent, privacy by design, HCI, privacy impact assessment

Suggested Citation

Edwards, Lilian, Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective (January 5, 2016). European Data Protection Law Review (Lexxion), 2016, Forthcoming, Available at SSRN: or

Lilian Edwards (Contact Author)

University of Newcastle - Law School ( email )

Newcastle upon Tyne, NE1 7RU
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics