The protection of personal data in smart cities (Smart Cities)

So-called smart cities are no longer science fiction. Sensors on traffic lights, cameras that count pedestrians, apps that tell you where to park, or streetlights that adjust themselves depending on how many people walk by. All of this sounds modern and convenient, but behind so much technology there’s something we often forget: every device is collecting data, and much of that data is personal.

What data is collected in a Smart City?

Think about it: when you use a municipal app to check public transport, you’re probably sharing your location. When you park and pay with your phone, your license plate, the place, and the time are recorded. When traffic cameras detect the flow of cars, they sometimes also capture faces or license plates. In short, the city becomes a big “information collector.”

And sure, it’s not always bad. This data helps manage traffic better, reduce pollution, or save energy. The problem appears when it’s not clear what data is collected, what it’s used for, or how long it’s stored.

The balance between usefulness and privacy

The challenge of Smart Cities is precisely that: finding the balance between public usefulness and people’s privacy. Because yes, it’s great that a city council can better plan transport based on real movement patterns, but nobody wants to live in a kind of urban Big Brother where everything is recorded.

Besides, the risks are real:

  • Data breaches: if someone hacks a mobility system, they could know where people are moving.
  • Misuse: data intended to improve services could end up being used for commercial purposes or even social control.
  • Questionable anonymity: even if data is said to be “anonymous,” combined with other databases it can become identifiable again.

What can be done to protect ourselves?

Here we’re not only talking about citizen responsibility, but also institutional responsibility. Still, there are practices that help:

  • Demand transparency: municipalities and companies must explain what data they collect and for what purpose.
  • Minimisation: collect only what’s necessary, nothing more. If it’s enough to know how many cars pass by, there’s no need to record license plates or faces.
  • Limited retention: data shouldn’t be stored longer than strictly needed.
  • Enhanced security: encryption, solid protocols, and external audits.

As citizens, we can:

  • Review the permissions of the municipal apps we use.
  • Ask questions and file complaints if we believe data has been handled excessively.
  • Promote the conversation: privacy is not a whim, it’s a right.