Privacy by design in smart cities
How to build smart cities in a privacy and security-friendly way, when more and more movements and human actions are tracked by means of public WiFi and camera systems? How to develop the right infrastructure in smart cities? In particular, how to make employees aware of privacy and security risks handling personal data in businesses, which provide applications for smart cities? How to combine state-of-the-art privacy and security strategies and creative thinking?
The interdisciplinary research project Privacy by design in smart cities (GAMEaTHON) seeks to answer those questions. The Alexander von Humboldt Institute for Internet and Society runs a one-year research project exploring the adequate governance of data-driven innovation.
Research and development goal
Data protection and privacy laws require data controllers to implement technical and organizational measures in order to comply with the law (privacy and security by design). With respect to the development of future technologies, like the Internet of Things (IoT) or the latest evolutions in the automotive industry, it is an open question of how to implement these requirements in practice.
The relevance and consequences for companies and data protection
The provision of widespread public WiFi access in urban environments makes it principally possible to create social heatmaps about how many people, whose personal devices are set to connect with available WiFi spots, are or will be at which places at what time. The municipality, private companies and/or public-private partnerships can use this information, for example, in order to organize more efficiently local transport facilities.
However, the information can also be misused by surveilling urban society at large. The police could, for example, use it for police investigation (“who was present at sites of crime?”) or companies could trace their customers and/or employees at every public place they are (except they have switched off the function of their mobile devices to connect with public WiFi spots). The question therefore is how to implement privacy and security by design measures in such an urban WiFi system, i.e. in all public and/or private entities connected to the system, in order to enable, on the one hand, more efficient traffic management and avoid, on the other hand, the potential misuse of the information retrieved. This question shall be answered by this research project.
Events within the project
|Duration||06/2017 – 03/2018|
|Supporter||The research project »Privacy by Design in smart cities« is supported by Cisco.|
Part of the research programme
Journal articles and conference proceedings
Grafenstein, M. v. (2020). Innovationsoffener Datenschutz durch Folgenabschätzungen und Technikgestaltung. Datenschutz und Datensicherheit - DuD, 44(3), 172-175. Publication details
Grafenstein, M. v. (2020). How to build data-driven innovation projects at large with data protection by design. HIIG Discussion Paper Series, 2020(3), 93. Publication details
Grafenstein, M. v. (2023). Stellungnahme zum Referentenentwurf des Bundesministeriums für Digitales und Verkehr „Verordnung über Dienste zur Einwilligungsverwaltung nach § 26 Abs. 2 TTDSG“. Humboldt Institute for Internet and Society. Publication details
Lectures and presentationsSmart City Governance: Citizens, Privacy and Services
CPDP 2018 Computer, Privacy and Data Protection Conference (Session: Smart City Governance: Citizens, Privacy and Services). Centre for Research into Information, Surveillance and Privacy. Area 42 Petit, Brussels, Belgium: 30.01.2019 Further information
Max von Grafenstein
PanelsCertification for GDPR-compliant Anonymity: Real Anonymisation or just another Risk Assessment?
CPDP2018 Computer, Privacy and Data Protection Conference. AirCloak. La Cave, Brussels, Belgium: 30.01.2019 Further information
Max von Grafenstein
Moderation of workshops and panelsLaunch of the new board game: Admins and Hackers
CPDP 2020 Computer, Privacy and Data Protection Conference. Area42, Brussel, Belgium: 23.01.2020 Further information
Max von Grafenstein
Organisation of events3. Workshop zur Zertifizierung "Prüfprogramme für Auftragsverarbeiter"
13.01.2020. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National)
Maximilian von Grafenstein, Jörg PohleData Protection by Design in Smart Cities
05.11.2018. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (International)
Kevin Klug, Maximilian von Grafenstein, Jörg Pohle, Nuri KhademGame Jam – Unveil the privacy threat
From 07.10.2017 to 08.10.2017. Humboldt Institut for Internet and Society, sirius minds, Berlin, Germany (International)
Katharina Beitz, Maximilian von Grafenstein, Thomas Schildhauer, Larissa Wunderlich