Skip to content
Skyscrapers and Wifi signals

Privacy by design in smart cities

How to build smart cities in a privacy and security-friendly way, when more and more movements and human actions are tracked by means of public WiFi and camera systems? How to develop the right infrastructure in smart cities? In particular, how to make employees aware of privacy and security risks handling personal data in businesses, which provide applications for smart cities? How to combine state-of-the-art privacy and security strategies and creative thinking?

The interdisciplinary research project Privacy by design in smart cities (GAMEaTHON) seeks to answer those questions. The Alexander von Humboldt Institute for Internet and Society runs a one-year research project exploring the adequate governance of data-driven innovation.

Research and development goal

Data protection and privacy laws require data controllers to implement technical and organizational measures in order to comply with the law (privacy and security by design). With respect to the development of future technologies, like the Internet of Things (IoT) or the latest evolutions in the automotive industry, it is an open question of how to implement these requirements in practice.

The relevance and consequences for companies and data protection

The provision of widespread public WiFi access in urban environments makes it principally possible to create social heatmaps about how many people, whose personal devices are set to connect with available WiFi spots, are or will be at which places at what time. The municipality, private companies and/or public-private partnerships can use this information, for example, in order to organize more efficiently local transport facilities.

However, the information can also be misused by surveilling urban society at large. The police could, for example, use it for police investigation (“who was present at sites of crime?”) or companies could trace their customers and/or employees at every public place they are (except they have switched off the function of their mobile devices to connect with public WiFi spots). The question therefore is how to implement privacy and security by design measures in such an urban WiFi system, i.e. in all public and/or private entities connected to the system, in order to enable, on the one hand, more efficient traffic management and avoid, on the other hand, the potential misuse of the information retrieved. This question shall be answered by this research project.

Events within the project

14:00 - 17:30
#pre-AoIR: Legal Hackathon | Workshop
Humboldt-Universität zu Berlin | Seminar Building, Berlin
Duration06/2017 – 03/2018
SupporterThe research project »Privacy by Design in smart cities« is supported by Cisco.

A research project by the Alexander von Humboldt Institute for Internet and Society, supported by Cisco, and in collaboration with INNOVATION AND LAW, Booster Space and iRights.Law.




Kevin Klug

Associated researcher: Governance of Data-Driven Innovation

Maximilian von Grafenstein, Prof. Dr.

Associated Researcher, Co-Head of Research Programme

Jörg Pohle, Dr.

Head of Research Program: Actors, Data and Infrastructures

Support us

Via the Internet & Society Foundation or with a donation.

Former employees

Journal articles and conference proceedings

Grafenstein, M. v. (2020). Innovationsoffener Datenschutz durch Folgenabschätzungen und Technikgestaltung. Datenschutz und Datensicherheit - DuD, 44(3), 172-175. Publication details

Working paper

Grafenstein, M. v. (2020). How to build data-driven innovation projects at large with data protection by design. HIIG Discussion Paper Series, 2020(3), 93. Publication details

Lectures and presentations

Smart City Governance: Citizens, Privacy and Services
CPDP 2018 Computer, Privacy and Data Protection Conference (Session: Smart City Governance: Citizens, Privacy and Services). Centre for Research into Information, Surveillance and Privacy. Area 42 Petit, Brussels, Belgium: 30.01.2019 Further information

Max von Grafenstein


Certification for GDPR-compliant Anonymity: Real Anonymisation or just another Risk Assessment?
CPDP2018 Computer, Privacy and Data Protection Conference. AirCloak. La Cave, Brussels, Belgium: 30.01.2019 Further information

Max von Grafenstein

Moderation of workshops and panels

Launch of the new board game: Admins and Hackers
CPDP 2020 Computer, Privacy and Data Protection Conference. Area42, Brussel, Belgium: 23.01.2020 Further information

Max von Grafenstein

Organisation of events

3. Workshop zur Zertifizierung "Prüfprogramme für Auftragsverarbeiter"
13.01.2020. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (National)

Maximilian von Grafenstein, Jörg Pohle

Data Protection by Design in Smart Cities
05.11.2018. Humboldt Institut für Internet und Gesellschaft, Berlin, Germany (International)

Kevin Klug, Maximilian von Grafenstein, Jörg Pohle, Nuri Khadem

Game Jam – Unveil the privacy threat
From 07.10.2017 to 08.10.2017. Humboldt Institut for Internet and Society, sirius minds, Berlin, Germany (International)

Katharina Beitz, Maximilian von Grafenstein, Thomas Schildhauer, Larissa Wunderlich