Foreign “smart cities” could face GDPR fines for misusing EU citizens' data, a Government smart city tsar has warned.
Dr Jacqui Taylor, strategic advisor to the UK Government on smart cities, said that public bodies and companies based abroad could face fines worth millions of pounds if they fail to follow strict rules which protect EU residents from data misuse.
Transgressors can be fined 4pc of annual global turnover or €20m (£17.4m), whichever is greater.
Cities elsewhere in the world face being “called to account if something goes wrong”, she said, with British citizens able to complain to UK regulator the Information Commissioner if they think their rights have been infringed.
Smart cities across the globe are beginning to collect data from residents and visitors to monitor purchasing, public transport and services use, but there has been controversy about how the data is managed and whether there is enough transparency about what it is used for.
Dr Taylor, the chief executive of web science company Flying Binary, said she had also been advising cities in the Middle East on their responsibilities.
“They took it very seriously because they understood that as a European citizen, if I'm out there, they'll be called to account if something goes wrong, or if I decided that I want a change to how they're managing what their trust model is, because I have that backing of the regulations,” she told the Sunday Telegraph.
GDPR, which came into force in May this year, requires that companies and public bodies who manage data must be transparent about what they are collecting and what they are using it for, and allows a “data subject” to revoke their consent for their data to be processed.
“A citizen would report an infringement to their ICO who would pursue the investigation and deal with any infringement on their behalf,” added Dr Taylor.
An example could be where a visitor from an EU country downloads a smart city’s app ahead of visiting in order to access perks such as parking, free WiFi and information about local events.
If they are still in an EU country, they are covered by the law. They may also be covered if their data is collected during a visit, and retained after they leave, although lawyers said the rules on this were less clear.
A precedent on this point has not yet been set by the courts, and lawyers said smart cities had to be careful not to become a “test case” as regulators seek to “set some examples” of companies that failed to comply.
Rafi Azim-Khan, partner at Pillsbury Law and head of data privacy Europe at the firm, said regulators could consider the residence status of an individual to determine whether they were protected by the law, as well as factors such as where they pay taxes and where their children were in school.
“If you go right back to the basics, there is a decent argument to say that the lawmakers intended that genuine EU citizens who might be travelling in other parts of the world, if their data is being captured and processed, you do run that risk if you don’t look after that data in the way that is mandated under the new rules,” he said.
---
Autor(en)/Author(s): Olivia Rudgard
Quelle/Source: The Telegraph, 11.11.2018
Bitte besuchen Sie/Please visit:
