Privacy Rules and digitization in the public domain
Europe has had a new privacy directive since May 25, 2018, the GDPR. What are the consequences of the new privacy rules, and what does this mean for smart city projects?
New privacy rules for smart city projects
The AP advises organizations to establish a privacy protocol for personal data. Therefore, it is relevant for many smart city projects to test whether you need to take additional privacy measures to comply with the privacy law.
Companies can collect personal data provided they can demonstrate why and how they process it. You can answer these questions by drawing up a privacy protocol.
The privacy law asks you to think critically about the use of data
The privacy law primarily intends to inform companies what personal data they use and whether measures can be devised to protect citizens' privacy. Therefore, it is essential to describe how you handle personal data by naming methodologically:
What do you do with the data (nature)?
How much data do you need (scope)?
Where did you collect the data (context)?
Why do you need the data (purpose)?
How do you take into account the rights of individuals?
The first three points consist mainly of a methodological description of how the data is collected. Are you working with data partners? Then include them in answering the questions.
Furthermore, it would be best to write down what privacy risks may occur and what measures you have taken to mitigate them.
The fourth point substantiates the basis for being allowed to process personal data. And the last and fifth point addresses the rights of individuals. These are the right to inspect the data you have on them and to be forgotten.
Approach to comply with privacy rules
Complying with the privacy rules for smart city projects requires a specific approach. The AP has established some guidelines on how to create a well-defined work process for data processing. Furthermore, it would be best to have substantive knowledge of the data and the sensors you use in your project. With this combination, you can start drafting a Privacy Protocol.
The five parts of your privacy protocol
The protocol has five themes. These themes describe how you process the data and how you inform individuals. And finally, how you have arranged data exchange with third parties. Furthermore, for all themes, you have to name risks and measures to guarantee the privacy of persons as well as possible.
The themes for your protocol are as follows:
A technical section. In this section, you describe the methodology of how you use the information for the end user.
A policy section. This part is a process description of how individuals are informed about processing personal data. And how they can exercise their rights.
The contractual part. This regulates how data exchange with technology partners and your customers is organized. But also how the data is stored.
The basic principles. What are the arguments that justify the use of personal data,
The risks and measures. What steps have been taken to manage risks with appropriate measures to ensure the privacy of individuals?
What is the conclusion for smart city projects?
In summary, the authority asks you to comply with processing personal data. You can do this by describing why you use the data. Furthermore, they ask you to take measures to protect the privacy of individuals. By drawing up a privacy protocol, you can methodologically describe how and why you process the data.
With these first steps, you can already comply with a large part of the privacy legislation. Then you could ask specialists what other measures you can take to comply with privacy legislation,
If you still have questions after reading this blog, don't hesitate to contact us.