Editors: Shaun Topham – DataVaults H2020 Project; Paolo Boscolo – Comune di Prato, Major Cities of Europe; Michael Mulquin – Open and Agile Smart Cities.
River Publishers, 2022.
This book was produced in order to help grow a data economy in Europe, which reflects European values. It is argued that by adding a citizen’s personal data, under their own control, to current and developing use of data in a smart city, a major contribution can be made to realising the ambition of many European cities of becoming carbon-neutral by 2030. And further, to contribute to building a mechanism for replicating the lessons which will be learned as cities utilise personal data and progress towards achieving both their environmental and smart city targets.
Here we present some insights from this book, not expecting certainly to be exhaustive of the content, but with the purpose to provide a flavour of the richness of topics that the reader will find inside it.
The full book can be downloaded here.
The selected contributions are certainly not exhaustive of the book content, they have just the purpose to provide a flavour of the richness of topics that the reader will find inside it.
This book, designed by the H2020 DataVaults project, sets out to address some of the issues which smart cities need to overcome in order to make use of the data currently available to them and draws attention to how a citizen’s personal data can be accessed technically, in order to take existing best practice to the next level, and, in particular, as to how the technology emerging which safely allows a citizen to share their personal data, under their own control, can be utilised to achieve these goals. The target group is primarily those leaders and strategists from a smart city who take the decisions and the authors’ intent is that of assembling a key group of opinion-forming cities, mainly from those recently accepted as the 100 cities in the EU Cities Mission, that should act as a “lighthouse” to first determine how personal data might be included to enhance the whole smart city approach to data handling. And as a consequence, this will lead to having a clear sense of how utilising personal data may contribute to the goal of becoming smart and climate-neutral by 2030, and, subsequently, help to steer the rest of the cities towards achieving this goal by 2050.
The book analyses many EU funded projects and initiatives in the data sector, proposing a sort of a “data journey” inside a smart city, and is well located inside the European data strategy, aiming to make the EU a leader in a data-driven society and to create a single European data space, in which an almost infinite amount of high-quality personal and non-personal data is secure and can be used in an ethical and trusted way to create value and boost growth, while minimising the environmental footprint related to its use.
We should not leave the use of personal data to the engineers and technocrats: we need designers and practitioners who understand the opportunities and risks and who are capable of crafting and guarding a “path to Utopia”. Because with the combination of personal data and other data, the active engagement of citizens willing to change their behaviour, and the current legal and financial stimuli from governments, the potential solutions for a better world are limited only by our imagination.
In Chapter 1, Haydee S. Sheombar (Founder Kankan*Tree, Research Affiliate, Erasmus University Rotterdam, Netherland) and Joseph V. Sheombar (Master Student Built Environment, Delft University of Technology, Netherlands) investigate opportunities and risks of including personal data inside the Smart City ecosystem. Their analysis starts by the consideration that the concept of smart cities is finally gaining traction, due to both the development of Urban Data Platforms, increasingly seen as the vital infrastructure that can help smart city pilots scale, and the EU believing that the way to fight climate change is through a “Twin Transition”, i.e., the energy transition and the digital transition, together. This twin transition is also embedded in “The EU Smart Cities Mission” that aims to have 100 smart cities that will lead the way to climate neutrality.
The development of Urban Data Platforms is mostly a matter of trust in technology and capabilities, trust in the organisations that control the platform and, most importantly, mutual trust between the public and private sector involved in financing, owning and managing the platform. On the other hand, the difference in speed between technology and policy may explain the slow progression of smart cities. Another explanation is the low involvement of citizens: using citizen’s personal data by means of personal data vaults (PDVs) might be a way to improve citizen engagement in the smart city ecosystem.
Several thought leaders on the digital society share Berners-Lee’s view that the promise of the internet has been wasted and perverted, as the current web has been captured by corporations and it has become a set of “walled digital gardens”, an environment plagued by uncertainty about your own data, spying and hacking.
While the EU has created several institutions, rules, and laws relevant to the access and use of personal data, another reaction to the broken promise is the development of means to give individuals control of their personal data (Personal Data Vault – PDV), in order to allow administrations and organisations to give control of data back to individuals.
These PDVs are individually controlled safe data stores and key to privacy, separating collection and storage of personal data streams from their dissemination. Instead of people directly exchanging their personal data streams with services, they use secure containers that only the user can fully access. With various forms of access control lists, the PDV permits the selective sharing of subsets of this information. This way, the data owner can actively participate in influencing data sharing decisions rather than depending on third parties.
This will help the drive towards smart cities and galvanise the adoption of urban data platforms. The availability of personal data would expand as a result, stimulating the data economy and improving the state of the data ecosystems, since all players can reuse data once individuals have given their approval. The personal data vault might become the most important tool in our journey as a citizen. Balancing the benefits against the pervasiveness of this tool should be a conscious decision, subjected to continuous evaluation.
The authors emphasise three benefits of personal data vaults: the protection against online manipulation, the enhancement of city services and the possibility to change individual behaviour. Nonetheless, their question is “Do these benefits of the PDV outweigh its pervasiveness and potential intrusiveness?”
Potential positive and negative impacts on both citizens and cities are taken into account, to depict different scenarios, fluctuating from utopia to dystopia. Main conclusion is that we need a “human centric” paradigm to ensure we have the citizen at the top of our mind when devising policies and designing our cities. But we also need a “contextual values” paradigm, to expect the government and the rest of the city ecosystem to create an environment for individuals to thrive, allowing for exploration and creativity, stimulating diversity and, by doing so, creating a city where all individuals can exploit their full potential and play their part in solving today’s challenges.
In Chapter 16, Maria Sangiuliano (Research Director, Smart Venice, Venice, Italy) provides first some insights related to the lesson learned coming from the experience of the Citizen Focus Action Cluster in the Smart Cities Marketplace, focusing on citizens’ engagement in smart cities in order to facilitate dialogue and discussions among the broadest spectrum of stakeholders interested into overcoming “tech-centred” approaches. Secondly, the author emphasises the crucial role of data in citizens’ engagement within smart cities projects and presents three concrete case studies as examples of possible approaches in such context.
Finally, the focus is posed on the role of citizen’s engagement in tackling the climate change issue: the Mission Board for climate-neutral and smart cities of the European Commission has identified the so-called Climate City Contracts as the key tools to be used by cities to set up programmatic objectives and strategies towards de-carbonisation for energy, transport, buildings, and even industry and agriculture.
The mission policy report acknowledges that, beyond R&I, a broader involvement is required across a spectrum of actors and policy areas and that a meaningful engagement of citizens is needed to pursue the mission objectives: “To be effective, citizen engagement has to be inclusive, deliberative, and influential… Citizens bring original perspectives to R&I and policymaking, and their engagement helps bridge the gap between science, markets and society. This is especially important in fundamental transformations – e.g. the transition to climate neutrality – that require not just innovation in technologies, but also profound changes in lifestyles and behaviour, along with innovative governance models. Such transformations cannot be imposed from the top: they need to be embraced and shaped by the citizens themselves”.
This policy framework and its objectives are supported by the Net-Zero Cities Consortium, that is set up to constitute a one-stop-shop that will offer support to cities committed to implement the climate contracts via open calls for proposals. The Net-Zero platform is therefore a digital platform to follow up in the next years, when the challenge will be to have a more focused approach towards citizen engagement within climate neutrality policies in urban contexts.
Citizens’ engagement is also impacted by technological developments: the increasing share of R&I endeavours in big data analytics through artificial intelligence algorithms and systems, in particular, has vast potential applications for civic engagement purposes as well. Public trust and meaningful civic engagement can flourish and persist as data and artificial intelligence become increasingly pervasive in our lives, provided that some inherent challenges are critically approached and researched upon.
A relationship of trust between citizens and public bodies to promote a more inclusive data landscape: citizens must be reassured that public actors are capable to keep their personal information safe and secure and that they will use it to improve their lives and society.
In chapter 13, Marina Micheli (Digital Economy Unit, European Commission’s Joint Research Centre – JRC) outlines some analyses and proposals regarding the governance of personal data so that city governments could play a key role in addressing power unbalances of the current data landscape, acting as trusted data intermediaries and enabling the use of citizens’ personal data for the public interest.
The author’s investigation leads to the discover of three different models for the governance of personal data, based on the notion of trusted data intermediary:
Public data trusts are more of a prototype than actual practices, as there are still limited experiences of this model. They imply the establishment of a relationship of trust between citizens and public bodies: citizens must be reassured that public actors are capable to keep their personal information safe and secure and that they will use it to improve their lives and society. To earn trust, public bodies might engage in citizens’ consultations and living labs, launch initiatives for citizens digital rights.
Citizens constantly “leave” digital footprints as by-products of common everyday activities, which are used by private sector companies to collect a great amount of personal data potentially beneficial for city administrations to address health, societal, and environmental challenges. Yet, public bodies, especially local and regional governments, are in a weaker position with respect to tech companies and are struggling to find sustainable ways to access information of public interest collected by those. The author summarises four different approaches followed by public administration in their relationship with business in accessing citizens’ personal data:
Bigger cities and “smart cities” are in a favourable position to access private sector data of public interest as they have more resources, bigger networks, and greater experience to establish partnerships and data pools, but also private companies are more likely to let them access data for free (via data donorship) as this gives them higher reputation and visibility.
Finally, the author summarises some conclusions regarding practical recommendations for experts and managers in local administrations who wish to enhance personal data sharing and use for the public interest through fair and inclusive approaches:
Licence: CC0 Public Domain
The global economy is increasingly more reliant on data, but which is the value of data as an asset? Focusing on assigning a price tag for data is complicated, due to its properties, the multiple value chains that it can generate, as well as legal and ethical implications.
In Chapter 14, Mihnea Tufiș (Eurecat Technology Center of Catalunya, Barcelona) provides some insights on the processes to investigate data value particularly in the context of a smart city. The data-as-an-asset approach and focusing on assigning a price tag for data is complicated, due to the properties of data, the multiple value chains that it can generate, as well as legal and ethical implications.
Ideally, a process to establish data value should generalise to any kind of data, application domain, or economic sector. In the context of smart cities, its benefits would include the understanding of generated data and the ability to map the data value chains to practical outcomes and quantify their impact in the communities. Moreover, some of these data – depending on ethical implications – could even be exchanged in the emerging data markets and, thus, become a source of revenue for the communities and their individuals. Eventually, citizens could be educated on the real power of their personal data, its role in today’s digital world, and empower them to have more control over this personal aspect of their lives.
The “classic” model for (personal) data exchanges is for data-centric companies to offer a so-called “free” service in exchange for the users’ personal data – the famous “if it’s free, then you’re the product”. The data deluge from the past decade and the gradual shift of businesses towards data-driven decision making has created the opportunity for a new group of stakeholders – data brokers – to join in an already unbalanced ecosystem. Data brokers add value to personal data which individuals generate or release during various online activities, by analysing it, aggregating it, generating user profiles, and enriching it with valuable (and often free) data compiled by the National Statistics Organisations (NSO).
This complex landscape is completed by the presence of governments, trying to find their role within it, depending on their degree of understanding of today’s digital transformations. Establishing an equitable relationship with data brokers will be a challenge for cities, as they may find themselves in a position similar to that of big data companies, in the sense that they are both able to generate as well as consume a large amount of data, some of which is behavioural and often personal. However, as opposed to big tech companies, cities are not primarily run for profit; a city’s goal should be the wellbeing of its citizens, and following such principles, it can set it up as a new type of actor in the data exchange landscape – one that generates value through a responsible use of its citizens’ data and redistributes this value back.
Giving a price to generated data is very challenging and no conclusive solution has been provided so far, although many studies are in progress: both data providers and data seekers have very different perception on data value, depending on use, aggregation, etc. The application context is also a fundamental issue and the author outlines the need of understanding the importance of metadata that accompany a dataset. Metadata give a generic view into the origins of a dataset, the methods for generating it, the purpose for which it was generated, its format and access to it, the licenses that may apply to it, and the methods and tools used to process it up to its current form. He recommends that cities step forward and assume the responsibility for creating such metadata, to add value to their current efforts and allow them to explore further avenues for their data.
It is crucial that cities reach out to data and information practitioners, since these communities have the know-how needed to build fair and efficient data and metadata infrastructures. The ideal team should include: technical experts (data scientists, data engineers, library, and information science professionals), legal experts (preferably specialised in technology, intellectual property, or consumers law), experts from city administration (preferably project managers able to map the requirements derived from urban challenges to technical solutions). These specialists should be the glue connecting the needs of the city and its citizens, the technical solution, within the legal and ethical boundaries.
Marco Verch – This image is available under Creative Commons 2.0.
Statistics, cryptography, data anonymisation and even artificial intelligence are some of the technologies able to help citizens in controlling their personal data in a safe way with full respect of privacy, thus supporting the development of the data economy.
In Chapter 6, Sotiris Koussouris (Suite5, Cyprus) and Yury Glikman (Fraunhofer Institute, Berlin) provide a selection of the technologies tested in several European projects and initiatives, like DataVaults, which collectively contribute to help citizens in safely sharing their personal data. The authors’ investigation is focused on four pillars, that are also topics of interest for the European Commission:
Data owners and subjects controlling their own data
User personas – a persona is a mechanism by which insight relating to the statistical properties of the aggregated data (groups of individuals) is generated and shared with those who are interested (data seekers). This means a data owner can still get some value from their data without actually letting a data seeker see his/her data, thereby reducing the risk of being identified.
Direct anonymous attestation (DAA) – DAA is a cryptographic protocol that allows a trusted platform module (TPM) to serve as a trust anchor for the host platform, by creating attestations about such platform (e.g., certifying the boot sequence the host is running on), able to convince a remote verifier that the platform is running on top of trusted hardware and using the correct software. Attestations are made in a privacy- preserving way, therefore the verifier can check that attestations originate from a certified hardware token, but it does not learn anything about the identity of the TPM.
Access control policies – an access control service is composed by an access policies editor, envisioned as part of a data sharing configuration template, as a means for the individuals to define the conditions under which their data will be shared, and an access policies engine enabling the access to the data in case the comparison between the attributes of the data seeker meets the conditions for sharing the data.
Data owners consent management – Consent and adherence to legislation is a very important aspect when it comes to data collection and the technical implementation of such procedures is a very tough task, as they might include: semantic models of consent and legal rights, consent certification, data use traceability, contract support tool and consent tracing functionality.
Preserving data privacy and data quality simultaneously
Data anonymisation – the anonymisation process renders data non-identifiable, such that the probability of re-identifying data sharers/ individuals in the data is rendered sufficiently low.
Secure data analytic services – they are able to run in secure environments, such as isolated data spaces or on-premise or private hosted cloud infrastructures.
Data management technologies – there are many good data management systems on the market, but their deployment in the existing complex infrastructures is always a huge challenge: the best precondition for it is always to follow recognised open standards and ensure the availability of APIs at all services in the public IT infrastructure.
Data models and interoperability – data management is closely related to data models, as the latter are structures that are in a position to support interoperability in data management systems.
Digital Twins for privacy preservation – the role of models in a digital twin (in addition to data) is to provide spatial interpolation, to cross-correlate data from different domains, to infer properties/attributes that are not directly measured, to convert measurements and state info into KPIs and, finally, to predict business as usual (BAU) and what-if scenarios.
Cryptographic solutions for data privacy – cryptography is amongst the key enablers to achieve data privacy and is one of the cornerstones when it comes to data protection. For this reason, all existing and emerging platforms do support cryptography out of the box, as one of the many features they employ to protect the data they hold.
Artificial intelligence threat reporting and response systems – cybersecurity is now playing a very important role in a world of more and more connected infrastructures, where it is essential to come up with more intelligent ways to detect threats to privacy. Collaborative threat intelligence and automated threat analytics are being explored as effective support in facing cybersecurity attacks.
Information Delivery on Privacy Metrics and Data Content and Value
Aside from the tools and methods used to allow engaged stakeholders to secure their data and build the necessary barriers to safeguard privacy and enable trust, there is also the need to explain to data owners how their data and, at the very end, their privacy is protected, what they can find out from their own data themselves, as well as how much value their data hold. The authors explore some of these technologies, spanning from privacy metrics and risk management to personal data analytics and data evaluation techniques.
The authors describe the main features that should be included in data platform to make the notion of the data economy a reality, respecting both data owners, data consumers, and all other engaged stakeholders. Such features include secure and trusted data communication channels, immutable ledgers and smart contracts (blockchain) and crypto wallets. Some details on possible marketplaces are also provided.
Smart cities are managing a great deal of data coming from different systems and sources: putting all this together requires the setup of minimum interoperability levels from both technical and organisational point of view, to allow communication and data exchange between different environments without an excessive burden for public administrations.
In Chapter 7, Michael Mulquin (Open & Agile Smart Cities) sets the context of local data sharing ecosystems, where data from many different agencies can be brought together to enable the city to be managed in a more holistic way. He points out that this requires technical, information, and organisational interoperability and provides a list of some of the specific areas where interoperability is needed in such an ecosystem, by placing this within the European Policy Context.
An interesting way to enhance interoperability in a smart city context is that connected with the development of the so-called Minimal Interoperability Mechanisms (MIM), defined as the minimal but sufficient capabilities needed to achieve interoperability of data, systems, and services between buyers, suppliers, and regulators across governance levels around the world. By basing the mechanisms on an inclusive list of baselines and references, they can take account of the different backgrounds of cities and communities and allow cities to achieve interoperability based on a minimal common ground.
Implementation can be different as long as crucial interoperability points in any given technical architecture use the same interoperability mechanisms. Each MIM can further define a hierarchy of levels of interoperability based on sectorial needs or the need for tighter integration. The MIMs are vendor neutral and technology agnostic, enabling anybody to use them and integrate them in and between existing systems and offerings, complementing existing standards and technologies.
The reason why MIMs are necessary is that there are many guidelines and frameworks covering different areas of concern that need to be put in place to enable a fully functional data-sharing ecosystem for smart cities and communities. While this can be managed effectively by larger and well- resourced cities and communities, most small- and medium-sized cities find the complete implementation of all the standards and frameworks a complicated and daunting task.
There are three different types of MIMs, each of which focuses on delivering the minimal but sufficient level of interoperability needed to enable an effective data sharing ecosystem:
Open & Agile Smart Cities – a network of 168 cities in over 30 countries – is developing a set of 10 MIMs with the aim of covering the full set of requirements to put in place an effective local data sharing ecosystem:
The process of making sure the full list is covered is underway. That is important as all the MIMs have dependencies on some of the other ones, and having the full list will enable those links to be put in place. MIMs 1, 2, and 3 are already at a good level of maturity and are being widely specified by cities in procurements, while MIMs 4, 5 and 7 are under development and plans are in place to develop the remaining MIMs.
The European Commission is supporting the development of a specifically European version of the MIMs known as MIMs Plus to help fulfil the aspirations captured in the Living-in.EU declaration. MIMs Plus is based on the existing minimal interoperability mechanisms plus some additional fundamental building blocks – hence the name: MIMs Plus. An operational guidance paper is also being developed with practical guidance on how the specifications captured in the MIMs can be used in practice.
Licence: CC0 1.0
How can we progress towards having a European model for the data economy? Follow-up activities are suggested, focussed around establishing a core group of cities to collectively act as a lighthouse with the overall goal to create the critical mass of citizens willing to share their personal data within a smart city. This would give a boost to local data economies and make the likelihood of having a dominating European model.
In the final part of the book, the editors, Paolo Boscolo (Municipality of Prato, Italy), Michael Mulquin (MIMs Ambassador, Open & Agile Smart Cities) and Shaun Topham (EU Smart Cities Marketplace, “Citizen’s Control of Data” Initiative) make some suggestions on possible follow up activities to push the adoption of citizens’ personal data within a smart city, in order to design improved services, better informed decision-making and potential revenues for themselves and the local data economy. Currently, the dominant non-European data economy model has a commercial focus, not designed to maximise social and economic impacts: cities may even have to purchase back their own data, whilst the personal data of its citizens also risk to be exported outside Europe, for corporate gain. To avoid having the data of its businesses, public sector and citizens stored and exploited largely outside its borders, the EU data strategy is to become the world’s most secure and trustful data hub.
In order to reach such goal, in the tradition of developing lighthouse projects, a group of cities should gather to compare notes, share experiences, and move forward together as a team, to tackle all the issues focused upon in the book, along with other emerging issues. Such a group should:
Regarding citizens’ participation, the Net-Zero platform will help meet the challenge of having a more focused approach towards such topic, within climate neutrality policies in urban contexts. More issues will arise from the development of new technologies, challenging individual values including privacy and accountability, equality and fairness, whilst looking at how to harness the technologies for inclusive and fair civic engagement and democratic participation.
As far as data governance is concerned, in the suggested group of cities, ideally, a team including data managers as well as representatives of those working within a public administration and assisting the leadership in several disciplines could be implemented. They would be lawyers, economists, service providers, strategists, technicians, and, of course, those in control of the emerging data ecosystems. Peer-to-peer relations of officers at a similar level have been shown to be productive and these teams would also benefit with academic participation.
The intention would not to be having a “possessor” of a good practice passing it down to others but for all to move forward collectively: the hope is that of inspiring smart cities to engage more actively in using relevant data, and in particular citizens’ personal data, to support important local policy objectives, notably to become climate neutral as quickly as possible.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
We use Google Analytics to improve your website's experience, no data will be sold to a third party.