What impact has GDPR had on cities?

Jonathan Andrews spoke to four city leaders on the sidelines of the 20-20 Cities meeting in Prague about how GDPR has changed their roles one year after the law came into force

Jamie Cudden, Smart City Programme Manager, Dublin

It gave us a bit of momentum to start to revisit our portfolio of projects. This includes an innovation programme where we work with a lot of start-ups with more than 40 projects. Dublin City Council put a focus, or lens, on all those projects, taking into account the new world of ethics, digital rights and data privacy.

Within the team we have a wonderful champion who has taken a lead on it and we recognise the need to train the team because everyone has a different understanding of what GDPR is and what it isn’t. Twenty-five of us went through an extensive training session, so you could say we are now ‘certified’ in GDPR. We then started looking retrospectively focusing on risk profiles, and undertook data protection impact assessments.

A key factor is to keep asking the question, why are we doing it, what are the risks involved, and are we being very open about the projects.

Tanaquil Arduin, Chief Data Officer, The Hague

We had to create a sense of what it meant for our city. There were quite a lot of similarities with existing Dutch legislation but we still had to address the differences. Our privacy officer made a very clear framework on how we should use and obey the GDPR law in our city. We are now more aware of the way we use data and the way we used personal details of citizens. We spoke to a lot of our citizens but also with companies we work with and other governments.

Teppo Rantanen, Executive Director for Growth, Competitiveness and Innovation, Tampere

We didn’t have to make too many changes because most of the things we had in place before were already compliant with GDPR. We had to focus on more of the formal things that needed to be put in place. There wasn’t a big change in the actual way that we were using data.

We are still thinking about how it affects the potential use of people’s private data which is definitely worthwhile for us as a city to be able to use. We are working together with the Finnish government on new ways of getting access to private data so that we get  permission from people to use that. It has an impact and we think we have to find a new way of doing that which we don’t have today.

Anna Majó Crespo, Director of Digital Innovation, Barcelona

The administrative implementation of GDPR was quite a nightmare; how we were going to implement it and make it happen. All the databases that we own had to change. The good thing it did was raise awareness. Citizens are now much more aware about giving their data and allowing it to be used for other purposes. This is good, even though it is not very easy because sometimes it can slow down innovation, but Europe should still be taking care of ethics.

Is trust in city data improving?

Cudden

Cities are there to do the best for their citizens. It is about delivering better services and better outcomes and the reason we do all these projects is to better optimise traffic flows or better understand the quality of the environment and to make interventions. In a data driven world it is less politicised but with the proliferation of smart technologies, cities need to be a lot better explaining the benefits and why this is a positive thing for citizens.

Arduin

We have a responsibility towards our citizens to be transparent and clear about what we do with data and how we are using it. If a citizen calls the city they want to know what we used their data for. We should be able to show them and to tell them in a split second. That also means something for our internal ecosystem; to make sure we can connect all this data and is something we are working on right now. 

Rantanen

The new laws didn’t really build further trust for us because it didn’t have that sort of impact on peoples’ minds as the trust had been built at local levels before GDPR came in. It might have been the case for some people who are very specifically looking at this issue but in the general public I don’t think it has had a big impact.

Majó Crespo

I’m not sure a law is the best way to create trust. We need the law, as humans we understand ‘punishment’ or ‘reward’, and law is a little bit of this. But to create trust it is through behaviour and conscious awareness. We have done a lot of work on digital rights and ethical standards, the technology is everywhere but we want to be a challenge driven city and not just data driven.