Mapmaking in Smart Cities and the Role of Group Data Protection Rights in DPIAs

Presented at the Surveillance Studies Network Conference
Aarhus University, Denmark
8 June 2018

An abridged version was presented at the launch event for Angela Daly, S. Kate Devitt and Monique Mann (eds), Good Data (Institute of Network Cultures 2019).
University of Amsterdam
24 January 2019


The focus of data protection frameworks on individuals rather than on groups has come under increasing scrutiny from academics. One possibility for better protection opens up when in May 2018 the General Data Protection Regulation[1] comes into force in the European Union. It will then become mandatory to carry out data protection impact assessments (DPIAs) inter alia when ‘systematic monitoring of a publicly accessible area on a large scale’[2] takes place.

This will include many contemporary mapmaking initiatives. Maps are powerful communication tools, and mapmaking used to be a privileged affair. In recent times this has changed as “smart cities” have been outfitted with video, audio, and other kinds of “Internet of Things” sensing devices. The data-streams they generate can be combined with volunteered data to create a vast multitude of interactive maps on which individuals are constantly (re)grouped on the basis of abnormality, deviation, and desirability.
If DPIAs only consider individual data protection rights they will not only fail to protect group data protection rights, but also miss opportunities to engender bottom-up changes that positively impact human rights in public spaces. Therefore, group data protection rights should be included. In this way, the strong performative qualities of maps can offer occasions for groups of citizens in “smart cities” to proactively shape urban environments and claim their positions as full participants.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1.
[2] ibid, article 35, paragraph 3(c).

A pdf of the presentation is freely available here.

See also my publication of (almost) the same name.