Gerard Jan Ritsema van Eck, ‘Algorithmic Mapmaking in ‘Smart Cities’: Data Protection Impact Assessments as a means of protection for groups’ in Angela Daly, S. Kate Devitt and Monique Mann (eds), Good Data 298-316 (Institute of Network Cultures 2019).
Maps are powerful communication tools, and mapmaking used to be a privileged affair. In recent times this has changed as “smart cities” have been outfitted with video, audio, and other kinds of “Internet of Things” sensing devices. The data-streams they generate can be combined with volunteered data to create a vast multitude of interactive maps on which individuals are constantly (re)grouped on the basis of abnormality, deviation, and desirability. Many have argued that under these circumstances personal data protection rights should be extended to groups.
However, group rights are an awkward fit for the current European data protection framework which is heavily focused on individuals. One possible opening for better protection is offered by Data Protection Impact Assessments (DPIAs), which are mandatory to carry out when the ‘systematic monitoring of a publicly accessible area on a large scale’ necessary for mapmaking takes place. They form an opportunity to recognize the risks of e.g. discrimination at an early stage. Furthermore, by including representatives of local (disadvantaged) groups, the strong performative qualities of maps can offer occasions for groups of citizens in smart cities to proactively shape the environments in which they live.
There are serious limitations. Although DPIAs are mandatory, the inclusion of affected data subjects and their representatives is not. This undermines many of the possible advantages. Finally, the high costs associated with the process might mean many companies engage with it only superficially and temporarily. Establishing effective data protection for groups negatively impacted by mapmaking software through DPIAs thus seems nigh on impossible in lieu of substantial legislative change.