Data privacy is a hot topic nowadays. It’s all about handling personal data in accordance with the law and best practices. But let’s get one thing straight – data privacy and data protection are not the same thing. They may be related, but they’re not identical twins. Privacy is all about how personal data is “used” and governed, while data protection is about “protecting” data from malicious attacks. And while security is important, it’s not enough to ensure privacy.
In today’s digital age, data privacy is more important than ever. With so much of our lives taking place online, it’s crucial that we protect our personal information from prying eyes. That’s why it’s essential to have policies in place to ensure that personal data is collected, shared, and used appropriately. And while security measures are necessary to protect data, they’re not enough to guarantee privacy.
So, what’s the bottom line? Privacy and security are both important, but they’re not interchangeable. As we continue to move more of our lives online, it’s crucial that we prioritize data privacy and protection.
According to the UNCTAD, 137 out of 194 countries have already enacted legislation to safeguard data privacy.
The Indonesian government has recently passed Law No.27 of 2022 on Protection of Personal Data (PDP Law). This law aims to protect the personal data of Indonesian citizens and ensure that it is processed lawfully and transparently. The PDP Law applies to all individuals and entities, including government agencies and private companies, that process personal data in Indonesia.
Under the PDP Law, personal data is defined as any information relating to an identified or identifiable individual. This includes but is not limited to, name, address, email address, phone number, and identification number. The law requires that personal data must be processed fairly and lawfully. It requires that individuals have the right to access and correct their personal data, and to request its deletion in certain circumstances.
The PDP Law provides the following six legal bases that can be used for collecting and processing personal data:
(a) with the express consent from the data subject;
(b) in accordance with contractual obligations under a contract to which the data subject is a party;
(c) in accordance with legal obligations of the data subject under applicable law;
(d) to protect the data subject’s vital interests;
(e) to comply with duties in the interest of public service or the implementation of a data controller’s authority/instruction, as required under applicable law; and
(f) with other legitimate reasons.
The PDP Law also imposes strict penalties for non-compliance, including fines and imprisonment. It is important for all individuals and entities that process personal data in Indonesia to ensure that they are in compliance with the law to avoid any legal repercussions.
A smart city is a city that uses technology to improve the quality of life of its citizens. This includes using data and sensors to monitor and manage everything from traffic flow to air quality. By collecting and analyzing data from various sources, cities can make informed decisions to enhance their infrastructure and services.
For example, by using real-time data from traffic sensors cities can optimize traffic flow and reduce congestion. This not only saves time for commuters but also reduces carbon emissions from idling vehicles. Additionally, smart lighting systems can be installed to reduce energy consumption and improve safety by automatically adjusting brightness based on the time of day and traffic flow.
The smart city concept offers a new approach to manage public assets and resources. By integrating information and communication technology and the Internet of Things (IoT), traffic and transportation systems, waste management, and law enforcement can be managed in a secure and effective way.
With global’s expected population growth, the smart city concept can benefit many cities to prepare for the future.
In conclusion, the use of data in smart cities is transforming urban living by improving efficiency and sustainability.
Indonesia’s shift from a rural to urban economy has been a significant factor in the country’s growth potential. However, this transformation has also highlighted some challenges that need to be addressed. By 2025, almost 70% of the population is expected to live in cities, which means that the public and private sectors must find innovative ways to help citizens benefit from this change.
Jakarta is one of the Indonesian cities that is currently transitioning to a smart city. This move is part of the regional government’s efforts to improve living standards and ensure sustainable resource management. The transition is also in response to long-standing issues that have adversely affected residents, such as poor air quality, vulnerability to floods, and traffic congestion.
The Jakarta Smart City program was launched in 2014 to promote and implement smart city initiatives. These initiatives include people, mobility, living standards, economics, the environment, and government. Since its launch, the program has become the provincial government’s hub for the latest technology.
The transition to a smart city is a positive step towards improving the quality of life for Jakarta’s residents. By implementing new technologies and sustainable practices, the city can address issues that have long plagued its residents.
Bandung, a city in West Java, has made significant strides in developing its own smart city technologies. The city’s Command Center was the first of its kind and has since been replicated in other cities in Indonesia, including Jakarta. The local government has expressed interest in incorporating a smart surveillance and monitoring system, as well as smart lighting, in the near future.
Surabaya, located in East Java, has implemented an e-government system that allows for financial matters to be managed online. This system has streamlined processes and made it easier for residents to handle their finances.
Makassar, a city in South Sulawesi, has introduced smart cards that can be used for cashless financial transactions. Additionally, the city has implemented a surveillance system to monitor roads and traffic, improving safety and efficiency
Data Privacy Management is the Key! Data Privacy Management refers to the set of processes (automated or not) and policies that organizations use to process personal information lawfully. It involves the collection, use, and storage of data in a way that is compliant with privacy regulations and ensures the confidentiality of personal information.
Effective Data Privacy Management involves identifying and assessing the risks associated with the collection and use of personal data, implementing appropriate measures, and ensuring that everyone are trained to handle personal information in a lawful manner.
Data Privacy Management is becoming increasingly important as more and more personal information is collected and stored, and in a city daily routine it goes to a whole other level. Failure to properly manage personal data can result in serious consequences, including legal and financial penalties, damage to reputation, and loss of citizen trust, in a smart city project. As such, cities must prioritize Data Privacy Management to protect both their citizens and their own interests.
Here are some of the matters that should be addressed in a Data Privacy Management Program, regarding a smart city project:
a) Data Privacy Compliance and Governance – understanding all data privacy regulations applicable to your project is a must. A smart city project must comply with its local regulations. However, one issue to be addressed are the tourists and visitors coming from different locations, as many data privacy regulations are based on the city where the data subject live
b) Personal Data Life-Cycle – A data lifecycle is the sequence of stages that a particular unit of data goes through from its initial generation or capture to its eventual archival and/or deletion at the end of its useful life. Although specifics vary, data management experts often identify six or more stages in the data lifecycle. This could be challenging considering the number of reasons why data is processed and the volume of personal information used by a system or a device in a smart city
c) Privacy-by-Design (ISO 31700) – ISO 31700 – Privacy-by-Design is a new international standard developed by the International Organization for Standardization (ISO). It was created to help organizations protect the privacy of individuals by building privacy into the design of their products and services. The expression Privacy by Design is attributed to Ann Cavoukian, former Commissioner of Information and Privacy of the Province of Ontario, Canada, who, in the 1990s, addressed privacy and privacy protection as a primary and preliminary item in the creation and development of structures technologies, business models or physical infrastructure (IOT).
The standard encourages organizations to consider privacy from the beginning of the design process when it is easier and cheaper to incorporate privacy measures. It also encourages organizations to be transparent about their data collection and use practices, and to provide individuals with meaningful control over their data.
d) The Data Privacy Officer (DPO) – The Indonesian Protection of Personal Data Law (PDP Law) introduces the obligation for both data controllers and data processors to appoint an official or officer (DPO) to be responsible for ensuring compliance with personal data protection principles and mitigating personal data breach risks under various regulated circumstances
e) Building a Privacy Culture – Cities are living entities and are finding it necessary to develop cultures, processes, practices and systems for maintaining the privacy of their citizens. The roots of privacy culture can be found in the laws and regulations developed to protect the individuals privacy rights. Investment in Data Privacy Education is the only way to increase the Data Privacy Culture throughout the whole city.
f) Some Privacy Risks in a Smart City to be addressed – Here are some data privacy risks in a Smart City Project:
– Facial recognition technology has the potential to track innocent civilians, even those who are not suspected of any wrongdoing.
– Smart meters provide detailed information about households and their appliances, which could potentially be accessed by unauthorized parties.
– Smart devices, such as home assistants and security cameras, have the ability to unintentionally spy on people in their own homes.
– Self-driving cars require a significant amount of data collection and sharing, including information about our exact location and transportation habits.
– Smart transportation systems can track passengers’ movements, potentially infringing on their privacy.
– Social credit systems have the potential to shame individuals and make their lives difficult, even for minor violations.
Marcio Cots – Chief Operating Officer
GetGlobal International*
*GetGlobal International is an international consultancy that assists companies aiming to comply with personal data privacy regulations based on constant legislative and market updates. We selected the best and most respected experts in Data Privacy in different regions who are worldly specialists in data privacy, offering the necessary support for your company to fit regulations quietly and safely. GetGlobal’s team has helped hundreds of companies from all sectors. They’ve become a reference in data privacy compliance as a complete and multidisciplinary solution