Smart Cities: Data Protection in eGovernment in Germany

An important building block for the development of a smart city is the implementation of a modern, digital and citizen-friendly administration. This project, known as eGovernment (electronic government), is essentially built on three pillars:

1. Digitization and acceleration of internal and external administrative processes
2. More efficient urban development on a data-based decision-making basis
3. Availability of digital infrastructures, such as public wifi or nationwide fiber-optic networks

With the Online Access Act (Onlinezugangsgesetz, OZG) of 2017, the federal government of Germany, the states and their municipalities have committed themselves to offering all administrative services electronically via corresponding administrative portals by 2023 at the latest. As a result, administrations are under pressure to initiate the eGovernment transformation process in Germany.

The objective is to digitize internal and external administrative processes and simplify access for citizens. Interdepartmental solutions are to be used to create decentralized access to administrative services. For example, by bundling its service offerings in digital formats, the administration can work more efficiently in terms of time and resources and also enhance these with third-party service offerings. To do this, a large amount of personal data is inevitably collected, processed and, in some cases, shared with third-party providers.

In addition to the digitization of internal and external administrative processes, cities will also increasingly rely on electronic data for urban development in the future and use it as a critical basis for decision-making. In this context, real-time data will play an increasingly important role due to new technologies. These offer a direct insight into individual areas of urban coexistence.

For example, data on traffic volume, available parking spaces or even air quality can be collected in real time through the use of sensor- or video-based technologies. These data can then be quickly evaluated by means of intelligent systems so that, if necessary, grievances can be addressed promptly and flexibly. This allows for the more appropriate, more efficient and, ultimately, more sustainable use of existing resources. The advantages can be expounded, particularly in the area of traffic planning and control. Data on the traffic situation, available parking spaces or the current air quality can, for example, be used to immediately adapt traffic to current conditions and thus control road utilization or air quality in a more targeted manner.

In addition to the administration, companies also play a central role in the implementation of eGovernment solutions in Germany. On one hand, they provide offers for a digital infrastructure. If the administration does not completely take over the transformation process itself and implement its own solutions, it is dependent on offers from companies. Once the new management structure has been implemented, the data it collects can, on the other hand, be shared with companies.

In some areas, it is this networking that initially makes it possible to allocate resources more efficiently and in such a manner as to meet demands. By giving private companies access to the data collected, they can tailor their services to urban needs and thus contribute to the smart city.

A central component of an eGovernment transformation is the networking between administration, citizens and companies. A wide variety of data is collected, evaluated and processed for this.

The handling of data plays a central role here in two respects. On one hand, transparent handling of citizens' data makes a decisive contribution to the acceptance of the transformation processes toward a digital administrative structure. On the other hand, the specific data protection requirements must be taken into account when personal data is collected.

If information is collected that relates to an identified or identifiable natural person, it is personal data. The lawfulness of their processing is primarily determined by the GDPR. It is then crucial to determine to what extent these data are processed, to whom they are legally assigned and where they are stored. However, this classification is not always easy and often requires a more detailed review. Therefore, the active participants often try to manage without personal data.

If personal data is involved and several participants have access to it, their roles under German data protection law must be clarified. For this, the questions arise as to

• which of the participators collected the data,
• which other participators process the data and
• which persons within the organizations come into contact with the data.

Only the clear identification of roles within the processing makes it possible to determine the rights and obligations of the individual participants with regard to the lawfulness of the processing. Ultimately, the organization of processing procedures that comply with data protection law is also based on this determination.

If more than one person or actor has access to the data, it must also be clarified who is entitled to the rights of use and thus has “control over the data.” If the rights holder wishes to share the data with third parties but does not wish to transfer an unlimited right of use, this should be contractually specified. In this case, the specific form of the contract between the parties is also of particular importance.

From a data protection perspective, the focus is also on the interfaces and platforms of networked administration. At these points, companies, administrations and citizens network to exchange data about or from citizens. These are a central component of the transformation and must therefore be designed in compliance with data protection law.

The concrete organization of the processes, which are additionally influenced by the technologies used (e.g. blockchain, big data, artificial intelligence), is essential here. In doing so, the procedures must not violate data protection regulations. At the same time, they should meet the requirements and demands of rapid mass transportation that is user-friendly.