Smart Cities: Data Protection in eGovernment in Germany

Smart Cities: Data Protection in eGovernment in Germany

Legal advice on eGovernment and data protection

Due to steady population growth and the increasing challenges posed by climate change, more and more cities are facing or have already initiated a comprehensive transformation process. In doing so, they are forced to use their limited resources more profitably for the common good. 

The Covid-19 pandemic clearly demonstrated the benefits of digital processes. By networking a wide variety of urban domains, such as mobility, administration and urban development, smart cities shall be created through the incorporation of technical innovations and digital solutions. Their goal is to observe urban coexistence more holistically and to manage it in a more needs-based manner. With the increase in efficiency, an upgrade in the quality of life and an increase in comfort for city residents are expected to be achieved.

However, in order for the upcoming changes to be accepted by them, special emphasis must be placed on the citizen-friendliness of the solutions offered. This includes user-friendly applicability, but also the economical, transparent, purpose-related and lawful handling of the data of the persons affected.

Data Protection Smart Cities Germany | Law Firm

Transformation of the administration | eGovernment

An important building block for the development of a smart city is the implementation of a modern, digital and citizen-friendly administration. This project, known as eGovernment (electronic government), is essentially built on three pillars:

  1. Digitization and acceleration of internal and external administrative processes
  2. More efficient urban development on a data-based decision-making basis
  3. Availability of digital infrastructures, such as public wifi or nationwide fiber-optic networks

Digitization of the administration in Germany

With the Online Access Act (Onlinezugangsgesetz, OZG) of 2017, the federal government of Germany, the states and their municipalities have committed themselves to offering all administrative services electronically via corresponding administrative portals by 2023 at the latest. As a result, administrations are under pressure to initiate the eGovernment transformation process in Germany.

The objective is to digitize internal and external administrative processes and simplify access for citizens. Interdepartmental solutions are to be used to create decentralized access to administrative services. For example, by bundling its service offerings in digital formats, the administration can work more efficiently in terms of time and resources and also enhance these with third-party service offerings. To do this, a large amount of personal data is inevitably collected, processed and, in some cases, shared with third-party providers.

Data-based urban development

In addition to the digitization of internal and external administrative processes, cities will also increasingly rely on electronic data for urban development in the future and use it as a critical basis for decision-making. In this context, real-time data will play an increasingly important role due to new technologies. These offer a direct insight into individual areas of urban coexistence.

For example, data on traffic volume, available parking spaces or even air quality can be collected in real time through the use of sensor- or video-based technologies. These data can then be quickly evaluated by means of intelligent systems so that, if necessary, grievances can be addressed promptly and flexibly. This allows for the more appropriate, more efficient and, ultimately, more sustainable use of existing resources. The advantages can be expounded, particularly in the area of traffic planning and control. Data on the traffic situation, available parking spaces or the current air quality can, for example, be used to immediately adapt traffic to current conditions and thus control road utilization or air quality in a more targeted manner.


Privacy and Cyber Security in Germany 2023
(Chapter in the Law Review series)

Our privacy experts contributed a chapter on data protection in Germany to the handbook The Privacy, Data Protection and Cybersecurity Law Review.

Read here for free

Networking of administration and business

In addition to the administration, companies also play a central role in the implementation of eGovernment solutions in Germany. On one hand, they provide offers for a digital infrastructure. If the administration does not completely take over the transformation process itself and implement its own solutions, it is dependent on offers from companies. Once the new management structure has been implemented, the data it collects can, on the other hand, be shared with companies.

In some areas, it is this networking that initially makes it possible to allocate resources more efficiently and in such a manner as to meet demands. By giving private companies access to the data collected, they can tailor their services to urban needs and thus contribute to the smart city.

Legal framework of privacy for eGovernment in Germany

A central component of an eGovernment transformation is the networking between administration, citizens and companies. A wide variety of data is collected, evaluated and processed for this.

The handling of data plays a central role here in two respects. On one hand, transparent handling of citizens' data makes a decisive contribution to the acceptance of the transformation processes toward a digital administrative structure. On the other hand, the specific data protection requirements must be taken into account when personal data is collected.

Responsibilities and legally compliant networking

If information is collected that relates to an identified or identifiable natural person, it is personal data. The lawfulness of their processing is primarily determined by the GDPR. It is then crucial to determine to what extent these data are processed, to whom they are legally assigned and where they are stored. However, this classification is not always easy and often requires a more detailed review. Therefore, the active participants often try to manage without personal data.

Role identification for personal data

If personal data is involved and several participants have access to it, their roles under German data protection law must be clarified. For this, the questions arise as to

  • which of the participators collected the data,
  • which other participators process the data and
  • which persons within the organizations come into contact with the data.

Only the clear identification of roles within the processing makes it possible to determine the rights and obligations of the individual participants with regard to the lawfulness of the processing. Ultimately, the organization of processing procedures that comply with data protection law is also based on this determination.

Rights of use in eGovernment

If more than one person or actor has access to the data, it must also be clarified who is entitled to the rights of use and thus has “control over the data.” If the rights holder wishes to share the data with third parties but does not wish to transfer an unlimited right of use, this should be contractually specified. In this case, the specific form of the contract between the parties is also of particular importance.

From a data protection perspective, the focus is also on the interfaces and platforms of networked administration. At these points, companies, administrations and citizens network to exchange data about or from citizens. These are a central component of the transformation and must therefore be designed in compliance with data protection law.

The concrete organization of the processes, which are additionally influenced by the technologies used (e.g. blockchain, big data, artificial intelligence), is essential here. In doing so, the procedures must not violate data protection regulations. At the same time, they should meet the requirements and demands of rapid mass transportation that is user-friendly.

Our legal services in eGovernment and data protection

While the legal handling of various key technologies in the implementation of smart cities is still uncharted territory for many and the corresponding competence development is still in its infancy, our team has many years of experience in intensively handling their legal design and advising clients, for example, in the data protection-compliant implementation of blockchain technologies, the "internet of things" or various platform solutions. 

Our range of services includes:

  • Conceptualization and validation of the intended project
  • Project management
  • Comprehensive advice in the area of IT and data protection law, particularly with regard to new technologies
  • Protecting know-how and securing industrial property rights
  • Contract drafting and negotiation

Your attorney for eGovernment and data protection law

Are you looking to start or further develop your eGovernment project and avoid oversight in data protection? Our attorneys for questions on the topic of smart cities and eGovernment are happy to help.

he easiest way to reach us is by e-mail ( or by telephone (+49 69 76 75 77 80). We are also available for any questions regarding IT law.

Do you need support?

Do you have questions about our services or would you like to arrange a personal consultation? We look forward to hearing from you! Please fill in the following information.

Or give us a call: +49 69 76 75 77 80