The Greater London Authority (GLA) has launched the London Privacy Register to provide greater openness regarding smart city technology operating in public spaces. The Privacy Register is a part of the Emerging Technology Charter for London which serves to guide the trialing and use of data gathering smart city technologies, and the Public London Charter which sets out the rights and responsibilities of the users, owners, and administrators of new public spaces.
The Register is a central catalog of Data Protection Impact Assessments (DPIAs) of Greater London Authority Group smart city projects that collect personal information in public spaces. When a project is likely to result in a high risk to individuals’ privacy, organizations in the UK are currently required to undertake a Data Protection Impact Assessment (DPIAs), which is a legal obligation designed to minimize identified risks. A privacy notice is also required when handling personal information, which informs the public why personal information is being collected, for what purpose, where it is stored, and for how long. Establishing this registry now is important, Theo Blackwell, GLA’s chief digital officer, explained in a blog post, as – over the next decade – the city expects to see an acceleration in the availability of smart city emerging technologies, including: sensors; cameras; drones; robotics; mobility services; augmented and virtual reality; and automated and algorithmic decision-making.
The London Mayor’s Office has placed a fresh mandate on the GLA Group to publish their DPIAs in the Privacy Register as their projects go live. The Register already contains a number of DPIAs, including the Met Police’s use of both live and retrospective facial-recognition technology; Wi-Fi data collection on the London Underground; the processing of personal data in Transport for London’s (TfL) GO app; and the use of automatic number plate recognition (ANPR) under London’s ultra-low emissions zone (ULEZ).