HomeBusiness DigestSmart cities need smart legal framework

Smart cities need smart legal framework

On May 4, 2020, Technomag, an online magazine, published an article stating that plans to install surveillance cameras in Harare were at an advanced stage.
According to the same article, this is part of the National Smart City initiative spearheaded by the Ministry of Information Communication Technology and Cybersecurity.

Kuda Hove & Otto Saki

This initiative will see cities such as Harare partner with Chinese company Huawei to install closed circuit television cameras (CCTV) as a way to promote safety within the city’s perimeter.

At a global level, the smart city concept is based on the use of various technologies to promote public safety, as well as to make a city’s operations and service delivery more efficient. Zimbabwe formally launched its smart city blueprint named the Zimbabwe Smart Sustainable Cities Initiative in March 2018.
The Zimbabwe Smart Sustainable Cities Initiative Green paper lists access to clean water, beautification of the city, improved health delivery, and the establishment of a sufficient public transport as some of the objectives of Zimbabwe’s attempts to create smart cities.

Smart cities by their design are intended to achieve a wide range of sustainable interventions, that include complex processes such as waste management, power distribution, water purification and supply, urban space utilisation, metering and billing services.

The monitoring of traffic is one other common feature that is embodied in smart cities. The deployment of technology is supposed to deliver safer, quick and efficient public services, the supposition being that human beings are incapable of making complex, fast and efficient decisions.

Smart cities require massive data gathering. Therefore various technologies must be deployed in the form of cameras, sensors and other tech related data gathering tools. The collected data is processed and analysed to identify ways in which service delivery, public processes, and resource management may be efficiently carried out.

It is this continuous collection and processing of data that is a cause for concern. The types of data that are collected range from personal information to more sensitive data such as facial, and biometric data. The CCTV cameras installed in Harare are primarily meant to monitor traffic.
The collection and processing of data must be guided by the eight universally protected principles. First, data must be fairly and lawfully processed. At the present moment there is no framework for that in Zimbabwe. Second, the data must be processed for limited purposes and not in any manner incompatible with those purposes.

Without a law, it is difficult to appreciate the extent to which this data will be used for the specific purposes of traffic monitoring. There are already instances of personal data collected for specific purposes being abused.

Third, the collection should be adequate, relevant and not excessive. Fourth, the information collected should be accurate and where necessary, up to date. There are no mechanisms for anyone to appreciate the accuracy of the information being collected and let alone its uses.

Fifth, the data should not be kept for longer than is necessary. Data storage and destruction is critical. Sixth, the data should be processed in line with the data subject’s rights. A data subject is basically every individual that can be identified, directly or indirectly, through data markers or identifiers such as name, geol location data, facial features, genetic makeup.

Data subject rights include, right to access and right to information about the data subject being held by an entity collecting or processing; right to withdraw consent, this consent is assumed right now as no proper consent requests were sent for Hararians; and concomitantly a data subject has the right to object, right to be forgotten.

Eight, for data to be processed well it should be done so securely and lastly personal information should not be transferred to other jurisdictions without adequate protection.

These principles are usually embodied in a country’s data protection and privacy laws. Currently, the Access to Information and Protection of Privacy Act (AIPPA) is the main law used to protect the right to privacy and regulate data protection in Zimbabwe. This Act does little to provide actual guidance on how data collected through a city wide CCTV system should be handled and protected.

This is problematic given the reports that the CCTV cameras supplied by Huawei might have facial recognition capabilities. Facial recognition cameras make it easier to carry out targeted surveillance on any individuals; there is a need to have laws in place to guard against any potential abuse of this technology by the State or any other private entities. Biometric data such as images of an individual’s face or an individual’s fingerprints deserve a higher level of protection because of the sensitive nature of the information.

While Zimbabwe might be able to conduct business of this nature with China and similarly disposed countries, this impacts trade with other economies that have stringent data regulations that advance data subjects rights over political or economic expedience. Chinese companies find themselves mired in controversies of mission creep, abuse of data and furthering state surveillance. The current efforts to move towards smart cities sounds very noble. Sadly constitutional rights protection and sound regulatory frameworks, always appear to be an afterthought under the Second Republic.

Hove and Saki, are lawyers with keen interest in technology and legal issues and are writing in their personal capacities.

Recent Posts

Stories you will enjoy

Recommended reading