Big Data

What are big data?

“Big data” are also data, but involve far larger amounts of data than can usually be handled on a desktop computer or in a traditional database. Big data are not only huge in volume, but they grow exponentially with time. Big data are so large and complex that none of the traditional data- management tools are able to store them or process them efficiently. If you have an amount of data that you can process on your computer or the database on your usual server without it crashing, “big data” are likely not what you are working with.

How do big data work?

The field of big data has evolved as technology’s ability to constantly capture information has skyrocketed. Big data are usually captured without being entered into a database by a human being, in real time: in other words, big data are “passively” captured by digital devices.

The internet provides infinite opportunities to gather information, ranging from so-called meta-information or metadata (geographic location, IP address, time, etc.) to more detailed information about users’ behaviors. This is often from online social media or credit-card-purchasing behavior. Cookies are one of the principle ways that web browsers gather information about users: they are essentially tiny pieces of data stored on a web browser, or little bits of memory about something you did on a website. (For more on cookies, visit this resource).

Data sets can also be assembled from the Internet of Things (IoT), which involve sensors tied into other devices and networks. For example, censor-equipped streetlights might collect traffic information that can then be analyzed to optimize traffic flow. The collection of data through sensors is a common element of smart city infrastructure.

Healthcare workers in Indonesia. The use of big data can improve health systems and inform public health policies. Photo credit: courtesy of USAID EMAS.

Big data can also be medical or scientific data, such as DNA information or data related to disease outbreaks. This can be useful to humanitarian and development organizations. For example, during the Ebola outbreak in West Africa between 2014 and 2016, UNICEF combined data from a number of sources, including population estimates, information on air travel, estimates of regional mobility from mobile phone records and tagged social media locations, temperature data, and case data from WHO reports to better understand the disease and predict future outbreaks.

Big data are created and used by a variety of actors. In data-driven societies, most actors (private sector, governments, and other organizations) are encouraged to collect and analyze data to notice patterns and trends, to measure success or failure, to optimize their processes for efficiency, etc. Not all actors will create datasets themselves, often they will collect publicly available data or even purchase data from specialized companies. For instance, in the advertising industry, Data Brokers specialize in collecting and processing information about internet users, which they then sell to advertisers. Other actors will create their own datasets, like energy providers, railway companies, ride-sharing companies, and governments. Data are everywhere, and the actors capable of collecting them intelligently and analyzing are numerous.

Back to top

How are big data relevant in civic space and for democracy?

In Tanzania, an open source platform allows government and financial institutions to record all land transactions to create a comprehensive dataset. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.

From forecasting presidential elections to helping small-scale farmers deal with changing climate to predicting disease outbreaks, analysts are finding ways to turn Big Data into an invaluable resource for planning and decision-making. Big data are capable of providing civil society with powerful insights and the ability to share vital information. Big data tools have been deployed recently in civic space in a number of interesting ways, for example, to:

  • monitor elections and support open government (starting in Kenya with Ushahidi in 2008)
  • track epidemics like Ebola in Sierra Leone and other West African nations
  • track conflict-related deaths worldwide
  • understand the impact of ID systems on refugees in Italy
  • measure and predict agricultural success and distribution in Latin America
  • press forward with new discoveries in genetics and cancer treatment
  • make use of geographic information systems (GIS mapping applications) in a range of contexts, including planning urban growth and traffic flow sustainably, as has been done by the World Bank in various countries in South Asia, East Asia, Africa, and the Caribbean

The use of big data that are collected, processed, and analyzed to improve health systems or environmental sustainability, for example, can ultimately greatly benefit individuals and society. However, a number of concerns and cautions have been raised about the use of big datasets. Privacy and security concerns are foremost, as big data are often captured without our awareness and used in ways to which we may not have consented, sometimes sold many times through a chain of different companies we never interacted with, exposing data to security risks such as data breaches. It is crucial to consider that anonymous data can still be used to “re-identify” people represented in the dataset – achieving 85% accuracy using as little as postal code, gender, and date of birth – conceivably putting them at risk (see discussion of “re-identification” below).

There are also power imbalances (divides) in who is represented in the data as opposed to who has the power to use them. Those who are able to extract value from big data are often large companies or other actors with the financial means and capacity to collect (sometimes purchase), analyze, and understand the data.

This means the individuals and groups whose information is put into datasets (shoppers whose credit card data is processed, internet users whose clicks are registered on a website) do not generally benefit from the data they have given. For example, data about what items shoppers buy in a store is more likely used to maximize profits than to help customers with their buying decisions. The extractive way that data are taken from individuals’ behaviors and used for profit has been called “surveillance capitalism“, which some believe is undermining personal autonomy and eroding democracy.

The quality of datasets must also be taken into consideration, as those using the data may not know how or where they were gathered, processed, or integrated with other data. And when storing and transmitting big data, security concerns are multiplied by the increased numbers of machines, services, and partners involved. It is also important to keep in mind that big datasets themselves are not inherently useful, but they become useful along with the ability to analyze them and draw insights from them, using advanced algorithms, statistical models, etc.

Last but not least, there are important considerations related to protecting the fundamental rights of those whose information appears in datasets. Sensitive, personally identifiable, or potentially personally identifiable information can be used by other parties or for other purposes than those intended, to the detriment of the individuals involved. This is explored below and in the Risks section, as well as in other primers.

Protecting anonymity of those in the dataset

Anyone who has done research in the social or medical sciences should be familiar with the idea that when collecting data on human subjects, it is important to protect their identities so that they do not face negative consequences from being involved in research, such as being known to have a particular disease, voted in a particular way, engaged in stigmatized behavior, etc. (See the Data Protection resource ). The traditional ways of protecting identities – removing certain identifying information, or only reporting statistics in aggregate – can and should also be used when handling big datasets to help protect those in the dataset. Data can also be hidden in multiple ways to protect privacy: methods include encryption (encoding), tokenization, and data masking. Talend identifies the strengths and weaknesses of the primary strategies for hiding data using these methods.

One of the biggest dangers involved in using big datasets is the possibility of re-identification: figuring out the real identities of individuals in the dataset, even if their personal information has been hidden or removed. To give a sense of how easy it could be to identify individuals in a large dataset, one study found that using only three fields of information—postal code, gender, and date of birth—it was possible to identify 87% of Americans individually, and then connect their identities to publicly-available databases containing hospital records. With more data points, researchers have demonstrated near-perfect ability to identify individuals in a dataset: four random pieces of data credit card records could achieve 90% identifiability, and researchers were able to re-identify individuals with 99.98% accuracy using 15 data points.

Ten simple rules for responsible big data research, quoted from a paper of the same name by Zook, Barocas, Boyd, Crawford, Keller, Gangadharan et al, 2017

  1. Acknowledge that data are people and that data can do harm. Most data represent or affect people. Simply starting with the assumption that all data are people until proven otherwise places the difficulty of disassociating data from specific individuals front and center.
  2. Recognize that privacy is more than a binary value. Privacy may be more or less important to individuals as they move through different contexts and situations. Looking at someone’s data in bulk may have different implications for their privacy than looking at one record. Privacy may be important to groups of people (say, by demographic) as well as to individuals.
  3. Guard against the reidentification of your data. Be aware that apparently harmless, unexpected data, like phone battery usage, could be used to re-identify data. Plan to ensure your data sharing and reporting lowers the risk that individuals could be identified.
  4. Practice ethical data sharing. There may be times when participants in your dataset expect you to share (such as with other medical researchers working on a cure), and others where they trust you not to share their data. Be aware that other identifying data about your participants may be gathered, sold, or shared about them elsewhere, and that combining that data with yours could identify participants individually. Be clear about how and when you will share data and stay responsible for protecting the privacy of the people whose data you collect.
  5. Consider the strengths and limitations of your data; big does not automatically mean better. Understand where your large dataset comes from, and how that may evolve over time. Don’t overstate your findings and acknowledge when they may be messy or have multiple meanings.
  6. Debate the tough, ethical choices. Talk with your colleagues about these ethical concerns. Follow the work of professional organizations to stay current with concerns.
  7. Develop a code of conduct for your organization, research community, or industry and engage your peers in creating it to ensure unexpected or under-represented perspectives are included.
  8. Design your data and systems for auditability. This both strengthens the quality of your research and services and can give early warnings about problematic uses of the data.
  9. Engage with the broader consequences of data and analysis practices. Keep social equality, the environmental impact of big data processing, and other society-wide impacts in view as you plan big data collection.
  10. Know when to break these rules. With debate, code of conduct, and auditability as your guide, consider that in a public health emergency or other disaster, you may find there are reasons to put the other rules aside.

Gaining informed consent

Those providing their data may not be aware at the time that their data may be sold later to data brokers who may then re-sell them.

Unfortunately, data privacy consent forms are generally hard for the average person to read, even in the wake of General Data Protection Regulation (GDPR ) expansion of privacy protections. Terms of Service (ToS documents) are so notoriously difficult to read that one filmmaker even made a documentary on the subject. Researchers who have studied terms of service and privacy policies have found that users generally accept them without reading them, because they are too long and complex. Otherwise, users that need to access a platform or service for personal reasons (for example to get in contact with a relative) or for their livelihood (to deliver their products to customers) may not be able to simply reject the ToS when they have no viable or immediate alternative.

Important work is being done to try to protect users of platforms and services from these kinds of abusive data-sharing situations. For example, Carnegie Mellon’s Usable Privacy and Security laboratory (CUPS) has developed best practices to inform users about how their data may be used. These take the shape of data privacy “nutrition labels” that are similar to FDA-specified food nutrition labels and are evidence-based.

In Chipata, Zambia, a resident draws water from well. Big data offer invaluable insights for the design of climate change solutions. Photo credit: Sandra Coburn.

Back to top


Big data can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about big data in your work.

Greater insight

Big datasets can present some of the richest, most comprehensive information that has ever been available in human history. Researchers using big datasets have access to information from a massive population. These insights can be much more useful and convenient than self-reported data or data gathered from logistically tricky observational studies. One major trade-off is between the richness of the insights gained through self-reported or very carefully collected data, versus the ability to generalize the insights from big data. Big data gathered from social-media activity or sensors also can allow for the real-time measurements of activity at a large scale. Big-data insights are very important in the field of logistics. For example, the United States Postal Service collects data from across its package deliveries using GPS and vast networks of sensors and other tracking methods, and they then process these data with specialized algorithms. These insights allow them to optimize their deliveries for environmental sustainability.

Increased access to data

Making big datasets publicly available can begin to take steps toward closing divides in access to data. Apart from some public datasets, big data often ends up as the property of corporations, universities, and other large organizations. Even though the data produced are about individual people and their communities, those individuals and communities may not have the money or technical skills needed to access those data and make productive use of them. This creates the risk of worsening existing digital divides.

Publicly available data have helped communities understand and act on government corruption, municipal issues, human-rights abuses, and health crises, among other things. Though again, when data are made public, they are of particular importance to ensure strong privacy for those whose data is in the dataset. The work of the Our Data Bodies project provides additional guidance for how to engage with communities whose data is in the datasets. Their workshop materials can support community understanding and engagement in making ethical decisions around data collection and processing, and about how to monitor and audit data practices.

Back to top


The use of emerging technologies to collect data can also create risks in civil society programming. Read below on how to discern the possible dangers associated with big data collection and use in DRG work, as well as how to mitigate for unintended – and intended – consequences.


With the potential for re-identification as well as the nature and aims of some uses of big data, there is a risk that individuals included in a dataset will be subjected to surveillance by governments, law enforcement, or corporations. This may put the fundamental rights and safety of those in the dataset at risk.  

The Chinese government is routinely criticized for the invasive surveillance of Chinese citizens through gathering and processing big data. More specifically, the Chinese government has been criticized for their system of social ranking of citizens based on their social media, purchasing, and education data, as well as the gathering of DNA of members of the Uighur minority (with the assistance of a US company, it should be noted). China is certainly not the only government to abuse citizen data in this way. Edward Snowden’s revelations about the US National Security Agency’s gathering and use of social media and other data was among the first public warnings about the surveillance potential of big data. Concerns have also been raised about partnerships involved in the development of India’s Aadhar biometric ID system, technology whose producers are eager to sell it to other countries. In the United States, privacy advocates have raised concerns about companies and governments gathering data at scale about students by using their school-provided devices, a concern that should also be raised in any international context when laptops or mobiles are provided for students. 

It must be emphasized that surveillance concerns are not limited to the institutions originally gathering the data, whether governments or corporations. When data are sold or combined with other datasets, it is possible that other actors, from email scammers to abusive domestic partners, could access the data and track, exploit, or otherwise harm people appearing in the dataset. 

Data security concerns

Because big data are collected, cleaned, and combined through long, complex pipelines of software and storage, it presents significant challenges for security. These challenges are multiplied whenever the data are shared between many organizations. Any stream of data arriving in real time (for example, information about people checking into a hospital) will need to be specifically protected from tampering, disruption, or surveillance. Given that data may present significant risks to the privacy and safety of those included in the datasets and may be very valuable to criminals, it is important to ensure sufficient resources are provided for security.

Existing security tools for websites are not enough to cover the entire big data pipeline. Major investments in staff and infrastructure are needed to provide proper security coverage and respond to data breaches. And unfortunately, within industry there are known shortages in big data specialists, particularly security personnel familiar with the unique challenges big data presents. Internet of Things sensors present a particular risk if they are part of the data-gathering pipeline; these devices are notorious for having poor security. For example, a malicious actor could easily introduce fake sensors into the network or fill the collection pipeline with garbage data in order to render your data collection useless.

Exaggerated expectations of accuracy and objectivity

Big data companies and their promoters often make claims that big data can be more objective or accurate than traditionally-gathered data, supposedly because human judgment does not come into play and because the scale at which it is gathered is richer. This picture downplays the fact that algorithms and computer code also bring human judgment to bear on data, including biases and data that may be accidentally excluded. Human interpretation is also always necessary to make sense of patterns in big data; so again, claims of objectivity should be taken with healthy skepticism.

It is important to ask questions about data-gathering methods, algorithms involved in processing, and the assumptions or inferences made by the data gatherers/programmers and their analyses to avoid falling into the trap of assuming big data are “better.” For example, while data about the proximity of two cell phones tells you the fact that two people were near each other, only human interpretation can tell you why those two people were near each other. How an analyst interprets that closeness may differ from what the people carrying the cell phones might tell you. For example, this is a major challenge in using phones for “contact tracing” in epidemiology. During the COVID-19 health crisis, many countries raced to build contact tracing cellphone apps. The precise purposes and functioning of these apps varies widely (as has their effectiveness) but it is worth noting that major tech companies have preferred to refer to these apps as “exposure-risk notification” apps rather than contact tracing: this is because the apps can only tell you if you have been in proximity with someone with the coronavirus, not whether or not you have contacted the virus.


As with all data, there are pitfalls when it comes to interpreting and drawing conclusions. Because big data are often captured and analyzed in real-time, it may be particularly weak in providing historical context for the current patterns it is highlighting. Anyone analyzing big data should also consider what its source or sources were, whether the data was combined with other datasets, and how it was cleaned. Cleaning refers to the process of correcting or removing inaccurate or extraneous data. This is particularly important with socialmedia data, which can have lots of “noise” (extra information) and are therefore almost always cleaned 

Back to top


If you are trying to understand the implications of big data in your work environment, or are considering using aspects of big data as part of your DRG programming, ask yourself these questions:

  1. Is gathering big data the right approach for the question you’re trying to answer? How would your question be answered differently using interviews, historical research, or a focus on statistical significance?
  2. Do you already have these data, or are they publicly available? Is it really necessary to acquire these data yourself?
  3. What is your plan to make it impossible to identify individuals through their data in your dataset? If the data come from someone else, what kind of de-anonymization have they already performed?
  4. How could individuals be made more identifiable by someone else when you publish your data and findings? What steps can you take to lower the risk they will be identified?
  5. What is your plan for getting consent from those whose data you are collecting? How will you make sure your consent document is easy for them to understand?
  6. If your data come from another organization, how did they seek consent? Did that consent include consent for other organizations to use the data?
  7. If you are getting data from another organization, what is the original source of these data? Who collected them, and what were they trying to accomplish?
  8. What do you know about the quality of these data? Is someone inspecting them for errors, and if so, how? Did the collection tools fail at any point, or do you suspect that there might be some inaccuracies or mistakes?
  9. Have these data been integrated with other datasets? If data were used to fill in gaps, how was that accomplished?
  10. What is the end-to-end security plan for the data you are capturing or using? Are there third parties involved whose security propositions you need to understand?

Back to top

Case Studies

Village resident in Tanzania. Big data analytics can pinpoint strategies that work for small-scale farmers. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.
Digital Identity in the Migration and Refugee Context

Digital Identity in the Migration and Refugee Context

For migrants and refugees in Italy, identity data collection processes can “exacerbate existing biases, discrimination, or power imbalances.” One key challenge is obtaining meaningful consent. Often, biometric data are collected as soon as migrants and refugees arrive in a new country, at a moment when they may be vulnerable and overwhelmed. Language barriers exacerbate the issue, making it difficult to provide adequate context around rights to privacy. Identity data are collected inconsistently by different organizations, all of whose data protection and privacy practices vary widely.

Big Data for climate-smart agriculture

Big Data for climate-smart agriculture

“Scientists at the International Center for Tropical Agriculture (CIAT) have applied Big Data tools to pinpoint strategies that work for small-scale farmers in a changing climate…. Researchers have applied Big Data analytics to agricultural and weather records in Colombia, revealing how climate variation impacts rice yields. These analyses identify the most productive rice varieties and planting times for specific sites and seasonal forecasts. The recommendations could potentially boost yields by 1 to 3 tons per hectare. The tools work wherever data is available, and are now being scaled out through Colombia, Argentina, Nicaragua, Peru and Uruguay.”

School Issued Devices and Student Privacy

School Issued Devices and Student Privacy, particularly the Best Practices for Ed Tech Companies section. “Students are using technology in the classroom at an unprecedented rate…. Student laptops and educational services are often available for a steeply reduced price and are sometimes even free. However, they come with real costs and unresolved ethical questions. Throughout EFF’s investigation over the past two years, [they] have found that educational technology services often collect far more information on kids than is necessary and store this information indefinitely. This privacy-implicating information goes beyond personally identifying information (PII) like name and date of birth, and can include browsing history, search terms, location data, contact lists, and behavioral information…All of this often happens without the awareness or consent of students and their families.”

Big Data and Thriving Cities: Innovations in Analytics to Build Sustainable, Resilient, Equitable and Livable Urban Spaces.

Big Data and Thriving Cities: Innovations in Analytics to Build Sustainable, Resilient, Equitable and Livable Urban Spaces.

This paper includes case studies of big data used to track changes in urbanization, traffic congestion, and crime in cities. “[I]nnovative applications of geospatial and sensing technologies and the penetration of mobile phone technology are providing unprecedented data collection. This data can be analyzed for many purposes, including tracking population and mobility, private sector investment, and transparency in federal and local government.”

Battling Ebola in Sierra Leone: Data Sharing to Improve Crisis Response.

Battling Ebola in Sierra Leone: Data Sharing to Improve Crisis Response.

“Data and information have important roles to play in the battle not just against Ebola, but more generally against a variety of natural and man-made crises. However, in order to maximize that potential, it is essential to foster the supply side of open data initiatives – i.e., to ensure the availability of sufficient, high-quality information. This can be especially challenging when there is no clear policy backing to push actors into compliance and to set clear standards for data quality and format. Particularly during a crisis, the early stages of open data efforts can be chaotic, and at times redundant. Improving coordination between multiple actors working toward similar ends – though difficult during a time of crisis – could help reduce redundancy and lead to efforts that are greater than the sum of their parts.”

Tracking Conflict-Related Deaths: A Preliminary Overview of Monitoring Systems.

Tracking Conflict-Related Deaths: A Preliminary Overview of Monitoring Systems.

“In the framework of the United Nations 2030 Agenda for Sustainable Development, states have pledged to track the number of people who are killed in armed conflict and to disaggregate the data by sex, age, and cause—as per Sustainable Development Goal (SDG) Indicator 16. However, there is no international consensus on definitions, methods, or standards to be used in generating the data. Moreover, monitoring systems run by international organizations and civil society differ in terms of their thematic coverage, geographical focus, and level of disaggregation.”

Balancing data utility and confidentiality in the US census.

Balancing data utility and confidentiality in the US census.

Describes how the Census is using differential privacy to protect the data of respondents. “As the Census Bureau prepares to enumerate the population of the United States in 2020, the bureau’s leadership has announced that they will make significant changes to the statistical tables the bureau intends to publish. Because of advances in computer science and the widespread availability of commercial data, the techniques that the bureau has historically used to protect the confidentiality of individual data points can no longer withstand new approaches for reconstructing and reidentifying confidential data. … [R]esearch at the Census Bureau has shown that it is now possible to reconstruct information about and reidentify a sizeable number of people from publicly available statistical tables. The old data privacy protections simply don’t work anymore. As such, Census Bureau leadership has accepted that they cannot continue with their current approach and wait until 2030 to make changes; they have decided to invest in a new approach to guaranteeing privacy that will significantly transform how the Census Bureau produces statistics.”

Back to top


Find below the works cited in this resource.

Additional Resources

Back to top


Smart Cities

What are smart cities?

While there is no single definition of a smart city, smart cities typically use a variety of digital technologies and data to improve the efficiency of city service delivery, enhance quality of life and increase equity and prosperity for residents and businesses.

“Smart” often includes technologies that rely on citizen surveillance by government; but from democratic- governance and human-rights perspectives, surveillance is the opposite of “smart”.

How do smart cities work?

Solar power lights an evening market in Msimba, Tanzania. Smart cities monitor and integrate their infrastructure to optimize resource use. Photo credit: Jake Lyell.
Solar power lights an evening market in Msimba, Tanzania. Smart cities monitor and integrate their infrastructure to optimize resource use. Photo credit: Jake Lyell.

Smart cities aim to monitor and integrate their infrastructure — roads, bridges, tunnels, rails, subways, airports, seaports, communications, water, power, major buildings, sometimes even private residences —  to optimize resource use, to conduct maintenance, and to monitor safety. At the same time, smart cities aim to improve the quality of life for their citizens by improving quality of services, access to services, the livability of the city, and civic participation.

The term smart city does not refer to any single kind of technology, but rather a variety of technologies used together. There is no official checklist for what technological features a city needs to be considered “smart”. But a smart city requires urban planning: generally, a growth strategy is managed by city governments with significant contribution from the private sector, which provides technology services.

Data is at the heart of the smart city
Smart cities generally rely on data-driven technologies and decision making. This usually means gathering and analyzing data to address issues like traffic, air pollution, waste management, water leakages and security. Often, smart sensors are installed across the city and connected to a grid, and data from these sensors are collected and analyzed. The Internet of Things , an expanding network of devices connected to one another through the internet, can allow all of these smart devices to communicate to one another: for instance, a smart phone may connect to an electronic bike through the internet. Advancements in data analytics and algorithmic decision-making can help city governments implement a circular economy, cutting down on waste, monitoring emissions, reducing energy use.

Data shared by citizens with their city governments is also a way of giving feedback to improve services and strengthen the relationship between citizens and government. Responsible digitization and data use can create a better relationship between citizens and governments — for example, a government can make their budget and spending visible online to the public. However, the use of sensitive personal data and the invasive use of surveillance technology can alienate citizens and reduce trust — for example, surveillance cameras that track citizens during their daily activities to monitor their behavior. For a city to be truly “smart”, people need to understand and agree to what is happening with their data. Smart cities also require a detailed and rights-respecting data management strategy in advance so that everyone knows what data is being collected, that citizens agree to sharing these data, how data are processed and used, and why these data will be useful.

All Smart Cities are different
Cities are extremely diverse, and so every city will have different needs for how it can become “smart,” depending on its location, its citizens, and its priorities. Some smart cities are built on the existing infrastructure of cities, like Nairobi, overlaying ICTs on existing infrastructure, while others some smart cities are built “from scratch,” like Konza City, Kenya’s “Silicon Valley.” Many elements of smart city development are not necessarily digital, such as improvements in housing, walkability, parks, the preservation of wildlife, etc. Some smart cities focus on technology, digitization, and growth as the end goal, though this is not ultimately “smart” for citizens. Others focus on inclusive governance and sustainability. China has the most “smart cities” (or “safe cities” they are often called in China) of any country or continent in the world, followed by Europe. But these Chinese urban projects are surveillance-focused and are very different from smart cities that are focused on civic participation, inclusion, and sustainability.

Smart cities in developing countries face fundamentally different challenges than smart cities in countries without the same legal, regulatory, or socioeconomic challenges.

Drivers for Smart City Development in Developing Countries
  • Financing capacity of the government
  • Regulatory environment that citizens and investors trust and investors
  • Technology and infrastructure readiness
  • Human capital
  • Stability in economic development
  • Active citizen engagement and participation
  • Knowledge transfer and participation from the private sector
  • Ecosystem that promotes innovation and learning

Barriers to Smart City Development in Developing Countries

  • Budget constraints and financing issues
  • Lack of investment in basic infrastructure
  • Lack of technology-related infrastructure readiness
  • Fragmented authority
  • Lack of governance frameworks and regulatory safeguards for smart cities
  • Lack of skilled human capital
  • Lack of inclusivity
  • Environmental concerns
  • Lack of citizen participation
  • Technology illiteracy and knowledge deficit among the citizens

Children playing at Limonade plaza, Haiti. Improving the quality of life for citizens is at the heart of smart city projects. Photo credit: Kendra Helmer/USAID.
Children playing at Limonade plaza, Haiti. Improving the quality of life for citizens is at the heart of smart city projects. Photo credit: Kendra Helmer/USAID.

The process of developing a truly smart city – one that is smart for its citizens – takes time and careful planning. Smart city planning can take several years, and then the city infrastructure itself should be updated gradually, over time and as political will, civic engagement demand and private-sector interests converge. Smart city projects can only be successful when the city has cared for the basic needs of residents, and when basic infrastructure and legal protections for residents are in place. For instance, if technology will be collecting data about citizens, the city must have a data-protection law to protect citizens’ personal data from misuse. The infrastructure needed for smart cities is very expensive and requires routine, ongoing maintenance and review, and many skilled professionals. Many smart city projects have become graveyards of sensors because these sensors were not well maintained, or because the data gathered were not ultimately valuable for the government and citizens.

Common Elements of a Smart City

Below is an overview of technologies and practices common to smart cities, though by no means exhaustive or universal.

Open Wi-Fi: Affordable and reliable Internet connectivity is essential for including citizens throughout a smart city. Some smart cities provide free access to high-speed Internet through city-wide, wireless infrastructure. Free Wi-Fi can encourage residents to use public places, be used for emergency services to aid rescue workers, and can facilitate data collection, since smart cities that use sensors to collect data remotely control these sensors through wireless networks.

Internet of Things (IoT) : The Internet of Things is an expanding network of physical devices connected through the internet. From cars and motorbikes to refrigerators to heating systems, these devices communicate with users, developers, applications and one another by collecting, exchanging, and processing data. For example, smart water meters can collect information to better understand problems like water leaks or water waste. The IoT is largely facilitated by the rise of smart phones that allow people easily to connect to one another and to devices.

5G : Smart city services need internet with high speeds and large bandwidth to handle the amount of data generated by the IoT and to process these data in real time. 5G is a new internet infrastructure with increased connectivity and computing capacity that facilitates many of the internet-related processes needed for smart cities.

Smart Grids: Smart Grids are energy networks that use sensors to collect data in real time about energy usage and requirements of infrastructure and of citizens. Beyond controlling utilities, smart grids monitor power, distribute broadband to improve connectivity, and control processes like traffic. Smart grids rely on a collection of power- system operators and involve a wide network of parties: vendors, suppliers, contractors, distributed generation operators, and consumers.

Intelligent Transport Systems (ITS): Like Smart Grids, various transportation mechanisms can be coordinated to reduce energy usage, decrease traffic congestion, and decrease travel times. Intelligent Transport Systems monitor traffic, manage congestion, provide public information, optimize parking, integrate traffic-light management, provide for emergency response, etc. ITS also focuses on “last mile delivery”, or optimizing the final step of the delivery process. Often autonomous vehicles are associated with smart cities, but ITS goes far beyond individual vehicles.

Surveillance: As with connected objects, data about residents can be transmitted, aggregated, and analyzed. In some cases, existing CCTV cameras can be paired with advanced video-analytics software and linked to the IoT to manage traffic and public safety. Solutions for fixed-video-surveillance infrastructure account for the vast majority of the global market of smart city surveillance, but mobile-surveillance solutions are also growing fast. There are many kinds of surveillance—for instance, surveillance of objects versus surveillance of people, and then surveillance that actually identifies the identities of people. This last kind of surveillance is a hotly debated topic with significant ramifications for civil society and DRG actors and in many places is illegal.

Digital IDs and Services Delivery : Digital-identification services can link citizens to their city, from opening a bank account to accessing health services to proving their age. Digital IDs centralize all information and transaction history. This brings some conveniences but also security concerns. Techniques like minimal disclosure (also known as the data minimization principle, this means asking for and relying on as little of a user’s data as possible) and decentralized technologies like ‘Self Sovereign Identity (SSI)’ (which avoid data being controlled in a central registry) can help separate identity, transaction and device.

E-government: Electronic government—the use of technology to provide government services to the public—aims to improve service delivery and quality, to enhance citizen involvement and engagement, and to build trust. Making more information available to citizens is another element of e-government, for instance making government budgets public. Mobile smartphone service is another strategy, as mobile technology combined with an e-government platform can offer citizens access to services remotely without having to go to municipal offices.

Chief Technology Officer: Some smart cities have a Chief Technology Officer (CTO) or Chief Information Officer (CIO), who leads the city’s efforts to develop creative and effective technology solutions and who collaborates with residents and elected officials. The CTO studies the community, learns the needs of the citizens, plans and executes related initiatives, and oversees implementation and continued improvements.

Interoperability: The many different services and tools used in the smart city should be interoperable, which means they should be able to function together, to communicate with each other, and to share data. This requires dialogue and careful planning between business suppliers and city governments. Interoperability means that the new infrastructure must be able to function on top of the city’s existing infrastructure. (for example, combining new “smart” LED lighting on top of existing city streetlight systems.)

“A smart city is a process of continuous improvements in city operation methods. Not a big bang.”

Smart city project leader in Bordeaux, France

Back to top

How are smart cities relevant in civic space and for democracy?

Smart cities raise difficult questions for democratic governance and civic participation. Technology must be overlaid on a functional democratic foundation, with transparency, legal safeguards, and citizen participation.

Streetlights in Makassar, Indonesia. Smart cities have the potential to reach carbon reduction and renewable energy goals and improve economic efficiency and power distribution. Photo credit: USAID.
Streetlights in Makassar, Indonesia. Smart cities have the potential to reach carbon reduction and renewable energy goals and improve economic efficiency and power distribution. Photo credit: USAID.

The multinational company IBM originally coined the term “smart city” in 2009. Smart cities were at first a business opportunity for private-sector actors looking to sell their technology to governments, particularly after the 2008 economic downturn reduced their market opportunities. Even today, “smart city” is not an academic term as much as it is a marketing term. The fact that smart cities are promoted by the private sector raises significant concerns for civic and human rights, democracy, and even for government authority and national sovereignty.

Often smart city technologies are purchased from outside one’s own country: China, followed by South Korea and Singapore, have sold considerable smart city products to countries in Africa. China’s sale of smart city technology is framed as part of the country’s Belt & Road Initiative (BRI), an ambitious plan to connect Asia with Africa and Europe through trade and economic growth. China is also investing heavily in Latin America.

Smart city technologies are interconnected so that they can function together: for example, connecting LED streetlights with sensors to the city’s energy grid. All parts must be compatible, and so groups of technologies are often sold by companies as a package. Chinese companies, for example, are developing comprehensive smart city technology packages so that they can supply everything a city government would need.

Nairobi Business Commercial District, Kenya. Some smart cities, like Nairobi, are built on the existing infrastructure of cities. Photo credit: USAID East Africa Trade and Investment Hub.
Nairobi Business Commercial District, Kenya. Some smart cities, like Nairobi, are built on the existing infrastructure of cities. Photo credit: USAID East Africa Trade and Investment Hub.

Smart city technology, then, is at best a double-edged sword: potentially improving civic participation and democracy on the one hand, and potentially imposing government surveillance on the other. For example, the country with the most smart city projects, China, also has the largest surveillance system in the world. The project, known as “Skynet,” involves 300 million connected cameras. The data-collection capacities of these cameras are enhanced with advancements in artificial intelligence, data analysis, and facial recognition. To support these surveillance technologies, China is developing its own global satellite system, an alternative to GPS, called BeiDou. When linked to 5G internet infrastructure, this satellite system will be able to access the geolocations of all mobile phones on Chinese 5G networks.

Surveillance technology, in addition to being potentially being used in repressive and undemocratic ways, is also often faulty. Indeed, technology is not perfect, and in fact, the more complex and interconnected it is, and the more data it collects, the higher the risk that something will not function as planned, or that it will be vulnerable to attacks. Other risks of smart city technology are explored below, related to cybersecurity, inequality, marginalization, and freedom of expression.

Smart cities raise difficult questions for democratic governance and civic participation

When planning a democratic, inclusive, and sustainable city, it is essential to know what information will be gathered and how it will be used. Will the smart city help citizens access government services online, or access safe Wi-Fi, healthcare, and educational opportunities? As in Estonia (described below), will citizens be able to vote from their homes, to ensure full participation in democratic elections? Or will citizens be tracked without their knowledge or consent, or discouraged from meeting in groups or with certain friends or relatives?

Surveillance can be a barrier to human rights like freedom of assembly, even for people who have “nothing to hide.” Imagine your cousin is wrongfully on a government blacklist, accused of being in a gang. Would you want the government to know you went to her house? Surveillance reduces citizens’ trust in the government, and could make citizens less likely to access services or to participate in civic and social activities.

As more and more devices are connected, where will the line be drawn between convenience and risk? Perhaps an e-payment app that allows you to purchase groceries is convenient. But should the data on that app then be sent to insurance companies, who would then know everything you eat and adjust the price of your insurance in response?

Smart cities raise difficult questions for democratic governance and civic participation. Technology must be overlaid on a functional democratic foundation, with transparency, legal safeguards, and citizen participation. Having data collected by government about citizens is not the same thing as information citizens choose to share about themselves. For example, a facial recognition camera on a train that claims to read someone’s emotions is likely less accurate compared to that person sharing openly how she feels.

It is important that citizens participate actively in the formation and functioning of the smart city. As with any technology, citizens must be empowered to participate in all municipal processes, and there must be ways for them to give meaningful input and feedback. Education and training programs are necessary, so that citizens understand and master the technology surrounding them: the technology should be at their service, not the other way around.

Legal infrastructure is critical to defend against discrimination and abuse through technology. In addition to privacy and data-protection regulations , due-process systems must be in place. Technology suppliers and governments must uphold high standards of transparency and must be accountable for the effects of their technology. Smart cities brand themselves as “inclusive”, but smart city technology is often criticized for benefitting the elite and for failing to address the needs and rights of society’s most vulnerable: women, children, migrants, minorities, persons with disabilities, persons operating in the informal economy, those will lower levels of literacy and digital literacy, low-income groups and other disadvantaged communities. In particular, smart city infrastructure can disproportionately harm the poor. In India, where the government has pledged to construct  100 smart cities between 2015 and 2020, government entities have often evicted people from their homes to do so. Along with protective legal frameworks, human-rights standards and indicators are needed to monitor the implementation of smart city developments, to ensure they benefit the whole of society and do not harm vulnerable communities. The “Triple Test” is a good starting point for civil society and governments to determine if smart city technology will harm citizens more than it benefits them: First, is the technology appropriate for the objective (does it actually achieve the goal)? Second, is it necessary (does it not exceed what is required, is there no other way of achieving the goal)? Third, is it proportionate (the burdens and problems it brings do not outweigh the benefit of the result)?

Back to top


Smart Cities can have a number of positive impacts when usedto further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about smart cities in your work.
Environmental Sustainability

According to the OECD, modern cities use almost two-thirds of the world’s energy, produce up to 80% of global greenhouse-gas emissions, and create 50% of global waste. Smart cities have the potential to reach carbon reduction and renewable energy goals, and improve economic efficiency and power distribution, among other sustainability goals. Smart cities can relate directly to Sustainable Development Goal 11 on sustainable cities and communities. Smart cities are often linked to circular economic practices: these include “up-cycling” (creative reuse of waste products), the harvesting of rainwater for reuse, and even the reuse of open public data (see below). Urban areas are ideal environments for reconfiguring the flow of building materials, food, water, and electronic waste. In addition, smart city technologies can be leveraged to help prevent the loss of biodiversity and natural habitat.

Disaster Preparedness

Smart cities can help achieve disaster-risk-reduction and resilience goals: preparedness, mitigation, response, and recovery from natural disasters. Data collection and analysis can be applied to monitoring environmental threats, and remote sensors can map hazards. For example, open data and artificial intelligence can be used to identify which areas are most likely to be hardest hit by earthquakes. Early warning systems, social media alert systems, GIS and mobile systems can also contribute to disaster management. A major issue during natural disasters is a loss of communication: interconnected systems can share information about what areas need assistance or replenishment when individual communication channels go down.

Social Inclusion

Smart cities can facilitate social inclusion in important ways: through fast, secure internet access, improvements in access to government and social services, avenues for citizen input and participation, improvements in transportation and urban mobility, etc. For example, smart cities can establish a network of urban access points where residents can access digital-skills training; digitization of health services can improve healthcare opportunities and help patients connect to their medical records, etc. Cities may even be able to improve services for more vulnerable groups by drawing responsibly from more sensitive datasets to improve their understanding of these citizens’ needs — though this data must be given with full consent, and robust privacy and security safeguards must be in place.  Smart city technologies can also be used to preserve cultural heritage.

Knowledge Sharing and Open Information

An open approach to data captured by smart technologies can bring government, businesses and civil society closer together. Public or open data — unlike sensitive, private data — are data that anyone can access, use and share. An open-access approach to data means allowing the public to access these kinds of public, reusable data to leverage the benefits for themselves and for social or environmental benefit. This open approach can also provide transparency and reinforce accountability — for example by showing the use of public funds — improving trust between citizens and government. In addition to open data, the design of software behind smart city infrastructure can be shared with the public through open-source design and open standards. Open source refers to technology whose source code is freely available publicly, so that anyone can review it, replicate it, modify it, extend it. Open standards are guidelines that help ensure that technology is designed to be open source in the first place. 

Citizen Participation

Smart cities can encourage citizens to participate more actively in their communities and their governance, by facilitating volunteering and community-engagement opportunities and by soliciting feedback on the quality of services and infrastructure. Sometimes referred to as “e-participation,” digital tools can reduce the barriers between citizens and decision making, facilitating their involvement in the development of laws and standards, in the choice of urban initiatives, etc. The United Nations identifies three steps in e-participation: E-information, E-consultation, and E-decision-making. 

Back to top


The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with Smart Cities in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Surveillance and Forced-Participation

As noted above, smart cities often rely on some level of citizen surveillance, which has many flaws. Surveillance can be marketed in positive ways, for example, in the Toronto Waterfront project Quayside (the project was abandoned in May of 2020). The company installing the smart city infrastructure in Toronto, a subsidiary of Google, promised to make street lights better for elderly people by ensuring that traffic stopped for as long as it took the elderly person to cross the street. This might sound positive; but to do this, the city must be watching the elderly person approach, track their movements with a camera and store that data somewhere. Perhaps this data is anonymous, stored locally by the city and not shared with any outside actors who might want to sell this person a product knowing that they are in the neighborhood; but it could be accessed by nefarious actors, who might wish to follow this person.

Even if this surveillance is truly 100% anonymous (extremely difficult, perhaps impossible), the question remains: did this person consent to the surveillance? In many countries, consent by individuals is required before information may legally be collected about them. This consent must be informed consent: the individual must understand what information is being collected and for what purpose. It is already complicated to give informed consent when browsing on the web — most people click “Yes” to access a webpage, even though advertisers may then collect data about them and adjust prices or services based on this data. Obtaining informed consent is even more complicated when surveillance is happening in a city. Do city residents consent to be watched when they are crossing the street? Will their behavior change? Certainly, one might say, we consent to being watched when we are shopping, and we know that a CCTV camera is making sure we don’t shoplift. But in most democratic societies, there are restrictions on how this security footage is used: only when necessary, by police authorities after a crime. It is not supposed to be shared with advertisers, companies, insurance providers, job recruiters and future employers, etc.

Discrimination is sometimes made easier because of smart city surveillance. Smart city infrastructure can provide law enforcement and security agencies with the ability to track and target certain groups, for instance, ethnic or racial minorities. This happens in democratic societies as well as non-democratic ones. A 2011 study showed that CCTV cameras in the UK disproportionately targeted people with certain features through a strategy of “preemptive” policing. Predictive policing is the use of data analytics to guess the potential locations of future crime and to respond by increasing surveillance in “high-risk” areas, usually neighborhoods inhabited by lower income and minority communities.

Unethical Data Handling and Freedom of Expression

As cities aggregate and process data about residents, expectations of privacy in people’s daily lives break down. Specific concerns about data protection and personal rights to privacy break down too. For example, smartphones increase data collection by sharing geo-location data and other metadata with other applications, which can in turn share data with other service providers, often without users’ knowledge and consent. As the city becomes more digitally connected, this data sharing increases. Much data may seem harmless, for instance data about your car and your driving practices. But when paired with other data it can become more sensitive, revealing information about your health and habits, your family and networks, the composition of your household, your religious practices, etc.

Personal information is valuable to companies, and many companies test their technology in countries with the fewest data restrictions. In the hands of private companies, these data can be exploited to target advertising to you, to calibrate your insurance costs, etc.  There are also risks when data are collected by third parties and, particularly, by foreign companies. Companies may lock you into their services, may not be open about security flaws, may have less data protection, or may have-data sharing agreements with other governments. Governments also stand to benefit from access to intimate data about their citizens: “[P]ersonal information collected as part of a health survey could be repurposed for a client that is, say, a political party desperate to win an election.” According to Bright Simmons, Ghanaian social innovator and entrepreneur, “the battle for data protection and digital rights is the new fight for civil rights in the continent.” For more on this topic, see Privacy International’s reporting: “2020 is a crucial year to fight for data protection in Africa: Africa is a testing ground for technologies produced elsewhere: as a result, personal data of its people are increasingly stored in hundreds of databases.”

Worsening Inequality and Marginalization

In many cases, smartphones and apps become the keys to the smart city. But increased reliance on smartphone applications to access services and to participate in city life can reduce access and participation for many inhabitants. In 2019 global smartphone penetration reached 41.5%, and while this number will surely grow, smartphone ownership and use reveals important equity divides. Other questions must also be asked. Can all residents use these apps easily? Are they comfortable doing so? Residents with low literacy and numeracy skills, or who do not speak the language used by an application, will have further difficulty connecting through these interfaces. The reliance on apps also alienates the unhoused populations in a city, who, even if they have smart devices, may not be able to charge their devices regularly, or may be at higher risk of their devices being stolen.

The term digital divide refers to the uneven distribution in the access to and familiarity with high-quality and secure technology. People with limited internet access, limited digital training, and visual or hearing impairments as well as society’s generally increasing reliance on digital technology could worsen the digital divide. Smart cities are often criticized as being designed for the elite and the already digitally connected. In this way, smart cities could speed up gentrification and displace, for example, the unhoused. For example, a smart city program that asks residents to alert the municipality about potholes on their street  through an app is catering  to people with smartphones, who know how to use the app and who have the time to participate in this initiative. As a likely result, more potholes will be identified and attended to in wealthier neighborhoods.

The use of surveillance in smart cities can also be used to repress minority groups. Much has been reported on government surveillance in Xinjiang, the Northern province where China’s Uyghur Muslim population lives. This surveillance is in part made possible through a phone app.

“It aggregates data – from people’s blood type and height, to information about their electricity usage and package deliveries – and alerts authorities when it deems someone or something suspicious. It is part of the Integrated Joint Operations Platform (IJOP), the main system for mass surveillance in Xinjiang.”As described by Human Rights Watch

Data Despotism and Automation Failures

Smart cities have been accused of “Data Despotism”. If city governments can access so much data about their citizens, then what is the use of speaking with them? Because of potential algorithmic discrimination, flaws in data analysis or interpretation, or inefficiencies between technology and humans, an overreliance on digital technology can harm society’s most vulnerable—intentionally or unintentionally without hearing their voices.

Much literature, too, is available on the “digital welfare state”. Philip Alston, the UN rapporteur on extreme poverty, reports that new digital technologies are changing relationships between governments and those most in need of social protection: “Crucial decisions to go digital have been taken by government ministers without consultation, or even by departmental officials without any significant policy discussions taking place.”

When basic human services are automated and human operators are taken out of the transaction, glitches in the software and tiny flaws in eligibility systems can be dangerous and even fatal. In India, where many welfare and social services have been automated, a 50-year old man died of malnutrition because of the failure of his biometric thumbprint identifier. “Decisions about you are made by a centralised server, and you don’t even know what has gone wrong…People don’t know why [welfare support] has stopped and they don’t know who to go to to fix the problem,” explains Reetika Khera, an associate professor of economics at the Indian Institute of Management Ahmedabad.

These automated processes also create new opportunities for corruption. Benefits like pensions and wages linked to India’s digital ID system (called Aadhaar) are often delayed or fail to arrive completely. When a 70-year-old woman found that her pension was being sent to another person’s bank account, the government told her to resolve the situation by speaking to that person.

Worsening Displacement

Smart city projects, like other urban projects, can displace residents by building over neighborhoods and pushing people out of their homes. In India the movement towards smart cities has meant that many have been evicted from slums and informal settlements without offering them adequate compensation or alternate housing. An estimated 60%–80% of the world’s forcibly displaced population lives in urban areas, not in camps as many would think. And among people living in developing cities, one billion people live in “slum” areas—defined by the UN as areas without access to improved water, sanitation, security, durable housing, and sufficient living area. This number is expected to double to 2 billion by 2030. In other words, urban areas are home to large populations of society’s most vulnerable. Smart cities may seem like an ideal solution for expanding populations, but they also risk building over these vulnerable groups.  The smart city emphasis on urban centers also neglects the needs of populations living in rural areas.

Refugees, internally displaced persons and migrants are inherently vulnerable, and these groups may not benefit from the same legal rights and protections as residents. Because of the sensitive nature of their data and because of their limited access to other basic resources, these most vulnerable populations in cities will likely experience the worst, most invasive elements of smart city technology.

The United Kingdom, like many countries, has digitized services for asylum seekers. Through partnerships with private companies, the ASPEN card gives asylum seekers access to products and services while they are awaiting a decision on their applications. However, this card also tracks their whereabouts and penalizes them for leaving their “authorized” cities. Tracking data about refugees and internally displaced persons can also be dangerous in the hands of actors with bad intentions. For example, the UNHCR collected sensitive biometric data about the Rohingya people fleeing persecution, data which was largely collected without informed consent and is not in sufficiently secure storage.

“Corporatization”: Dominance of the Private Sector

Smart cities present an enormous market opportunity for the private sector — one study estimates the smart city market will be worth $2.75 trillion by 2023, sparking fears of the “corporatization of city governance.” Large IT, telecommunication and energy-management companies such as Huawei, Alibaba, Tencent, Baidu, Cisco, Google, Schneider Electric, IBM and Microsoft are the driving forces behind many initiatives for smart cities. As Sara Degli-Esposti, an Honorary Research Fellow at Coventry University, explains: “We can’t understand smart cities without talking of digital giants’ business models… These corporations are already global entities that largely escape governmental oversight. What level of control do local governments expect to exercise over these players?”

The important role thereby afforded international private companies in municipal governance raises sovereignty concerns for governments, along with the privacy concerns for citizens cited above. In addition, reliance on private- sector software and systems can create a condition of business lock-in (when it becomes too expensive to switch to another business supplier). Business lock-in can get worse over time: as more services are added to a network, the cost of moving to a new system becomes prohibitive.

The city of Yachay, Ecuador, can serve a cautionary tale of a smart city project that was far too reliant on private companies, in particular private companies based outside the country. The “Ciudad del Conocemiento” (city of knowledge) as it was called, in Yachay, was conceived of as the first technology park in Ecuador, a science and technology hub like Silicon Valley. The project was largely supported by Chinese investment: it was partially funded in 2016 through a $198.2 million loan from China Export-Import bank, following investments from Chinese companies. Today in 2020, the city is still a construction site: half of the land dedicated to the project has been abandoned; the water and sewage infrastructure was not completed in time for the next stages of construction; and there are no basic services available. Some of the anticipated investment was never even received. The project is an example of the smart city package: with investment, city infrastructure, and supporting technology infrastructure all provided by Chinese companies. (The new government is examining the project for corruption).

Yachay is just one example of many Chinese-financed smart city projects around the world and in Latin America. Even in Ecuador, Yachay is one among multiple projects in the country that are financed by Chinese corporations. In 2011, the company China National Electronics Import and Export Corporation (CEIEC) was contracted to construct the national emergency response system, ECU-911. Marketed as a public emergency response system, in reality it was modeled on the Chinese government surveillance systems.2

Security Risks

Connecting devices through a smart grid or through the Internet of Things brings serious security vulnerabilities for individuals and infrastructure. Connected networks have more points of vulnerability and are susceptible to hacking, and anything connected to the Internet can be susceptible to cyberattacks. As smart systems share more data,  often private data about users (think about health records, for example), this raises risks that unauthorized actors can breach individual privacy. Public, open Wi-Fi is much less secure than private networks, so this convenience also comes with a cost. IoT has been widely criticized for its lack of security, in part because of its novelty and lack of regulation. Connected devices are generally manufactured to be inexpensive and accessible, without cybersecurity as the primary concern.

The more closely infrastructure is linked, the faster and more sweeping an attack can be. Digitally-linked infrastructure like smart grids increases cybersecurity risks due to the increased number of operators and third parties connected to the grid, and this multiplies supply-chain risk-management considerations. According to Anjos Nijk, Director of the European Network for Cyber Security: “With the current speed of digitisation of the grid systems.. and the speed of connecting new systems and technologies to the grids, such as smart metering, electrical vehicle charging and IoT, grid systems become vulnerable and the ‘attack surface’ expands rapidly.” Damaging one part of a large interconnected system can lead to a cascade effect,  infecting other systems as well. This can lead to a large-scale blackout, or the disabling of critical infrastructure like health or transportation systems. Energy grids can be brought down by hackers, as experienced in the December 2015 Ukraine power grid cyberattack. Smart city grids offer cyber threat actors an unprecedented attack surface.

Back to top


If you are trying to understand the implications of smart cities in your work environment, or are considering using aspects of Smart Cities as part of your DRG programming, ask yourself these questions:

  1. Does the service in question need to be digital or connected to the internet? Will digitization improve this service for citizens, and does this improvement outweigh the risks?
  2. Are programs in place to ensure that citizens’ basic needs are being met (access to food, safety, housing, livelihood, education) and to allow for humans to reach their full potential, outside of any smart-city technology?
  3. What external actors have control or access to critical aspects of the tool or infrastructure this project will rely on, and what cybersecurity measures are in place?
  4. Who will build and maintain infrastructure and data? Is there a risk of being locked into certain technologies or agreements with service providers?
  5. Who has access to collected data and how are the data being interpreted, used, and stored? What external actors have access? Are data available for safe, legal re-use by the public? How are open data being re-used or shared publicly?
  6. How will smart city services respect citizens’ privacy? How will residents’ consent be obtained when they participate in services that capture data about them? How will they be able to opt out of sharing this information? How will the government respect specific data protection regulations like the EU GDPR? What other legal protections are in place around data protection and privacy?
  7. Are the smart services transparent and accountable? Do researchers and civil society have access to the “behind the scenes” functioning of these services? (data, code, APIs, algorithms, etc.)
  8. What measures are in place to address biases in these services? How will this service be certain not to further socioeconomic barriers and existing inequalities? What programs and measures are in place to improve inclusion?
  9. How will these developments respect and preserve historical sites and neighborhoods?  How will changes adapt to local cultural identities?

Back to top

Case Studies

Rio de Janeiro, Brazil
The city of Rio partnered with the corporation IBM to build two large data-operation centers before its hosting of the 2014 World Cup and the 2016 Olympic games: the “Operations Center” and the “Integrated Center of Command and Control (CICC)”. These two data centers cost the city a combined $40 million. The goal was allegedly to help with environmental-disaster preparedness given the city’s geography. Rio was devastated by mudslides in 2010, and much of the city is at risk of landslides, particularly the favelas, which are home to the city’s poorer residents. However, the reality, as detailed by researchers Christopher Gaffney and Cerianne Robertson in 2016, was a system for city-wide monitoring to stop urban protests. The Guardian described the project as “the world’s most ambitious integrated urban command centre”. The CICC (or COR as it is also known) is essentially a monitoring center where different police units and municipal services can communicate and coordinate. The center receives all emergency calls and organizes the city’s security operations, including the controversial “pacification program” in the city’s favelas. The chief executive of the center admitted that the CICC’s activities had evolved after nationwide protests in 2012. In the words of one researcher, “COR plays a key role in positioning the mayor as somebody who’s in control of his city…Rio has historically been very unruly, very difficult to command – and now there’s a central operations centre that’s connected to not just social media but Globo TV and local radio stations. And they’re constantly reporting not from the mayor’s office, but from COR, very often with the mayor there, giving the public this impression that the city’s being managed; that Paes is in action, everyday, through the COR. Ofcourse, this is being contested, because if you talk to anyone they’ll tell you the city is a mess.”

For further reading, CityLab, Will Rio Be a ‘Smarter’ City After the Olympic Games?

Dharmshala, India
In 2015, India released a $7.5 billion plan to construct 100 cities by 2020 with high-speed internet, uninterrupted power and water supplies, efficient public transportation and high living standards. Not only has this plan not achieved its goals (as of March 2020, 54% of the completed projects are concentrated in only four Indian states and 34 cities have not had one a single completed project), but it does not address the needs of the most marginalized, including the poor, women, minorities, and migrants. The plan fails to provide them with basic services. It has even evicted thousands from their homes without providing them sufficient compensation or other accommodation. In the plans for the city of Dharmshala, the proposal says it will provide 212 houses for slum dwellers; however, 300 houses were demolished in the construction. The demolition of settlements in Dharmshala is just one example of many of this pattern of evictions and displacements. The citizens, and even the municipal government, were not given a voice in the project. The mayor revealed to a civil society group that she was unable to intervene — the private sector and a centralized government entity had so much control over the project. For further reading: India’s Smart Cities Mission: Smart for Whom? City for Whom?
Barcelona, Spain
Barcelona is often referred to as a best practice smart city because of its strongly democratic, citizen-driven design. The smart city infrastructure is built on three components: Sentilo, an open-source data-collection and sensor platform; CityOS, an open-source platform that processes and analyses the data; and a set of user-interface services apps that enable citizen access to the data. Open-source design mitigates the risk of business lock-in and allows citizens to maintain collective ownership of their data and how they are processed. The city has also focused on implementing e-democracy initiatives and improving the digital literacy of its citizens. In the words of Francesca Bria, Barcelona’s Chief Technology and Digital Innovation Officer: “We are reversing the smart city paradigm…Instead of starting from technology and extracting all the data we can before thinking about how to use it, we started aligning the tech agenda with the agenda of the city.” However, Barcelona’s smart city projects have not all been successful: many initiatives have been abandoned and left unused sensors across the city. One city analyst has described these as “graveyards of smart junk”.

Further Reading: Josep-Ramon Ferrer. Barcelona’s Smart City vision: an opportunity for transformation (2017)

Amsterdam, The Netherlands
Amsterdam is touted as a best practice smart city, in particular for its sustainability achievements. The city has recently revealed its aim to transition to a completely circular economy— based on the Doughnut economic model developed by environmental economist Kate Raworth—by 2050, through the reuse of raw materials to avoid waste and reduce Co2 emissions. It is also developing a monitoring tool to follow the use of raw materials and the initiatives that contribute most to their circular economy goals.. Amsterdam’s Smart City initiative has eight categories: smart mobility, smart living, smart society, smart areas, smart economy, big and open data, infrastructure, and living labs. There is also a strong emphasis on citizen innovation: the winners of a 2013 design contest are now key players in Amsterdam’s smart city efforts.
Tallinn, Estonia
Estonia is one of the most highly digitized countries in the world and a leader in cybersecurity, largely by necessity. In April of 2007, Estonia was hit by major cyber-attacks that took down critical parts of their infrastructure — banks, news outlets and government services. These attacks were later attributed to Russia and followed Estonia’s decision to move a Soviet World War II memorial from downtown Tallinn, the capital. Following these attacks, Estonia established technical as well as legal and internationally cooperative cybersecurity measures that brought attention to the small country from around the world. The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) was set up in 2008 to advance research and development in cyber defense and initiated the Tallinn Manual process, contributing to international norms in the field. Tallinn has a large number of digitized services and initiatives, and has prioritized Wi-Fi access (the No Citizen Left Behind program provides Public Internet Access Points) and interoperability (interoperability is crucial for allowing cross-usage of data by national and city databases). Meanwhile citizen data is secured and stored using strategies of encryption and decentralization technologies. Estonia is the first country to have a data embassy: government data are stored in the country of Luxembourg—under Estonian state control—where they are safe in case of crisis; and the data embassy is capable of providing data backups and of operating essential services.

Toronto, Canada
In 2017, Sidewalk Labs, a subsidiary of Alphabet (Google’s parent company) won a bid from the city of Toronto to develop the city’s Eastern Waterfront of 800 acres. Sidewalk Toronto sought to be a model for future cities around the world. However the project’s chief privacy expert, Dr Ann Cavoukian, resigned from her role over data privacy issues she found embedded in the project, writing in her resignation letter: “I imagined us creating a Smart City of Privacy, as opposed to a Smart City of Surveillance.” Sidewalk Labs’ head of data governance proposed that the data collected be controlled and held by an independent civic data trust and that all parties accessing data must file a publicly available Responsible Data Impact Assessment; but this approach was still criticized by many, and serious concerns remained about the disproportionate role played by a private company in the development of the city. In May 2020, the controversial project was officially called off, after years of investment and controversy.

Songdo City, South Korea
Many countries plan to build smart cities “from scratch,” often as satellite urban areas outside of existing cities. The utopian ambition is that these cities will attract foreign investment, skilled international workers, and tourists, and that such projects can also be experiments in governance and urban living. The problem with these model cities is that they sometimes end up as ghost towns. Songdo City, a satellite of Seoul, South Korea, is often cited as the quintessential smart city dystopia. A “ghetto for the affluent,” the city has not attracted the vibrant community that planners expected. Among other noted disincentives, extensive surveillance cameras constantly observe residents and create an alienating atmosphere.

Masdar City, United Arab Emirates
The project of building Masdar City in the United Arab Emirates began in 2006 and was promised to be an “ecotopia” and center for science and technology. The city was constructed as a satellite of the capital Abu Dhabi.  It was planned to host 1,500 green-energy businesses and a workforce of 110,000 people, and to be the first carbon-neutral city in the world. However it has failed to attract the residents it hoped would come. It has become a much more modest project: a cluster of clean technology and renewable energy businesses and a research institute. The renewable-energy goals have not been reached, and most other elements of the ecological city have been abandoned.

Further Listening: Gökçe Günel Ottoman History Podcast, Status Quo Utopias in the UAE. (2019)

Nice, France
For many years, Nice, France, has been experimenting with security surveillance technology. In 2008, the mayor was awarded the ironic “Big Brother Award” after his decision to install a pervasive video-surveillance system across the city.  By 2010, the city had installed 1,000 cameras in an effort to make France’s fifth-largest city into a “laboratory” for the fight against crime, an experiment that other French cities could learn from. Nice is now the most video-monitored city in France, with 1,962 cameras, or 27 per square kilometer. The city has leveraged facial recognition technology, installing it at a high school and deploying it at the annual celebration Carnival, as well as at the gates at its major airports. In the outline of the “Safe City Experimentation Project” launched in June of 2018, to be deployed by the private transportation company Thales, the company stated its aims to create a “Waze of Security… developing new analysis and correlation algorithms to better understand a situation and develop predictive capacities.” The experimentation project contact from 2018 is available here. In 2019, the city tried to install “emotion detection” on local trams. The tram project was to employ software leveraging “happiness algorithms” to detect emotions like stress in passengers, but it was ultimately aborted. The city has partnered with a private security company to develop a smartphone app to encourage citizens to report crime, which was eventually blocked by the French data-protection authority. Nice thus exemplifies the city-wide use of surveillance tech and predictive policing techniques, but it also exemplifies a city with successful data-protection safeguards and a strong civil society response.

For further reading, visit the website Technopolice, a project designed to raise awareness about the spread of “safe city” projects across France.

Back to top


Find below the works cited in this resource.

Additional Resources


Back to top


Digital Development in the time of COVID-19