- Introduction
Smart cities are considered as the most important concern and aspect in the present times. With the impact of smart cities, legal interest is rising tremendously leading to emphasis being put on urban policing and various environmental benefits being brought in by smart cities. However, with the upbringing of smart cities connected with Big Data systems, there have also been a growing backlash of surveillance and privacy being incorporated with the ongoing development (Anisetti et al. 2018). However, a key issue that lies in getting hold of the major opportunity is based on gaining a meaningful consent towards processing personal data related to the environment. Other issues lies in with “privatization” of human ownership towards data and infrastructure.
The following discussion would be based on understanding the proposed use of IoT sourced data utilized within Smart Cities from any specific use case applicable for a smart city. A critical evaluation would also be sought for a proposed Governance and Compliance strategy based on managing the GDPR aspects of the related use-case.
- Discussion and Analysis
- Selection of Use Case
In consideration to the scenario, one of the most relevant use case is ‘Healthcare’, which is an important consideration. The IoT technologies, which are implemented for healthcare helps in improving the operational efficiency within health care facilities through telehealth and telemedicine. Based on the increasing form of improved services in healthcare, each of these services are being extended beyond the urban areas such as within the rural areas (Wachter 2019). Thus, in this specified use case, there has been an involvement of Personal Identifying Information (PII), which is a subsidiary part of GDPR (General Data Protection Regulation).
- Critical Evaluation for management of GDPR aspects of Healthcare
The smart cities mostly emphasize different kind of technical components and use of technologies that are primarily helpful to ensure proper service could be availed by citizens. In this concerned case, the most important use case chosen for smart cities is healthcare. The following discussion would lead to a critical evaluation over the proposed Governance and Compliance Strategy that needs to be managed for aligning GDPR aspects for healthcare (Ducato 2016). This section would thus present the main requirements within the smart city, which needs to be satisfied in relation to security, privacy and GDPR. Hence, in compliance with GDPR and aligning the use case of healthcare in smart cities, the following aspects needs to be considered:
a) User knowledge and information – The security level that would be followed by IoT connected devices in compliance with GDPR would need to be properly mentioned to each user. The ways in which sensitive data could be managed efficiently would also be laid out to users so that they would be able to understand the transparency in business systems (Edwards 2016). User information is being stored within the various healthcare applications and hence security should be in compliance with the GDPR strategy.
b) Supporting developers in security management – The developers responsible for creating specified IoT healthcare applications for smart cities should be able to create connections with storage mechanisms, dashboards and IoT brokers.
c) Guaranteeing towards secure communications – Communications made through the IoT applications should be in the form of PUSH or PULL method (Kourtit and Nijkamp 2018). The secure form of communications that would be guaranteed through an authentication approach during which access token need to be used.
d) Supporting developers with open source software and open hardware – The healthcare sector in Smart Cities make use of proprietary devices or solutions based on guaranteeing secure connections. Some examples are Azure IoT suite, AWS IoT and many others (Al-Zaben et al. 2018). In this context, it could be discussed that developers should deploy their personal devices based on establishing communication with the other IoT elements based on manual authentications.
In addition to the aspects of security, the non-functional requirements of healthcare use-case that would be valid within the smart city IoT platforms would also be assessed. These requirements are indirectly connected and are in relation to security and privacy aspects. The inclusions that should be made within IoT platform of healthcare are:
a) Organizations and technical measures based on ensuring disaster recovery, pen test, workload and disaster recovery would be maintained (Xie et al. 2019). This kind of non-functional requirement would relate to the robustness and reliability of IoT platform based on guaranteeing high availability.
b) The healthcare solutions should provide support for local IoT computation and cloud-fog data routing over the IoT edge based on which security would be guaranteed. Thus, the entire list of healthcare solutions should be installed over the cloud platform.
c) While the healthcare solution would involve the effective use of PII as defined within GDPR, some non-functional requirements would be based on developing dashboards (van den Broek and van Veenstra 2018). These dashboards would be based on maintaining data presentations, perform visual analytics with the help of simple tools.
However, after the inclusion of the non-functional requirements, a proper evaluation would be made over security requirements within the use case. Since, healthcare is a major crucial aspect in a smart city where big data technologies are being used to evaluate and analyse information, security is a crucial concern. An evaluation over the security requirements within the proposed Governance and Compliance Strategy of GDPR are as follows:
a) SQL Injection – Injections flaws could occur in case invalidated data sent as a query or command would be made to the interpreter (Manogaran et al. 2017). Infected data being fed within the crucial healthcare applications without permission could lead to complexities in running code and accessing data.
b) Broken Authentication – Attackers within the healthcare systems of a smart city could obtain session tokens, passwords, keys and exploit the found weaknesses based on assuming the identity of other client users (Al Nuaimi et al. 2015).
c) Sensitive Data Exposure – The healthcare related web-apps and APIs should be able to protect sensitive data. Attackers might be able to obtain crucial data based on performing identity theft, password management and other crimes (Pramanik et al. 2017). Hence, developers should ensure that there is no exposure to sensitive data.
d) Security Misconfiguration – In most network configurations, the default settings might not be considered as secure. This would imply that libraries and software are not updated on a regular basis. Hence, the healthcare data should make use of proper configuration of web servers and tools.
e) Cross-Site Scripting – The healthcare web applications might receive data from untrusted sources and forward them to the browser without a secure validation process. This form of attack might allow for the running of malicious scripts on different target browsers. Hence, these scripts could hijack the session for users and redirect them towards another malicious site (Farahat et al. 2019). Thus the security analysts should be capable of detecting these frauds and hence protect the users from getting mis-leaded.
- Conclusion
The above discussion emphasizes on the corporate and information governance of EU GDPR over the use and analytics of Big Data implementation in smart cities. From the understanding of the overall discussion being presented, the aspect of GDPR, which is a discipline for regulation over data usage and protection of information is being understood. While discussing over the report, an identification over a specific use case is being determined. In this discussion, the healthcare sector use-case had been chosen, which is considered crucial as it involves PII. From the understanding drawn through this discussion, a smart IoT platform has been understood properly, which is completely accessible by operators and developers. Hiding of IoT technical complexity and technical aspects based on supporting GDPR is considered a challenging task. Hence, the overall evaluation has been formed for discussing over the governance and compliance strategy need to be implemented by healthcare sector in compliance with GDPR. Thus, the functional and non-functional requirements along with the security requirements, which need to be implemented within the system have been discussed in brief. Based on the specific case, it can be understood that this critical evaluation would lead to positive outcomes based on implementing a proper compliance and governance strategy for enhancing Big Data impacts over smart cities.
References
Al Nuaimi, E., Al Neyadi, H., Mohamed, N. and Al-Jaroodi, J., 2015. Applications of big data to smart cities. Journal of Internet Services and Applications, 6(1), p.25.
Al-Zaben, N., Onik, M.M.H., Yang, J., Lee, N.Y. and Kim, C.S., 2018, August. General data protection regulation complied blockchain architecture for personally identifiable information management. In 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE) (pp. 77-82). IEEE.
Anisetti, M., Ardagna, C., Bellandi, V., Cremonini, M., Frati, F. and Damiani, E., 2018. Privacy-aware Big Data Analytics as a service for public health policies in smart cities. Sustainable cities and society, 39, pp.68-77.
Ducato, R., 2016, September. Cloud computing for s-health and the data protection challenge: Getting ready for the General Data Protection Regulation. In 2016 IEEE International Smart Cities Conference (ISC2) (pp. 1-4). IEEE.
Edwards, L., 2016. Privacy, security and data protection in smart cities: A critical EU law perspective. Eur. Data Prot. L. Rev., 2, p.28.
Farahat, I.S., Tolba, A.S., Elhoseny, M. and Eladrosy, W., 2019. Data security and challenges in smart cities. In Security in Smart Cities: Models, Applications, and Challenges (pp. 117-142). Springer, Cham.
Kourtit, K. and Nijkamp, P., 2018. Big data dashboards as smart decision support tools for i-cities–An experiment on stockholm. Land use policy, 71, pp.24-35.
Manogaran, G., Thota, C., Lopez, D. and Sundarasekar, R., 2017. Big data security intelligence for healthcare industry 4.0. In Cybersecurity for Industry 4.0 (pp. 103-126). Springer, Cham.
Pramanik, M.I., Lau, R.Y., Demirkan, H. and Azad, M.A.K., 2017. Smart health: Big data enabled health paradigm within smart cities. Expert Systems with Applications, 87, pp.370-383.
van den Broek, T. and van Veenstra, A.F., 2018. Governance of big data collaborations: How to balance regulatory compliance and disruptive innovation. Technological Forecasting and Social Change, 129, pp.330-338.
Wachter, S., 2019. Data protection in the age of big data. Nature Electronics, 2(1), pp.6-7.
Xie, J., Tang, H., Huang, T., Yu, F.R., Xie, R., Liu, J. and Liu, Y., 2019. A survey of blockchain technology applied to smart cities: Research issues and challenges. IEEE Communications Surveys & Tutorials, 21(3), pp.2794-2830.
