Although the “smart city” can’t be easily defined, the growth of “smart” places is not slowing and therefore additional study is needed. In the Netherlands, four such places--Eindhoven, Almere, The Hague, and Zwolle--are reviewed as smart cities and are examined with regards to public safety.

Raw data is commonly personal data, which by combining information with other data, can identify individuals. As a result, the Data Protection Directive protects personal data in the European Union (EU), and Article 6 of the Data Protection Directive lists rules for processing personal data. Personal data can only be processed if these legal demands are satisfied.

The purpose limitation principle is an important consideration. The purpose for data processing needs to be specific and explicit, and data cannot be further exploited for incompatible purposes.

Although these four smart city examples are different, they share one major privacy problem: a lack of clarity. It is unclear where the line is between personal and nonpersonal data, and what is and what is not allowed with personal data.

The authors recommend establishing a panel of stakeholders in order to develop best practices. These recommendations, as reasonable as they may sound, may work in the Netherlands; however, applying recommendations to any larger entity or nation is impractical and would not work. Further research is needed to more accurately define the smart city concept and how to apply it to large nations such as China.