The Mayor of London has introduced the London Privacy Register trial, aiming to increase transparency in the use of smart city technologies in public spaces throughout the city. As smart city technologies become more prevalent, the Privacy Register will serve as a central catalog of data protection impact assessments for projects collecting personal information in public spaces.
The Mayor’s Office has mandated the Greater London Authority Group to publish their DPIAs in the Privacy Register for publicly deployed technology projects. The Register currently includes DPIAs for various projects, such as facial recognition technology by the Met Police, Wi-Fi data collection in the London Underground, and ANPR under London’s ULEZ.
Londoners can request publication of DPIAs for public smart city tech, prompting the Chief Digital Officer for London to communicate with the organization responsible for publication or reasons for refusal. The UK data protection law requires organizations conducting DPIAs to provide privacy notices about the collection, storage, and purpose of personal information.
The Privacy Register is part of the Mayor’s Emerging Technology Charter and the Public London Charter, promoting openness, diversity, data trustworthiness, and sustainability. The Technology Charter aims to establish expectations for innovation, provide a framework for questions about technologies, and improve transparency around high-risk products and services.
The Privacy Register, in its initial stage, will evolve over time based on user feedback. Plans to expand the scope to include local authorities and private landowners are underway.
In a digital policy manifesto, the Open Data Institute suggested reforms to data protection laws to build public trust, including open publishing of DPIAs and proactive reviews of dataset harms to different communities.