ABSTRACT
The goal of many smart city projects, at least in Europe, is not to manage individuals as such but to govern them as a multiplicity, a whole sum of relationships between persons and the environment. For this purpose, individuals need not be singled out and identified. Most of the data collected within such smart city projects therefore does not concern individuals as such. Coupled with the lack of clarity and the inconsistency surrounding the notion and scope of personal data, this situation leads to an uncertain and probabilistic nature not only of the concept of identifiability but also of the regulation of such smart city initiatives. This chapter explores how surveillance studies could inform data protection law, particularly in relation to the notions of personal data and identifiability. It does so by examining a concrete example of a smart city initiative – the Stratumseind Living Lab in the Netherlands – both through the lens of Foucault’s notion of security and data protection law.
