Applying the Purpose Limitation Principle in Smart-City Data-Processing Practices: A European Data Protection Law Perspective

Forskningsoutput: TidskriftsbidragArtikelVetenskapligPeer review

Sammanfattning

Protection of privacy rights in the context of smart cities is novel,
currently underdeveloped, and a hot topic worldwide. This article
examines the purpose limitation of European data protection law in
the context of smart cities. The “purpose limitation” principle of the
General Data Protection Regulation (GDPR) outlines the ways and
means of processing personal data to protect individuals’ fundamen-
tal right to personal data protection and related risks. The principle,
which empowers controller(s) to process data in a controlled man-
ner, requires that controller(s) process personal data only after meet-
ing two fundamental requirements:
they must act on the requirements of purpose specification, and
they must perform an “incompatibility test” while processing per-
sonal data for further purposes.
This article aims to outline the permissible limits of the purpose limi-
tation principle to pursue different purposes in the context of smart
cities. Indeed, the principle only applies when controllers process
personal data in smart cities. With the authority provided by the
principle, data controllers may process personal data for primary and
secondary purposes. However, processing purposes cannot go
beyond defined restrictions. The study, which is conducted within
the European legal framework, deploys a multimethod approach to
address different parts of the research question.
Originalspråkengelska
TidskriftCommunication law and policy
Volym28
Nummer1
Sidor (från-till)67-97
Antal sidor31
ISSN1081-1680
DOI
StatusPublicerad - 2 jan. 2023
MoE-publikationstypA1 Tidskriftsartikel-refererad

Vetenskapsgrenar

  • 513 Juridik

Citera det här