Authors: Khahlil A, Louisy and Fredrik Heiding
The concept of smart cities has gained traction in the past several years, with many urban centers adopting advanced technologies and utilizing data from connected devices to enhance the efficiency, sustainability, and health of their citizens. A key element of smart cities is the collection and transmission of vast amounts of data which is then used to inform decision-making. For example, data from Internet of Things (IoT) devices and sensors programmed to detect toxic chemicals and the presence and levels of certain compounds in the atmosphere and water supplies can offer valuable insight into public health trends, risks, and threats, because they provide real-time information. However, using these devices also presents significant cybersecurity risks as many IoT devices have poor cybersecurity standards.
Research has found severe vulnerabilities that allow cyberattackers to gain access to connected devices and steal, erase, or manipulate the data they collect. As cities become more reliant on connected devices and the data they generate, it is crucial to address these risks before they are exploited. This article will focus on the concerns around using smart city data for health decision-making, in particular the classification of data from connected devices. In the United States, data from most IoT devices are currently classified as consumer data, which lacks the level of protection offered by regulations safeguarding individual health data. The evolution of the data presents a significant challenge, and one that requires urgent resolution, in that it is not protected. For example, a log of location data extracted from an individual’s mobile phone and used for contact tracing, would not be classified as health data under existing regulations even though it was used in health practice. Consequently, anyone may use that data in unintended or unethical ways.