This second video is part of a series about sustainable business models for smart cities. In part one, we discussed how smart cities can operate with self-sustaining business models that do not rely on subsidies. In this second part, Yaeko Hodaka (Partner, Tokyo) and Tsugihiro Okada (Counsel, Tokyo) together with specialists Mr. Yasunori Mochizuki (NEC Fellow), Mr. Akihito Karasawa, (Manager of the Digital Planning Section, Smart City Promotion Department, Digital Strategy & Promotion Bureau of Sapporo City) and Mr. Tadashi Kaji (Senior Chief Researcher of Hitachi, Ltd.’s Research and Development Group) discuss legal issues that need to be taken into account.
The panel answers the following questions: Given the possibility that various services could be developed by utilizing data held by cities, what are practical means to access such data? What processes have been used and what insights have been gained from previous overseas cases?
The City of Sapporo opened the “Sapporo Area Data Transaction Market” at the end of December 2022 with the goal of establishing a market capable of handling a wide range of data — not only data owned by local governments, but also by private companies that wish to buy and sell data. What are the motivations and aspirations for establishing data markets and what challenges does it face in the future?
Below are key takeaways from the discussion:
- Smart cities contain lots of data, from residential, transportation, health care and private organizations. The difficulty is in how to access and utilize this data, and this requires “open data”, “data collaboration infrastructures” and data platforms.
- Platforms operated by government agencies are at a heightened risk of being targeted by hackers. It is important that platform operators cooperate with data providers and data users to build an organizational structure that can prevent the platform from being hijacked to carry out attacks and that platform operators are trained to minimize damage in the event of such an attack.
- Data platform operators need to keep the legal aspects of their operations in mind to avoid legal liability for failure to take appropriate measures against the risk of cyberattacks.
- International examples of successful Smart cities data utilization include Transportation of London, The Leeds Data Mill and the Copenhagen City Data Exchange. These initiatives are successful examples of how to develop engagement with the data community by creating a place where the community comes together (public and private) to get support based on simple open data standards and guidelines.
- When developing smart cities, transportation for citizens and health care are top concerns. Several points to consider when developing the system and concerns for the future include: having to lead the way with very few examples to follow, regulatory concerns and compliance, transactions and new services and developing a case study to educate others on usage and goals.
- Risk management: Data platforms need to avoid assuming responsibility for the content of the data as much as possible. As depending on the nature of the data there are risks, such as infringing the rights of third parties, intellectual property rights or defamation and sensitive personal data.
- Cybersecurity: Cyberattacks are on the rise, especially those targeting government led organizations through theft or ransomware. Attacks on government services and platforms have wider reaching effects, not only the risk or value of the data contained but impacting other services that rely on the data like transportation, healthcare etc. (critical infrastructure). It is therefore important to have layers of security such as authentication, maintenance, accountability and reporting as ongoing processes to protect from attacks and meet technological changes.
- For Data platforms, it is vital to develop a “Cooperative security framework” between data users, data providers and the platform to reinforce security rather than stating the liability in terms and conditions. Establishing a security operation center that continuously monitors the system for security incidents with an incident response team ready to respond is vital.
- Liability can depend on the platform design. Data exchange platforms have slightly reduced liability for security risks, but if data is stored in the platform, they are responsible for security of the stored data and need to make security central to product design.