Golden Data
Published in

Golden Data

Smart cities, privacy and community control: Are we there yet?

Outdated Technology — IBM System 360 Mainframe Computer — Missouri State Archives


Federalism as a limit to the ability of federal laws to regulate smart cities and municipalities

When considering the landscape of local privacy regulations, it is important to be aware of the principle of “federalism.” In a nutshell, federalism means that the governments of the states coexist with the federal government and that this federal government has specifically enumerated powers which are granted by the United States Constitution. The enumerated powers granted on the federal government by the United States Constitution are limited in their scope. Generally speaking federal law is not able to impose restrictions on cities and municipalities implementing smart solutions for this reason.

States privacy regulations for the public sector: A work in progress

Some states have enacted public sector privacy laws that enshrine principles and requirements like those found in the US Privacy Act.

State new comprehensive privacy laws and the public sector

There is a recent movement toward a more comprehensive approach to regulating personal data that is being led by state legislators. It started with the enactment of the California Consumer Privacy Act of 2018 which was latter strengthen when in November of 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA). Several states have enacted similar laws, including Virginia, Colorado, Utah, and Connecticut.


Federal sectoral regulations may not apply effective restrictions to vendors of smart city technologies

Historically the US has regulated data privacy with a sectoral approach. This means there is no US overarching law that imposes requirements on how all the public sector and the private sector collect, use, and share data.

How about the new State privacy laws?

As mentioned above, there is a recent movement toward a more comprehensive approach to regulating personal data. Several states have enacted more comprehensive privacy laws. Vendors of smart city technologies are likely directly or indirectly regulated by these laws.


There is several issue specific privacy laws that restrict some forms of collection, use and sharing of information in the public local sector.


In a nutshell:

  • Public sector privacy federal laws such as the US Privacy Act of 1974 do not apply to the state level public sector. Even in states that took the initiative to enact regulations similar to the federal Privacy Act, the processing of personal data by cities and municipalities is likely out of the scope of those laws as they would typically apply only to state public agencies.
  • Providers of smart technologies in many cases will not be regulated by the existing web of federal sectoral privacy laws. The new more comprehensive state laws may apply to them, but because those laws target the private sector their effectives is likely limited.
  • There could be specific privacy regulations for concrete technologies used by smart cities, like the ones imposing limitations on officer camera surveillance or automated license plate readers, but there is no strong track record of enforcement and the protections offered are limited.



A community of professionals who help answer each other’s questions about data laws.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Golden Data Law

Golden Data Law is a mission driven benefit corporation that provides legal services to the not-for-profit community and to governmental agencies.