Session overview
What you will learn
Regulatory map
The EU data layer for smart cities
GDPR
Reg. (EU) 2016/679General data protection — principles, bases, rights, DPIA, transfers.
LED
Dir. (EU) 2016/680Data processing by police and criminal-justice authorities.
ePrivacy
Dir. 2002/58/ECConfidentiality of electronic communications and traffic data.
AI Act
Reg. (EU) 2024/1689Risk-based AI rules — Art. 5 bans incl. real-time biometric ID in public spaces.
Data Act
Reg. (EU) 2023/2854Access to and use of IoT-generated data; B2G data sharing.
DGA
Reg. (EU) 2022/868Data altruism and re-use of protected public-sector data.
Agenda
A 3-hour journey
- 0–15′
Framing
Smart city as a data infrastructure. Why DP is a precondition, not a constraint. Charter Arts. 7–8.
- 15–45′
EU framework deep-dive
GDPR principles, Art. 6 bases for municipalities, LED vs GDPR, AI Act, Data Act, DGA.
- 45–75′
Case-law clinic
Schrems II, La Quadrature du Net, AEPD Mercadona, Bridges (UK CoA) — what each binds for cities.
- 75–90′
Coffee break
Informal Q&A and networking.
- 90–125′
Practice I · Mini-DPIA
Group work on the AI-CCTV pilot in Málaga's historic centre.
- 125–150′
Practice II · Role-play
Municipal Ethics Committee + new IoT smart-waste case (Case 3).
- 150–170′
Structured debate
Live remote biometric ID in public spaces — three teams, vote.
- 170–180′
Quiz & takeaways
15-question self-assessment + key takeaways and open Q&A.
Case law
The decisions that shape smart-city DP
Practical work
Apply, don't just listen
Mini-DPIA
AI-CCTV pilot for crowd analytics in central Málaga. Identify risks, bases, mitigations.
Cloud procurement
Transfer-impact analysis when contracting a US hyperscaler for traffic data.
AEPD school case
Facial recognition for exam supervision — proportionality and Art. 9 GDPR.
Role-play
Municipal Ethics Committee debates a biometric ID deployment in public space.
Materials
Download the full pack
Slides — Data Protection in Smart Cities
PPTX
Handout — Theoretical reader
Case sheet — Practical exercises
Quiz — Self-assessment
Files are distributed by the instructor at the start of the session. Refer to your course intranet to retrieve them.
Citas verificadas
Verified sources & official links
Direct links to every decision cited in the slides and handout. All URLs verified.
Bibliografía
Publicaciones de María Luisa Gómez-Jiménez
Selección de trabajos propios sobre protección de datos, privacidad e inteligencia artificial en el ámbito del Derecho público.
- Gómez-Jiménez, María Luisa (2025). Del IoT a la inviolabilidad digital del domicilio en las viviendas inteligentes. Urban Red / Universidad de Málaga. Enlace
- Gómez-Jiménez, María Luisa (2022). Tecnologías habilitadoras digitales (THD) en un contexto de emergencia sanitaria: retos jurídicos y su proyección en las ciencias de la salud. Tirant lo Blanch, ISBN 978-84-1113-603-7. Enlace
- Gómez-Jiménez, María Luisa (2021). Automatización procedimental y sesgo electrónico: el procedimiento administrativo electrónico desde la inteligencia artificial. Aranzadi Thomson Reuters, ISBN 978-84-1346-877-8. Enlace
- Gómez-Jiménez, María Luisa (2020). Data privacy and human dignity: a legal approach in an interconnected world. En J. M. Puyol Montero (coord.), New challenges for law: Studies on the dignity of human life, pp. 121–140. ISBN 978-84-1313-830-5. Enlace
- Gómez-Jiménez, María Luisa (2020). Reconocimiento facial e identidad digital en la provisión de bienes y servicios en las ciudades inteligentes. Congreso AEPDA — Repositorio UMA. Enlace
- Gómez-Jiménez, María Luisa (1994–2026). Perfil completo de publicaciones (49 artículos, 23 libros, 103 capítulos). Dialnet — autor 637956. Enlace
FAQ