Data protection law beyond identifiability? Atmospheric profiles, nudging and the Stratumseind Living Lab

Maša Galič*, Raphaël Gellert

*Corresponding author for this work

Research output: Contribution to JournalArticleAcademicpeer-review


The deployment of pervasive information and communication technologies (ICTs) within smart city initiatives transforms cities into extraordinary apparatuses of data capture. ICTs such as smart cameras, sound sensors and lighting technology are trying to infer and affect persons’ interests, preferences, emotional states, and behaviour. It should be no surprise then that contemporary legal and policy debates on privacy in smart cities are dominated by a debate focused on data and, therefore, on data protection law. In other words, data protection law is the go-to legal framework to regulate data processing activities within smart cities and similar initiatives. While this may seem obvious, a number of important hurdles might prevent data protection law to be (successfully) applied to such initiatives. In this contribution, we examine one such hurdle: whether the data processed in the context of smart cities actually qualifies as personal data, thus falling within the scope of data protection law. This question is explored not only through a theoretical discussion but also by taking an illustrative example of a smart city-type initiative – the Stratumseind 2.0 project and its living lab in the Netherlands (the Stratumseind Living Lab; SLL). Our analysis shows that the requirement of ‘identifiability’ might be difficult to satisfy in the SLL and similar initiatives. This is so for two main reasons. First, a large amount of the data at stake do not qualify as personal data, at least at first blush. Most of it relates to the environment, such as, data about the weather, air quality, sound and crowding levels, rather than to identified or even likely identifiable individuals. This is connected to the second reason, according to which, the aim of many smart city initiatives (including the SLL) is not to identify and target specific individuals but to manage or nudge them as a multiplicity – a combination of the environment, persons and all of their interactions. This is done by trying to affect the ‘atmosphere’ on the street. We thus argue that a novel type of profiling operations is at stake; rather than relying on individual or group profiling, the SLL and similar initiatives rely upon what we have called ‘atmospheric profiling’. We conclude that it remains highly uncertain, whether smart city initiatives like the SLL actually process personal data. Yet, they still pose risks for a wide variety of rights and freedoms, which data protection law is meant to protect, and a need for regulation remains.

Original languageEnglish
Article number105486
Pages (from-to)1-13
Number of pages13
JournalComputer Law & Security Review
Publication statusPublished - Apr 2021


The research for this Article was made possible by a grant from the Netherlands Organisation for Scientific Research ( NWO, project number 453-14-004 ) and the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (INFO-LEG project, grant agreement No 716971 ).

FundersFunder number
Horizon 2020 Framework Programme716971
European Research Council
Nederlandse Organisatie voor Wetenschappelijk Onderzoek453-14-004


    • Data protection
    • Nudging
    • Personal data
    • Profiling
    • Smart city
    • Stratumseind


    Dive into the research topics of 'Data protection law beyond identifiability? Atmospheric profiles, nudging and the Stratumseind Living Lab'. Together they form a unique fingerprint.

    Cite this