In this episode of the Smart City Podcast, I had a really interesting conversation with Nicole Stephenson, a Privacy Consultant originally from Canada but now based in Ipswich, Queensland. Nicole shares why privacy is such an important part of the Smart City conversation, and one that currently isn’t being embraced enough across the board. We discuss how Australia is currently embracing the Smart City concept and how we could still have a data driven and tech-enabled community that balances the privacy and security of citizen data.

Nicole explains some of the projects she’s currently working on, including her role with the Internet of Things Security Institute, an Australian Not-For-Profit organisation in the privacy space. We also talk about privacy legislation in Australia and across the world, such as GDPR — Europe’s General Data Protection Regulation, and what that means for the Smart City space here and abroad. Nicole explains the biggest mistakes a Smart City project or agency can make when it comes to privacy and why open data isn’t actually in opposition but can be enabled by privacy policy. We finish our conversation discussing the emerging trend of the changing views about privacy across different groups and generations in this Smart City space and the context of the 2018 digital world. As always, I hope you enjoy listening to this episode as much as I enjoyed making it.

Listen here:

What we cover in this episode:

  • Nicole’s background and her passions
  • What a Smart City means to Nicole and why privacy is so important to the concept
  • How Australia is currently embracing the Smart City concept
  • Some projects Nicole is working on in the privacy space
  • Privacy legislation and what it means for Australian Smart Cities
  • The biggest mistakes that are being made by agencies and organisations when it comes to privacy
  • How open data and privacy policies interact
  • The changing views on privacy in this digital world


Because Smart Cities are, to a large extent, about having and using and sharing data, which includes the personal information of citizens within those cities, the concept has always made fairly loud pings on my privacy radar.

Privacy concerns are going to pop up in relation to Smart Cities, they’re either going to be real (where there’s an actual risk) or they’ll be perceived (where there’s a worry or fear within the community)…I think both have the power to derail community trust.

Smart Cities are all about using the data of our urban environment and our citizens to make life better, more connected, more accessible, faster, cleaner, safer and sustainable into the future.

Without adequate consideration of privacy, which for our cities is not just a normative matter, it’s actually one that’s based in law, then there’s a real concern that privacy rights of citizens will be overshadowed by the desirability of using cost effective, sparkly data-driven tech.

The premise of the Smart City is that it helps us leverage technology within our cities for social good: sustainability, resilience, equity. …I think that because so many large cities are struggling to meet the challenges of sustained urban growth and regional centres are struggling to attract external investment and drive prosperity or liveability for their communities, Smart Cities offer an opportunity to improve lives. Privacy though is exceptionally important because…it ensures that those making deicions in relation to Smart Cities have the full picture, that they understand we’re not just dealing with data here but we’re dealing with data that’s about a person and because of that the person is going to have expectations about what happens to that data over its life cycle, from the time that it’s collected right through to the time that it has finished being used and it’s destroyed.

Communities want to, in fact I think they need to, engage about how they live and how to make life better…what I’d like to see now though is a movement toward a model more like what we’ve seen coming out of Seattle Washington, where the Smart City is supported by the services of a person called the Chief Privacy Officer. That’s a critical role. …So there can be a great data-driven tech-enabled community balanced by the frank and fearless advice of a privacy professional who is embedded and who is concerned with the protection of citizen data in accordance with established privacy rules.

It’s important that all Australian municipalities remember that they are required to  comply with the privacy principles that are set out in the legislation that is relevant in their state.

When cities intend to do something that involves personal information…they need to do that in accordance with the rules around how personal information must be collected, used, stored or secured, when it can be disclosed or shared and so forth.

Successful Smart City initiatives will absolutely rely on an integrated approach and I think a key step is going to be [removing] silos…cities aren’t going to become Smart in isolation.

In both the Smart Cities and IOT spaces, I feel that tech is far outpacing critical thinking in terms of privacy. With Smart Cities, I do see a lot of play in the cybersecurity arena, as in how do we secure our tech and how do we secure the data we’ve harvested, however I’d say the complementary privacy debate is still largely missing.

[The biggest mistake is] not recognising that we have privacy laws in place that have established the minimum benchmark that cities need to set in terms of protecting personal information through its life cycle.

I don’t think open data and privacy are competing, I think that they are different things and they each can be enabled by the other…I do think though that it requires some consideration and an understanding of, for example, what is personal information, to ensure that that information at a particular level of detail isn’t made available for the world at large.

The GDPR is the European Union’s General Data Protection Regulation and that is a really exciting development in privacy law from my perspective because it sets the benchmark really high for the collection and handling of personal information.

Data collection and sharing that’s necessary for operating Smart Cities does raise concerns about privacy and security of community information, personal information…it’s not as exciting as cool tech when it comes to a talking point though. So I find that [it] gets far too little air time and I’d like to see that change.


The Future of Privacy Forum — Smart City Tool

Seattle Washington

Internet of Things Security Institute

Information Privacy Act 2009


Find the full show notes:

Connect with Nicole at

Connect with me via email:

Connect via Twitter and Facebook @smartcitypod

The Smart City Podcast is produced by Ellen Ronalds Keene.

My Smart Community

My Smart Community offers consulting and media services with a focus on making our communities more accessible, liveable and sustainable for all. We have a focus on Smart Mobility, Smart project management, Smart technology in regional communities, dealing with disruption and facilitating genuine collaboration. As well as podcast production, communication and media advisory and engagement, keynote speaking, moderating, master of ceremonies and workshop design and facilitation.

The Smart Community Podcast

The Smart Community Podcast is a hub where smart and exciting people from all around the world come to discuss all things Smart City, Smart Town, Smart Region - anything that makes a place more liveable. Together we can create our own Smart Communities.


Website Design by Gold Coast Graphic Design |

Web Hosting & Development by Peritum Studios |

Digital Strategy by Puzzle Media |

Podcast Production by Perk Digital |