open interoperability frameworks in order to avoid vendor dependency and ensure long-term
            scalability – this is especially important in Global South contexts, where fragmented systems and
            limited institutional capacity often undermine efficiency.


            7.2     Privacy-by-design and data protection


            The rapid proliferation of DPI necessitates the establishment of robust privacy frameworks to
            mitigate the risks of surveillance, data misuse and erosion of individual rights. PbD, a foundational
            principle embedded in the European Union’s GDPR mandates that data protection measures be
            integrated into the architecture of systems from the outset, rather than retrofitted as an afterthought.
            Standards like Recommendations ITU-T X.1054, ITU-T Y.4810, ISO/IEC 27014 and ISO/IEC 27701
            are all examples of relevant standards that can be used to enhance security and privacy postures
            of organizations and systems in smart cities.

            An illustrative example is Brazil’s CAR; a DPI platform designed for environmental governance.
            By leveraging open-source technologies and incorporating PbD principles, the system manages
            sensitive geospatial and personal data in a manner consistent with national privacy regulations
            (Data Privacy Brasil, 2024). Key features such as data minimization, purpose limitation and consent
            management are embedded across the system’s lifecycle, ensuring alignment with personal data
            protections laws and regulations as well as globally recognized security standards. These measures
            institutionalize trust and foster accountability in citizen–government data interactions (UNEP, 2024).


            Nonetheless, significant challenges remain in harmonizing privacy standards across jurisdictions.
            Variations in legal definitions, enforcement capacities and regulatory maturity create inconsistencies,
            particularly for developing economies with limited domestic data protection frameworks. In this
            context, the recent resolution of ITU on DPI , underscores the urgent need for global consensus
                                                        6
            on data sovereignty, interoperability and the ethical governance of cross-border data flows.


            However, privacy cannot stand alone without strong security. Security safeguards are essential to
            protect personal data from breaches, unauthorized access and malicious actors. Without robust
            cybersecurity, even well-intentioned privacy protocols can be rendered ineffective. For DPI, which
            operates at scale and often supports vulnerable populations, this integration is not optional, it is
            critical to maintaining public trust, preventing harm and ensuring the long-term resilience of public
            digital systems. Positioning PbD alongside security by design, ensures the rights and the safety of
            individuals are protected in digital public life.



            7.3     Ethics in AI, blockchain and emerging tech

            Emerging technologies, particularly AI and blockchain, offer transformative potential for enhancing
            public service delivery. However, they also raise significant ethical challenges, including algorithmic




            6   https:// www .itu .int/ pub/ T -RES



             40