1. Introduction
A ‘smart city’ is a buzz term and concept. The ‘smart city’ has mainly been discussed in the scholarly literature on urban planning, architecture, and geography. In the smart city literature, there has been a long-standing discussion about the concept of smart cities that arose from concerns over the relationship between high-tech companies, information and communication technologies (ICT), and society. The debate started in the 2000s; early critiques cautioned that smart city initiatives were a form of ‘business-led urban development’.Footnote 1 The debate continued in the 2010s: scholarship warned that high-tech companies’ smart city discourse was ‘utopian storytelling’,Footnote 2 and also criticized smart city research for ‘one-size fits all narratives [to urban problems], an absence of in-depth empirical case studies … and comparative research that contrasts smart city developments in different locales’.Footnote 3
The utopian vision of smart cities is over.Footnote 4 Recently, it is argued that ‘far from being the imagined utopia of a few years ago, it is a reality in many cities around the world’.Footnote 5 In the past, the academic debate over smart cities in Europe and North America addressed high-profile cases, such as London, Amsterdam, Barcelona, New York, and Chicago; however, smart cities are becoming an increasingly real choice for local governments.Footnote 6 Smart cities can be possible solutions for implementing the Sustainable Development GoalsFootnote 7 or responding to changes in city life post the COVID-19 pandemic.Footnote 8 Accordingly, smart cities are happening at ‘ordinary’ cities and also bring business opportunities in Asia. For example, the term ‘smart city’ is commonly used in Asian trade policies.Footnote 9 The Association of Southeast Asian Nations (ASEAN) established the ‘ASEAN Smart Cities Network’ to promote regional cooperation in smart city projects.Footnote 10 For Japan, China, and Korea, the ‘smart city’ is now an important market opportunity for exporting smart technologies and services to ASEAN. In particular, China is the most active player in supporting smart city projects abroad in the context of the ‘digital aspects’ of China's ‘Belt and Road’ Initiative,of which ‘Digital Silk Road’ projects are one component. While China's ‘Belt and Road’ initiative refers to China's investment strategies to supply traditional infrastructure outside China,Footnote 11 ‘Digital Silk Road’ projects involve the supply of digital infrastructure (such as 5G networks) as well as e-commerce, mobile payments, and smart city projects.Footnote 12 There are a number of smart city projects which are led by Chinese big-tech corporations, such as the Alibaba and Huawei groups, along the ‘Digital Silk Road’.Footnote 13
Against this backdrop, this article explores how smart cities can be regulated and governed by international trade law. The proliferation of smart city initiatives (from high-profile to ordinary ones) with emerging technologies has not only expanded research in urban planning and architecture but has also gradually inspired legal research. It has been an issue in domestic public law to consider how local governments regulate smart city development.Footnote 14 International trade law also matters for smart cities; however, it is under-analyzed.Footnote 15 The trade law perspective facilitates a broader understanding of smart city governance, which includes ‘global’ regulatory dimensions because international smart city projects inevitably involve the interaction between local governments and foreign firms. This article argues that smart cities can be analyzed from three issue areas of trade regulation: trade in goods and services, international standards, and data governance (although these three issues are interrelated). Especially, the data governance aspect is important in the smart cites context because, for urban solutions, artificial intelligence (AI) and big data are key ‘smart’ technologies, and it is here where privacy and security issues come in.
The remainder of this article is organized as follows. Section 2 unpacks the concept of smart cities and situates them within the context of global trade. Then, Section 3 examines smart cities in terms of trade in goods and services. In particular, this section focuses on incorporating and applying the Internet of Things (IoT) in smart cities. Section 4 addresses international standard-setting activities for smart cities, which have flourished but are becoming increasingly complex. This section considers how to address standard-setting games for smart cities among stakeholders under international trade law. Section 5 focuses on the data governance aspects of smart cities and examines the current regulatory situation with a focus on the Digital Economy Partnership Agreement (DEPA). This section examines to what extent provisions under existing digital economy agreements are relevant to international smart city projects and further considers what kinds of regulatory issues smart city governance can add to (or go beyond) the traditional digital trade discourse. Drawing on the smart city literature in urban planning and architecture, the section discusses additional questions concerning security and privacy that have been under-explored in digital trade. Section 6 concludes.
2. What are Smart Cities? – Definition and Context
As noted above, there has been a long-standing scholarly debate over the concept of smart cities.Footnote 16 This article is not a place for a historical review of the definition and concept of smart cities; instead, it may be helpful to look at the recent trends in smart city definitions. For example, the Organisation for Economic Co-operation and Development (OECD) recently discussed smart cities. The 2019 OECD report defines smart cities as ‘initiatives or approaches that effectively leverage digitalisation to boost citizen well-being and deliver more efficient, sustainable and inclusive urban services and environments as part of a collaborative, multi-stakeholder process’.Footnote 17 The report explains that ‘while digital innovation remains central to the smart city concept’, this definition focuses on ‘the life of people’ and emphasized ‘the importance of citizen engagement’.Footnote 18 This understanding of smart cities has resonated with the scholarly debate in urban studies on the concept of ‘human-centric’ smart cities.Footnote 19
ASEAN also provides a concept of smart cities. Among ASEAN countries, Singapore has taken the lead in promoting regional urban connectivity through smart city development.Footnote 20 In the 2018 ASEAN Summit, Singapore proposed the ‘ASEAN Smart Cities Network’.Footnote 21 ASEAN identifies three objectives for smart city development: competitive economy, sustainable environment, and high quality of life.Footnote 22 Under these objectives, there are six targeted areas for smart city development: (1) civic and social, (2) health and well-being, (3) safety and security, (4) quality of the environment, (5) built infrastructure, and (6) industry and innovation.Footnote 23 ASEAN's objectives and targeted areas for smart cities indicate that Asian smart cities are more rooted in ‘problem-oriented’ projects; that is, in Asia, smart cities are tools to solve specific urban problems.
However, these definitions and concepts may not convey the real image of how smart city projects are actually exported aboard. On this point, it might be useful to conceive of smart cities as a three-layered system (Figure 1).Footnote 24 First, the bottom layer (layer 1) consists of city infrastructure and utilities (such as energy management systems, water and waste management systems, and public transportation controls), linked to digital equipment (mobile phones, meter readings, cameras, GPS, sensors etc). Second, in the middle layer (layer 2), data are collected via digital equipment, and connected and integrated by software and applications on a platform. Finally, in the top layer (layer 3), data-based urban services are offered in multiple sectors, such as mobility, energy, administration, health, safety, and sightseeing. What makes smart cities different from ordinary cities is the ‘data management’ aspect.Footnote 25 Here, AI and big data emerge. Ultimately, AI and big data are key technologies for urban solutions. ‘Smart’ technologies usually refer to three elements of technology: collection of data, data processing, and automation of decision-making (using AI) to deliver urban services.Footnote 26
Ideally, the multiple sectors (e.g., mobility, energy, and sightseeing) in layer 3 are all integrated by a data platform created at layer 2. However, the smart city literature has noted that, far from a holistic approach, past smart city initiatives tended to choose only one or two sectors. Thus, not all smart city projects have completed the three-layered system; rather, very few smart cities have achieved such a ‘data-centric’ and ‘interconnected’ smart city.
Each smart city project entails unique features and various development pathways – thus, smart cities differ from country to country, and within countries. For example, under the ‘ASEAN Smart Cities Network’, currently, 26 pilot cities have been launched under the Network.Footnote 27 The 26 pilot cities include large Asian cities, such as Bangkok, Singapore, Kuala Lumpur, and Mania. However, there are also new cities; for example, Siem Reap in Cambodia. The Japanese government provides smart city technologies and infrastructure to Siem Reap through the Japan International Cooperation Agency.Footnote 28 In Siem Reap, there is an iconic temple ‘Angkor Wat’, identified as a world heritage site; therefore, tourism has been growing as its main industry.Footnote 29 However, the city infrastructure and utilities have not been prepared to receive a number of tourists from aboard and are unable to handle rapid urbanization.Footnote 30 Thus, the city needs infrastructure, such as public transport and waste management systems (layer 1). At the same time, the city of Siem Reap is interested in gathering data on tourists (layer 2).Footnote 31 Here, data issues will arise. As will be discussed later (in Section 5), privacy issues need to be addressed when collecting data, with the questions on how to share and use the data among relevant stakeholders.
As such, there are various development stages for smart city projects, each interacting at different layer levels. While the reality of smart city projects varies, this three-layered system involves certain elements of international trade law, such as trade in goods and services, international standards, and data governance. In the law of the World Trade Organization (WTO) and in free trade agreements (and even digital economy agreements as will be discussed later), no rules directly mention smart cities. At the international-level agreement, the 2019 G20 Osaka Leaders' Declaration briefly touched upon smart cities: one paragraph in the section addressing ‘Innovation: Digitalization, Data Free Flow with Trust’ mentioned smart cities along with the issues of AI principles and the promotion of digital security.Footnote 32 Thus, while there are no direct provisions addressing smart cities in existing trade law, this article considers which aspects of international trade law would apply to smart cities as a layered system.
However, one may question how international trade law, which principally binds states,Footnote 33 affects the engagement of local governments in smart city projects. There are two dimensions to answer this question. First, according to WTO jurisprudence, state parties are not precluded from being found to be inconsistent with WTO law because the dispute is concerned with sub-national or provincial measures.Footnote 34 In this sense, international trade law directs central and local governments. Second, while the main stakeholders in smart city projects are local governments and firms, in the Asian context, states (rather than cities) initially support and promote foreign smart city projects. In the ‘ASEAN Smart Cities Network’, Singapore's leadership has been echoed by other countries’ incentives to export infrastructure and smart technologies to Asia. For example, Japan has formed a mutual partnership with ASEAN to support smart city initiatives, by assisting in project planning and formation and offering financial support.Footnote 35 In addition, Korea, China, and Australia are active players in supporting smart city development in ASEAN.Footnote 36 Thus, legal provisions at the state level matter and can assist in enabling international smart city projects. This article will now turn to consider how to regulate international smart city projects under international trade law.
3. Smart Cities, IoT, and Trade in Goods and Services
The three-layered vision of smart cities indicates a regulatory complex for smart cities. The complexity is concerned with the distinction between ‘goods’ and ‘services’ that has been debated in international trade law against the background of an increase in dual-feature businesses in the ICT sector.Footnote 37 On this point, smart city projects are generally a package of ‘goods’ and ‘services’ – while layer 3 addresses ‘services’, layer 1 deals both with ‘goods’ and related ‘services’. Layer 2 also involves ‘services’: when firms engage in the development of software/applications for foreign smart city projects, they participate in ‘services’.Footnote 38 For firms, the most common way to participate in international smart city projects is to export urban infrastructure/digital equipment (layer 1) or become involved in the development of software or applications (layer 2). Simultaneously, there are cases in which one firm is in charge of the entire digitalization process (all three layers) for one city (e.g., the Sidewalk Labs smart-city project in Toronto, CanadaFootnote 39). Accordingly, firms may trade in both goods and services for foreign smart city projects.
Given the complexity of goods and services, the next sub-section starts by considering layers 1 and 2. Among various ICT (such as blockchains, AI, and machine learning), the deployment of IoT is the basis for layers 1 and 2 of a smart city. Here, it can be described that ‘[t]he Smart City uses both its own infrastructure network of sensors and data collection as well as those of private parties and the IoT’.Footnote 40 In the trading context, IoT systems incorporated into various smart goods/infrastructures are exported and applied to smart city projects. Accordingly, there are two points worth considering: how to regulate IoT incorporation/application in smart cities, and how (trade) agreements concerning digital commerce regulate IoT and smart cities.
3.1 Regulating the Incorporation and Applications of IoT and the Smart City
For a more precise understanding, the definition of IoT is provided by the International Organization for Standardization (ISO)Footnote 41 as follows: ‘infrastructure of interconnected entities, people, systems and information resources together with services which processes and reacts to information from the physical world and virtual world’.Footnote 42 In addition, an IoT system is defined as a ‘system providing functionalities of IoT’.Footnote 43 On this point, there is a note written that ‘[a]n IoT system can include, but not be limited to, IoT devices, IoT gateways, sensors, and actuators’.Footnote 44 Furthermore, an IoT device is defined as an ‘endpoint that interacts with the physical world through sensing or actuating’.Footnote 45
According to these definitions, in the context of smart cities, an IoT system can include (1) classic IT devices, such as smart phones and laptops; (2) smart devices, such as health devices, monitoring cameras, and drones with data-gathering and data-processing functions; and (3) smart infrastructure and networks, such as smart buildings and smart factories that interconnect information on energy use, air conditioning, or entry/exist. One noticeable point from the IoT definition is that IoT does involve ‘services’. Accordingly, IoT can include data-gathering and processing services (as well as some kinds of ongoing management services based on these data) provided through smart devices (e.g. health devices, monitoring cameras, and drones) and smart infrastructure (e.g. smart buildings and smart factories).
This perspective of the IoT resonates with Chander's view that the IoT is regulated by both the General Agreement on Tariffs and Trade (GATT)Footnote 46 and the WTO's General Agreement on Trade in Services (GATS)Footnote 47 disciplines.Footnote 48 He suggests China–Electronic Payment Systems as a relevant WTO case, where the Panel admitted that an electronic payment ‘system’ can include services, such as, processing infrastructure and network, delivering information, and managing payment.Footnote 49 Chander finds that since ‘it seems better to treat the service as bundled with the good itself at the point of sale [of smart objects]’, ‘it makes sense to see a Smart Object as both a good and an ongoing service’.Footnote 50
Furthermore, regulating IoT incorporation/applications necessarily involves addressing cybersecurity and privacy issues,Footnote 51 which are also concerned with international smart city projects. Cybersecurity concerns have increased in smart cites because ‘critical services and infrastructure are digitally connected and data dependent on the smart network’.Footnote 52 As noted previously, Chinese big-tech corporations, such as Huawei, have been engaging in foreign smart city projects. Chinese companies’ technologies and systems can spread through overseas smart city projects along the ‘Digital Silk Road’ under China's ‘Belt and Road’ Initiative.Footnote 53 Such business activities involve cybersecurity risks in IoT. On this point, we can recall that Huawei 5G devices have been banned by the US, Australia, Japan, and other countries.Footnote 54 However, under smart city projects backed up by a mutual agreement between China and other countries, such import bans on Chinese smart devices will not be applied based on certain trusts between the two countries. Regardless of smart city projects using Chinese devices, both city governments and companies doing business with smart IoT devices should ensure to ‘insert cyber security in the process as design, deployment, and sustainment consideration for every new project’Footnote 55 in the age of 5G systems.
However, despite being proactive against security threats, privacy concerns arising from data gathered by smart IoT devices remain. This concerns how a city or central government regulates data issues, which are addressed in Section 5.
3.2 Agreements Concerning Digital Commerce and IoT
Second, it is important to examine e-commerce chapters under free trade agreements (in particular, this article looks at the Comprehensive and Progress Agreement for Transpacific Partnership [CPTPP, 2018]Footnote 56 and Regional Comprehensive Economic Partnership [RCEP, 2022],Footnote 57 considering the context of smart city initiatives in ASEAN) and digital regulation under so-called Digital Economy Agreements (DEAs). Such agreements regulate digital commerce beyond WTO rules. In particular, DEAs are new and special agreements on digital trade that facilitate regulatory cooperation within the digital economy.Footnote 58 This article addresses five DEAs: (1) Agreement between the United States of America and Japan concerning Digital Trade (the US–Japan Digital Trade Agreement, 2020);Footnote 59 Australia–Singapore Digital Economy Agreement (the Australia–Singapore DEA, 2020);Footnote 60 Digital Economy Partnership Agreement between Singapore, Chile and New Zealand (the DEPA, 2020);Footnote 61 Digital Economy Agreement between the United Kingdom of Great Britain and Northern Ireland and the Republic of Singapore (the UK–Singapore DEA, 2022);Footnote 62 and Digital Partnership Agreement between the Government of the Republic of Korea and the Government of the Republic of Singapore (the Korea–Singapore DPA, 2023).Footnote 63
Among the CPTPP, RCEP, and five DEAs, only the UK–Singapore DEA uses the term of ‘IoT’ (under the cybersecurity and AI provisions). Other agreements do not use the term ‘IoT’; instead, the term ‘digital products’ is used. The definition of ‘digital products’ is almost the same wording among the agreements (except for the RCEP and the UK–Singapore DEA, without a definition); ‘digital products’ includes ‘a computer programme, text, video, image, sound recording or other product that is digitally encoded, produced for commercial sale or distribution, and that can be transmitted electronically’.Footnote 64 This definition is usually accompanied by a note: ‘The definition of digital product should not be understood to reflect a Party's view on whether trade in digital products through electronic transmission should be categorised as trade in services or trade in goods’.Footnote 65 Again, the boundaries between goods and services remain open.
While there are variations in the regulatory topics for e-commerce chapters under free trade agreements and DEAs, there are some common rules across the agreements concerning digital products. One common rule across the agreements concerns ‘no customs duties on electronic transmissions’.Footnote 66 Another common rule across the agreements may be the ‘non-discriminatory treatment of digital products’.Footnote 67 However, the RCEP and the UK–Singapore DEA do not contain this rule. One research suggests that the non-discrimination principle for digital products is not so obvious among trade agreements because of digital products’ intangible character and diversity in consumption behavior, which makes it difficult to assess ‘like product’ criteria under the principle.Footnote 68 Data issues in the agreements are addressed in Section 5.
4. International Standard-Setting Activities Relevant to Smart Cities
4.1 International Trade Rules on International Standards
To address the question of how smart cities are regulated under international trade law, setting international standards for smart cities is the most active area to explore. What is the role of international standards for firms participating in overseas smart city projects? As the international standardization literature explains, ‘standard battles’ occur among members (i.e., firms) of international standard-setting bodies. While international standard-setting bodies usually aim at reaching consensus among members, ‘standardization is rarely about reaching compromise among different regulatory models and approaches … but instead about battles for preeminence of one approach or solution over another’.Footnote 69 Accordingly, when developing international standards, members of international standard-setting bodies attempt to shape standard content that reflects interests – for example, standards that reflect certain technologies or systems developed by a particular firm. This is based on the pursuit of a first-mover advantage, that is, minimizing switching costs to unfavorable international standards and gaining foreign market opportunities.Footnote 70 Thus, in the context of smart cities, if members succeed at developing international standards for smart cities reflecting their interests, the firms will have an advantage over participation in overseas smart city projects, insisting that their technologies and systems are accepted as international standards.
This advantage is further underpinned by the WTO Agreement which encourages WTO Members to consider the existence of international standards. First, the WTO's Agreement on Technical Barriers to Trade (TBT Agreement)Footnote 71 is relevant in the context of international standardization in the ICT sector. The TBT Agreement requires WTO Members to base their domestic regulations on international standards if relevant standards exist except if such international standards are ineffective or inappropriate for fulfilling legitimate objectives (Art. 2.4). Furthermore, whenever a domestic technical regulation is in accordance with relevant international standards, ‘it shall be rebuttably presumed not to create an unnecessary obstacle to international trade’ (Art. 2.5). Thus, when firms export smart devices and infrastructure for overseas smart city projects, international standards aligned with their goods may promote exports.
GATS also addresses international standards. As noted, the sales of smart devices or smart infrastructure often entail data gathering and data processing services and some kinds of ongoing management services. In addition, when firms develop software/applications for foreign smart city projects, they participate in ‘services’. On this point, GATS Article VI (5) states that WTO Members shall not nullify their specific GATS commitments by applying technical standards, and when conformity with this obligation is evaluated, international standards are taken into account. In this regard, the Joint Initiative on Services Domestic Regulation is also relevant. At the 12th WTO Ministerial Conference in 2021, a reference paper on services domestic regulation was adopted by a group of WTO Members under the Joint Initiative. According to that reference paper, Members shall encourage their domestic competent authorities or relevant international organizations ‘to adopt technical standards developed through open and transparent processes’.Footnote 72
Moreover, international standards are concerned with government procurement. When goods and services associated with smart cities fall under city governments’ procurement processes, the WTO's Agreement on Government Procurement (GPA)Footnote 73 applies to GPA Members.Footnote 74 GPA Article X(2)(b) states that when a procuring entity prescribes technical specifications for the goods and services being procured, it is necessary to base these technical specifications on international standards.
Finally, a few DEAs include a provision on ‘standards and conformity assessment’.Footnote 75 This provision generally highlights the importance of the role of standards and conformity assessment procedures in the digital economy and fosters cooperation in developing standards and procedures.
4.2 Complexities in International Standard-Setting for Smart Cities
In which forums have international standards for smart cities been developed? In the ICT sector, there are the ‘big three’ plus one, i.e., the well-known ‘big four’ international standard-setting bodies.Footnote 76 The ‘big three’ bodies are as follows: ISO, International Electrotechnical Commission (IEC), and International Telecommunication Union (ITU). The fourth body (or ‘plus one’ body) is the ISO/IEC Joint Technical Committee (JTC) 1, which was established in 1987, specializing in standardization for information technology.Footnote 77
Although the ISO, IEC, and ITU are often collectively considered large international standard-setting bodies in the ICT sector, their memberships differ. Since the ITU is a specialized agency of the United Nations (UN), UN Member States are full participants in the standard development processes.Footnote 78 However, the ISO and IEC are often described as ‘private organizations’ or ‘hybrid public–private bodies’Footnote 79 because their members are national standard-setting bodies (either public or private) and do not necessarily represent governments on their own.Footnote 80 One consequence of this difference is that, while ITU standards (which are termed ‘recommendations’) are available free of charge,Footnote 81 ISO and IEC standards are not.
Among the ‘big four’ forums, the ISO has been the most active in developing smart-city standards. ISO 37120 (Indicators for city services and quality of life) is one of the well-known ISO standards under ISO/TC 268 (first created in 2014, later updated in 2018).Footnote 82 This ISO standard comprises about 100 indicators under 19 sectors relevant to city life.Footnote 83 It was originally developed at the University of Toronto in Canada, under the Global City Indicators Facility project.Footnote 84 Later, Canada took the initiative under the ISO/TC 268 to transform the University of Toronto's project into an ISO standard. Moreover, in 2019, a new complementary ISO standard was developed with a special focus on smart cities under TC 268/ WG2Footnote 85 – ISO 37122 (Indicators for Smart Cities).Footnote 86
Another notable standardization activity is undertaken by the ITU (as noted, ITU standards are termed ‘recommendations’). In 2016 and 2022, the ITU adopted three recommendations for ‘Key Performance Indicators in Smart Sustainable Cities’.Footnote 87
The importance of assessing smart city projects by indicators has been well recognized because indicators will help cities (1) define the goal they want to pursue; (2) quantify outcomes and measure their success or failure; and (3) compare themselves with other cities.Footnote 88 It is beyond the scope of this paper to review and analyze the vast array of smart-city indicators developed under the ISO and ITU; however, interesting comparative research has already been undertaken regarding these indicator standards in light of the areas covered (e.g., environment, transportation, waste, water, health, safety, etc.) and indicator types (e.g., indicators for measuring processes, results, or impacts, etc.).Footnote 89
Finally, the ISO/IEC JTC1 is active in setting standards for smart cities. Under the JTC 1, several sub-committees and working groups are operating: in particular, working group 11 (‘WG 11’) was created in 2015 to deal with smart cities.Footnote 90 China has taken the lead in WG 11 as a convenor and secretary, and under its leadership, seven standards for smart cities have been published (as of September 2023), including smart city ICT indicators.Footnote 91 Indeed, the smart city is one of the topics on which China's presence in international standardization has received attention.Footnote 92 Notably, China has increased the number of its secretariat positions in the committees of international standard-setting bodies, catching up with the United States, Germany, and Japan.Footnote 93 Occupying secretariat positions in standard committees is one effective strategy for controlling the consensus-building process and winning standard battles. While seeking the basis for consensus among various participants in the committee, a secretariat is in a good position to control the discussion within the committee, thereby skillfully advancing domestic firms’ interests in the standardization process.
In 2020, one standard-setting initiative by China has received significant attention: China proposed standard drafts regarding ‘public health emergencies’ before all four smart city standardization forums.Footnote 94 The draft titles were not the same; however, all drafts focus on public health emergencies in smart cities. Such standard-setting initiatives by China resonate with the observation that since 2020 ‘China has accelerated the international promotion of some of its smart city technologies’, and ‘providing “anti-epidemic solutions” has become the new selling point for several Chinese tech companies’.Footnote 95 Moreover, China's proposal is interesting because it proposes drafts with cross-cutting concerns over ‘public health emergencies’ that may have broader impacts across multiple standard-setting forums. Thus, creating and submitting draft standards that involve cross-cutting issues may be an effective standardization strategy to advance China's national interests in international standard-settings.
Indeed, it has been noticed that ‘the COVID-19 pandemic is accelerating the deployment of innovation and technology in urban areas’.Footnote 96 Although surveillance and monitoring technologies have been widely used even before the COVID-19 pandemic, a novel development noticed during the pandemic is ‘the digitalization of disease surveillance through disease tracking and contact tracing’ which can generate individual health data.Footnote 97 Villarreal argues that during the COVID-19 pandemic, ‘digital tools based on the use of tracking software emerges as a feasible alternative to the “classic” manual surveillance’.Footnote 98 On this point, one important research question for the post-pandemic period is whether there are changes in citizens’ attitudes and behavior towards such digitalized surveillance technologies compared to before the pandemic.Footnote 99 The question is: Do citizens benefit from using smart technologies for outbreak detection and pandemic control, setting back negative concerns about privacy issues?Footnote 100 The answer depends on several factors, such as the technological development stage or the political regimes of the countries.Footnote 101 However, we can imagine that health data collected at international airports may be shared across nations during future disease outbreaks, and if so, the standardization of data communication and sharing is necessary.Footnote 102 It is against this backdrop that China's proposal of international standardization for public health emergencies in smart cities should be considered.
Another implication from different proposals backed up by countries is that standardization is not only ‘a strategic tool in interfirm competition’ but also ‘a competitive tool among nations’.Footnote 103 Accordingly, ‘strategic behaviour is sometimes observable’,Footnote 104 both for firms and nations. Thus, possibilities for ‘standard-setting games’ are not limited to firms: governments may also get interested in the games.Footnote 105 In this regard, the US–EU Trade and Technology Council (TTC), launched in 2021, is an interesting initiative. One of the TTC's purposes is to coordinate and cooperate in developing technology standards.Footnote 106 Such a cooperation initiative between the US and EU may prove the importance of coordinating and enlightening different standard-setting forums over digital technologies, which may also lead to a counter against China's growing presence in international standardization.
4.3 The Legitimacy Question on International Standards for Smart Cities
As such, international standard-setting activities for smart cities have flourished and become increasingly complex. There has been a marked increase in standard-setting topics in the ICT sector. Wi-Fi, USB, and HTML attracted considerable attention a decade ago.Footnote 107 The current issues include self-driving cars, drones, cryptographic mechanisms, and AI. Existing literature has already noted ‘complexity’ in international standardization (due to member competitions within a standard-setting body or between such bodies)Footnote 108 or a ‘balkanization of ICT standard-setting’ situation (due to the rise of new standard-setting actors other than the ‘big four’).Footnote 109 The topic of smart cities is not an exception.
Then, how can we address the observed growth of international standards for smart cities under international trade law? In other words, are those international standards considered legitimate under international trade law? The WTO jurisprudence provides several key points for answering this question.
First, while the ‘big four’ international standard-setting bodies have been recognized as major bodies in the ICT sector, it should be noted that the TBT Agreement has not expressly specified these bodies as recognized international bodies/organizations for ICT standardization. Even in the most recent WTO's 2021 reference paper on services domestic regulation, ‘relevant international organizations’ for technical standards are merely referred to as ‘international bodies whose membership is open to the relevant bodies of at least all Members of the WTO’.Footnote 110
This understanding of international bodies aligns with the US–Tuna II (Mexico) case. In the US–Tuna II (Mexico) case, the Appellate Body explained that standards could be recognized as ‘international standards’ when standards are approved by an international standardizing body, that is, ‘a body that has recognized activities in standardization and whose membership is open to the relevant bodies of at least all Members’.Footnote 111 The Appellate Body further explained that ‘the body's standardization activities are recognized, for example, if a large number of WTO Members participate in the development of the standard, and acknowledge the validity and legality of the standard’.Footnote 112 On this point, the Appellate Body was asked to address the 2000 TBT Committee's Decision on Principles for the Development of International Standards, Guides, and RecommendationsFootnote 113 when interpreting international bodies’ ‘open’ membership requirements and the concept of ‘recognized activities’ by international bodies. The Appellate Body admitted the TBT Committee Decision as a ‘subsequent agreement’ under the Vienna Convention, and stated that ‘this Decision will inform the interpretation and application of a term or provision of the TBT Agreement in a specific case’.Footnote 114
According to this Appellate Body's explanation, the ‘big four’ forums can be admitted as ‘recognized’ international standard-setting bodies for smart cities. However, the question remains as to why the TBT Agreement does not explicitly list these bodies. Again, the TBT Agreement merely defines an international body/system as ‘[b]ody or system whose membership is open to the relevant bodies of at least all Members’ (Annex 1.4). This is contrasted with the WTO's Agreement on the Application of Sanitary and Phytosanitary MeasuresFootnote 115 where names of three international standard-setting bodies (the so-called ‘three sister’ organizations, i.e. Codex Alimentarious Commission, International Office of Epizootics, and International Plant Protection Convention) are listed (Annex A.3). This (not listing the names of international standard-setting bodies in the TBT Agreement) is largely explained by the disagreement between the European Community and the US during the Uruguay Round negotiations.Footnote 116 The European Community strategically approached international bodies and attempted to influence their standard-setting processes (i.e., to shape standards to reflect European interests). In contrast, the multiple US domestic standard-setting bodies tended to focus on their internal work on national standards for US markets: they did not have much incentive to work with international standard-setting bodies. It is explained that such a different stance towards international bodies consequently led to different views on the specification of international bodies in the TBT Agreement during the Uruguay Round.
Even if international standards are developed by recognized international bodies, a question of ‘legitimacy’ of international standards still remains.Footnote 117 In the EC–Sardines case, the question was addressed as to whether only standards adopted by consensus in international bodies were treated as relevant international standards under the TBT Agreement.Footnote 118 The Appellate Body denied this view; thus, adoption by consensus is not required for recognition as an international standard in the WTO.Footnote 119 However, the Appellate Body's view was criticized by trade law scholarship. For instance, Howse argued that if their practices or procedures upon adopting international standards were never scrutinized by the WTO, it would mean that the authorities of international standards were automatically introduced into the WTO.Footnote 120 Relatedly, Scott argued that international standards’ development processes could be considered in reviewing ‘appropriateness’ (or ‘inappropriateness’) of international standards under Art. 2.4 of the TBT Agreement.Footnote 121 On this point, Delimatsis argues that ‘the principles set out in the TBT Committee decision are not sufficiently inclusive’, and proposes to include additional criteria ‘for a standard to be regarded as a genuinely international standard’, such as participation of stakeholders, voting rules, and scientific rigour.Footnote 122
Such scholarly debates indicate that the legitimacy question of international standards is still controversial, particularly in light of development processes. However, the current situation of international standards for smart cities is too complex to oversee the standard development processes. One advice for national standard-setting bodies is not to miss the chance to voice one's interests in the development processes of important international standards,which is a more practical approach than assessing legitimacy after adopting international standards. Moreover, in the face of the uncoordinated increase in standardization of smart cities, national bodies participating in international bodies can collect information on standard proposals submitted by foreign members across various standard-setting forums in a timely fashion and consider effective strategies to create meaningful competition. At the same time, it would be ideal to seek opportunities for coordination between different standardization proposals based on shared information and to attempt to reduce fragmented standardization activities for smart cities.Footnote 123
5. Smart Cities and Data Issues
Smart city initiatives are described as ‘data-driven’ urbanism.Footnote 124 While the smart city literature has already recognized how big data can transform cities and enhance smart city services,Footnote 125 the challenges posed by urban big data – security and privacy – have also been recognized.Footnote 126 Concerns over security and privacy related to big data and cities usually revolve around three general questions:Footnote 127 (i) who has access to the collected data and who can control the data, especially when outsourcing smart city services to firms; (ii) how do we ensure data security, particularly when creating systems to connect different data sources; and (iii) how do we secure privacy when data are used and shared by several actors. Particularly in the (i) context, the smart city literature points out that one of the controversies is to define who can decide ‘the purposes and means of data processing’ under a data-processing contract between a local government and a private company.Footnote 128 This is important because, in the smart city context, ‘it is likely that data is processed or even controlled by private companies that try to miximise its value’.Footnote 129
This section examines how digital trade regulation addresses data issues related to smart cities. On this point, it is again important to highlight regulation under the DEAs and this section focuses on the DEPA's regulation because of its wide scope and potential impacts. It is noticed that ‘its scope is wide, flexible and covering several emergent issues, such as those in the areas of AI and digital inclusion’.Footnote 130 Also, the DEPA's potential impacts on businesses are notable: ‘The DEPA responds [to business interests] by seeking to put in place rules and frameworks that create a more enabling digital environment overall’.Footnote 131 Such a DEPA's ‘business-oriented’ approach is backed up by Singapore's leadership in digital trade and is also parallel to Singapore's strong initiative in promoting ‘ASEAN Smart Cities Network’. Notably, China and Korea are showing interests in joining the DEPA; this seems rational when we recall that Korea and China are active players in supporting smart city development in ASEAN. It is already pointed out that ‘DEPA's “soft” approach to rulemaking and norm-setting has proved effective in an Asian context … ’Footnote 132
5.1 Issues Related to Smart Cities
This section looks at the following data issues in the DEPA: (1) data flows; (2) cyber security; (3) personal information protection; (4) emerging technologies; (5) data innovation; and (6) open government data. While the DEPA is regarded as the most innovative DEA, some provisions follow the paths of previous free trade agreements, e.g. the CPTPP. On this point, the following analysis also includes a comparative analysis among agreements.
First, in the smart city context, data will flow between public and private actors inside one country, and even go outside the country if private companies process data at their home countries. On this point, the DEPA recognizes the principle of no restrictions on cross-border data transfer except for being subject to legitimate public policy objectives.Footnote 133 Similarly, the DEPA prohibits the localization of computing facilities as a business condition in the territory, except when it is subject to legitimate public policy objectives, which is parallel to the CPTPP.Footnote 134
In terms of cyber security, the DEPA has relatively simple provisions, recognizing the importance of building the capabilities of national entities responsible for a computer security incident response and using existing collaboration mechanisms for cooperation.Footnote 135 On this point, the UK–Singapore DEA contains the most detailed cybersecurity provision and touches on IoT, stating that parties should recognize the importance of ‘establishing mutual recognition of a baseline security standard for consumer Internet of Things devices to raise overall cyber hygiene levels and better secure cyberspace domestically’.Footnote 136
Regarding personal information protection, the DEPA is written in more detail than the CPTPP and RCEP.Footnote 137 Like the CPTPP and RCEP, the DEPA basically requires parties ‘to adopt or maintain a legal framework that provides for the protection of the personal information of the users of electronic commerce and digital trade’.Footnote 138 In addition, the DEPA sets detailed principles underlying the legal framework, such as collection limitations, purpose specification, transparency, and accountability.Footnote 139 Moreover, there is a unique provision under the DEPA, promoting the use of ‘trustmarks’Footnote 140 – that is, the DEPA encourages parties to adopt ‘data protection trustmarks by businesses that would help verify conformance to personal data protection standards and best practices’.Footnote 141 Furthermore, there are relevant provisions promoting information exchange and sharing experiences on data protection trustmarks and efforts to mutually recognize the other parties' trustmarks as a valid mechanism.Footnote 142
Moreover, unique features of the DEPA can be found in the DEPA's novel provisions on emerging technologies and data innovation.Footnote 143 First, concerning emerging technologies, the provision for AI is important. The DEPA states, ‘The Parties shall endeavour to promote the adoption of ethical and governance frameworks that support the trusted, safe and responsible use of AI technologies’.Footnote 144 While it is an ‘endeavour’ provision, such an AI provision can influence countries engaging in smart city projects. A similar AI provision exists in the Australia–Singapore DEA: the provision also recognizes the importance of developing ethical governance framework but emphasizes cooperation among relevant parties. For instance, cooperation through ‘promoting and sustaining the responsible use and adoption of AI technologies by businesses and across the community’Footnote 145 seems to be more relevant to smart city projects. In addition, the UK–Singapore DEA contains an AI provision, which seems to be the most detailed among existing trade agreements and DEAs.Footnote 146 This provision addresses AI and other ‘emerging technologies’, including the IoT. The provision also emphasizes cooperation by ‘promoting collaboration between each Party's governmental and non-governmental entities across research, academia, and industry’,Footnote 147 which is also concerned with smart city development.
Second, the DEPA promotes data innovation, by stating that ‘innovation may be enhanced within the context of regulatory data sandboxes where data, including personal information, is shared amongst businesses in accordance with the Parties’ respective laws and regulations’.Footnote 148 Additionally, the DEPA provides, ‘The Parties shall endeavour to collaborate on data-sharing projects and mechanisms, and proof of concepts for new uses of data, including data sandboxes, to promote data-driven innovation’.Footnote 149 Such innovative provisions will be helpful for countries and companies participating in smart city projects because data sharing is an important data management aspect for developing and implementing smart services.
Finally, the DEPA includes the provision on ‘open government data’. Open data provision is important in the smart city context because it can promote transparency and accountability and strengthen public trust in city operations. While the CPTPP and RCEP do not include this provision, all five DEAs do. However, the DEPA's open government data provision is simpler than that of other DEAs, which facilitates access to government information and open data and promotes cooperation.Footnote 150 In contrast, other DEAs provide more detail, ensuring that ‘the information is appropriately anonymised, contains descriptive metadata and is in a machine readable and open format that allows it to be searched, retrieved, used, reused and redistributed’.Footnote 151
5.2 Going Beyond the Current Digital Trade Discourse
Overall, the data provisions above can provide certainty for smart city businesses abroad; however, a question that can arise from such issues is whether existing digital rules are sufficient to regulate/govern international smart city projects. Smart cities involve additional data concerns: for instance, it has been pointed out that ‘smart city security is inherently more difficult than securing individual smart objects, such as smartphones, IoT objects, and service platforms’ because the sum of vulnerabilities of these objects ‘increases smart city's attack surface’.Footnote 152 This leads us to question whether the DEPA's general cyber security provision is sufficient for ensuring security in smart cities.
Furthermore, collecting data from citizens and integrating data from different sources add more data complexity. Smart cities integrate and combine data from different sources on a data platform, which has not been the focus of attention in traditional digital trade discourse. Based on the smart city literature in urban planning and architecture, at least two considerations can inform future research agenda.
The first concerns accessible and open government data provision.Footnote 153 Data related to smart cities are not necessarily administrative and bureaucratic datasets collected by governments; they are often collected from citizens by private companies. Then, a question arises whether accessible and open government data include data collected/processed by private companies in addition to data maintained by governments. At this point, the purposes and means of data processing based on a data contract between a local government and a private company are relevant and necessarily affect the accessibility and openness of the data afterward. Moreover, we must consider data ‘anonymization’. As noted, the open government information provision under several DEAs requires ensuring appropriate ‘anonymization’ of the information; however, the scholarship discusses how the concept of anonymization (or de-identification) varies among different legal contexts.Footnote 154 Reflecting a variety of techniques for anonymization (or de-identification) and possible risks of re-identification, it is necessary to consider what is appropriate anonymization when releasing the information as open data to the public.Footnote 155 However, one difficulty in the smart city context lies in the fact that ‘[t]he more data is combined about a single person, the more easily that person can be re-identified’.Footnote 156
The second consideration relates to a smart city's public character and privacy issues.Footnote 157 In smart city projects, data can be collected through ‘connected cars’ and ‘wearable devices’, and data analysis can be conducted regarding driving patterns and health management. Simultaneously, data can be collected with a much wider scope via monitoring and surveillance devices (e.g., cameras, GPS, and sensors). Monitoring data (sometimes, real-time data) collected by such devices in public spaces is necessary for urban safety and environmental protection. However, the use of monitoring data raises privacy concerns. What should cities do if they ‘cannot notify citizens about a specific data collection in advance or at the time of collection’?Footnote 158 Occasionally, obtaining consent from all citizens regarding routine monitoring data is impractical. Thus, in the smart city context, there is always a tension between smart city surveillance in public spaces and privacy issues that is difficult to address. Additional rules for smart city governance may include, for instance, setting up an ethical review board inside governments and conducting a privacy impact assessment by governments,Footnote 159 which are not yet written into the current DEAs.
On this point, it is useful to look at how a soft-law agreement regulate data issues over smart cities. The ‘G20 Global Smart Cities Alliance’ activity is such an example. Currently, the World Economic Forum (i.e., the Centre for the Fourth Industrial Revolution, Japan) serves as a secretariat for the Global Smart Cities Alliance.Footnote 160 One important project undertaken by the Alliance was the development of global norms ‘for data collection and use, transparency and public trust, and best practices in smart city governance’.Footnote 161 The Alliance established five principles: (1) equity, inclusivity, and social impact; (2) security and resiliency; (3) privacy and transparency; (4) openness and interoperability, and (5) operational and financial sustainability.Footnote 162 Furthermore, the implementation of these five principles is supported by a ‘Policy Roadmap’Footnote 163 that encompasses detailed policy elements, such as ensuring open data and privacy impact assessment. For instance, the model policy for ‘open data’ addresses the need for ‘permission-based access’ for ‘sensitive data … where anonymization or deidentification is neither possible nor practical’.Footnote 164 The model policy for ‘privacy impact assessment’ provides details of ‘a consistent method for identifying, evaluating and addressing privacy risks’ in smart city projects.Footnote 165
Moreover, other forums consider data governance and smart cities. For example, the OECD is discussing concerns posed by data and smart cities, including ‘privacy risks’.Footnote 166 The EU is another example; the European Commission hosts a platform among relevant actors (e.g. cities, industries, investors, and researchers) named ‘The Smart Cities Marketplace’,Footnote 167 where ‘the Citizen's Control of Personal Data Initiative’Footnote 168 has been launched. Thus, the challenges posed by data regarding smart cities are discussed and regulated in many ways – by treaties or soft-law approaches, at the local, regional, and global levels.
6. Conclusion
Previously, smart cities were not a global concern; instead, they reflected the concerns of local governments, high-tech companies, and citizens. While privatization and digitalization by companies have been concerned with city governance,Footnote 169 it is not an international issue. However, smart cities are now receiving significant global attention because they are an important area of international cooperation that also generates business opportunities abroad, especially in the ASEAN context. Accordingly, this article considered how smart city projects can be situated in international trade law.
As discussed, smart cities involve long-standing trade law issues, such as the intersection between goods and services or international standard-setting complexities in the ICT sector. Simultaneously, smart cities are concerned with new digital trade issues. As big data and AI have become the focus of attention, smart cities are facing global ethical and responsibility issues. In other words, smart cities do encounter challenges similar to those posed by the digital economy in general, such as ‘social inequality; social control through public and private surveillance … national security threats and geopolitical rivalry; cyber security risks; and threats to personal privacy and dignity’.Footnote 170
Such questions related to data issues are not theoretical. Imagine future developments in the ‘ASEAN Smart Cities Network’. The ASEAN network envisages to ‘stimulate and catalyse greater collaboration and connectivity within and among ecosystems [of people, businesses and infrastructure] for a better world across ASEAN’.Footnote 171 Accordingly, data communication and sharing from multiple smart-city sources may occur among ASEAN smart city projects in the future, after a certain period of time of development and collaboration. After the COVID-19 pandemic, we can imagine that such data communication and sharing across countries are more likely in the context of regional disease outbreaks and urban safety management. Thus, central/local governments, high-tech companies, and citizens should recognize the importance of privacy and security issues in international smart city projects.Footnote 172 How these regulatory efforts actually affect smart city initiatives in Asia and other regions remains to be seen.Footnote 173
Acknowledgement
I am grateful to the referees and the WTR editor, Ching-Fu Lin, and Han-Wei Liu for their insightful comments. I would also like to thank participants in ‘International Law & Technology' talk series held in National Tsing Hua University, Taiwan, on 24 November 2023, and especially to Shin-Yi Peng, Ying-Jun Lin, and Huei-Ying Lucille Hsu for their helpful feedback. This study is partly conducted under the Project ‘Comprehensive Research on the Current International Trade/Investment System (V)’ led by the project leader Tsuyoshi Kawase at the Research Institute of Economy, Trade, and Industry (RIETI). I also benefitted from the discussion with the project members. An earlier version of this study (in Japanese) appeared as a discussion paper on the RIETI's website.