Big Data Regulatory Legislation: Security, Privacy and Smart City Governance

Dubai is a smart city: this cannot be contested. The city has labelled itself as a globally recognized successful smart city and it has set in place a vision and a strategy to achieve the goal to become a smart city and to keep this status. Therefore, to sustain its competiveness, the Government of Dubai is considering the massive, fast and diverse data moving quickly everywhere creating what is known as “Big Data” era. This data is becoming the most important source of valuable insights and ultimately helping to make more informed decisions. Despite the growing demand and hopes with the big data, legal and ethical issues related to accessing data remains the main challenge. Therefore, in 2017, Dubai has announced its new Big Data Regulations Act aiming at regulating the big data usage and access to improve policies for better quality of life. This comes as part of the Smart Dubai roadmap to prepare Dubai to embrace the future and emerge as a world-leading city by 2021. The new regulations aim at ensuring privacy, security and governance of the data. The paper will explore the new regulatory act, and evaluate how it sustains and develop comprehensive infrastructure for the big data era in Dubai to maintain the city’s vision.


Introduction
The United Nations predicts that 66 per cent of the world's population will be projected to urban cities by 2050, compared to 54 per cent in 2014 and 30 per cent in 1950. Moreover, Asia is home to 53 per cent of this urbanization (United Nations, 2014). This rapid shift in population distribution promotes social and economic transformation of cities around the world (Un.org, 2019), and has fundamental economic, social and environmental ramifications. For example, they are confronting growing poverty and highly vulnerable to climate change impacts and major environmental problems.
Challenges also are unique according to regional conditions. In the Arab region, for example, cities suffer from problems related to the lack of accountability and participation, excessive centralization in management and planning, weak role of civil society entities and migration as results of conflicts (UNDP, 2016). As a response to this projection and challenges, which are not likely to stop, metropolitan cities aims at improving their attractiveness and competitiveness with a focus on smart and sustainable solutions. So that, many new categories of cities, such as: sustainable cities, green cities, digital cities, smart cities, intelligent cities and others, have emerged. Moreover, new strategies and techniques of governance and operation of urban infrastructure and services were used to meet new requirements, especially which related to safety, traffic, economic growth, cultural issues, and communication.
The UAE has the highest population growth rate among the Arab countries (PKF, 2018). In Dubai context, the city population is also expected to keep expanding. Over the last century, it has expanded from a 10,000 desertdwelling in the early 1900, into over 2.7 million people nowadays. It also expected to welcome 45 million people by 2021. Nevertheless, population fast growth has serious impact on environment and climate (Baharash Architecture, 2019). Over the last few decades, this urban expansion is combined with rapid cultural and economic growth that also requires a stable development of the legal framework (Bomah, 2016).
To counter to the existing urban issues and raise the quality of its residents lives, Dubai Emirate, the economic capital of the UAE, relies on the integrated use of revolutionary technologies like smart solutions and big data analytics. Given that city is widely considered as a leading international hub and an attractive environment for doing business. It also enjoys a strategic location in the Middle East and works as one of the most important reexporting centers all over the world. It has 85 airlines and 120 shipping lines linking it with 130 destinations all over the world with no exchange controls, quotas or trade barriers (Smart Dubai Government, 2019). However, some consider Dubai orientation toward smart life as a necessity rather than a choice because of many reasons, such as it was ranked as one of the highest annual carbon dioxide emissions per capita (Baharash Architecture, 2019).
As a part in a plan ends by 2021, Sheikh Mohammed bin Rashid Al Maktoum, UAE Vice-President launched the Dubai smart city strategy in 2013. the city plans to open a vast array of data to public and private entities, as part of its efforts to become a smarter and more connected city. Individuals will have access to inventory of information which was previously hard to obtain. Also, it will accomplish its paperless government strategy, in which it is expected to save 25 million hour of work and 100 million document (including visa applications, bill payments and licenses renewable) that cost 1.5 billion dollar. It also plans to have robot corps, flying taxes and autonomous vehicles in its roads. (WAM, 2016). Additionally, Dubai's smart city strategy contains over 100 initiatives and aims at upgrading 1000 government services into smart ones. Also, it concentrates on three crucial issues: customer happiness, economic growth, and resource & infrastructure resilience (Smart Dubai Office, 2019). The city expects to gain 23 pillion USD over the coming decade after awarding the Expo 2020 that also expected to create nearly 277,000 jobs and annually increase of 1.5% to Dubai's GDP (PKF, 2018).
Data is a key for Dubai smart transformation and diversifying from fuel target. Dubai embraces smart governance strategy in which it introduces about 2,000 e-services and 50 smart ones using mobile applications (Abdel Hafez, 2017). The city's transformation agenda is expected to utilize innovative technology, digital tools and smart policies, with nearly $8 billion budget. It aims to transform government services into data-based smart solutions and embrace the infrastructure development in order to introduce modern services for citizens (Smart Dubai Office, 2019).
The projection towards a tech-driven environment that depends on digital innovations and open data has raised numerous concerns regarding privacy and security and other challenges. As a response, Dubai issues number of federal regulations including those relating to standards, tariffs, protection and intellectual property and so on (Mohammed, 2014). Dubai government also embraces many governance policies and regulations to improve the way individuals and entities interacting with modernization ramifications and smart life component. These policies were initiated to advance smart Dubai mission, it is also compliance with Dubai projection towards regulating smart life. According to the CEO of DDE Youes Al Nasser: "Policies are considered as the second important pillar as it guide to create a comprehensive data system and govern data usage" (Khamis, 2018).
Moreover, public sector in Dubai has a major role in providing the best policies. Dubai embraces a comprehensive data system that is made to govern data usage. Dubai Data Law is issued in October 2015 as part and percent of this regulatory system. It also includes number of provisions regarding data governance including classification, publishing, exchanging, using and reusing. It takes in consideration data protection and privacy concerns (Malek, 2018). Nevertheless, being a financial centre and most developed in the EAU, Dubai is a popular target to various types of cyber-crimes (Bomah, 2016). As a result, DESC helps public and semi-public entities to control and manage new threats in the cyber space and works at establishing data platform for information security (Wilkinson, 2018).
This paper provides a systematic review of the big data regulations that have described the public policies and their implementation. It also tackles the main public policies instruments for managing the big data and ensuring that it keeps its position as a smart city. The main public policy instruments for managing big data in Dubai and protecting privacy and security are discussed and briefly described, including public management and ownership of big data and regulatory approaches. In conclusion, the researcher ends with a discussion regarding the current public policies and recommendation for the potential regulatory issues. Datta (2015) refers to smart cities as the new urban utopias of the 21st century which marketed all over the world as a solution that integrated urban and digital planning. Whereas, smart city, according to Harrison and Donnelly (2011), is related to knowing what is going on in the city .e. g., norms of behavior, by using new, rich sources of information. Smart City innovations also provides governments with promising ways to achieve individuals' engagement and increasing their life quality (Smartcitygovt.com, 2018), as a result of talented utilization of information technology. Moreover, benefits gained from smart management are: controlling resources consumption, especially energy and water, best usage of infrastructure capacity, innovating new services, developing commercial organizations by operating real-time data in the city (Harrison and Donnelly, 2013). All in all, making a city "smart" rises as a strategy to confront the challenges resulted from the urban population growth and rapid urbanization. Moreover, the smart city leads to a substantial increase in data with several importance. Such enormous volumes of data or big data offer the potential for the city to obtain valuable insights and embracing scientific research from large volume of data collected through various sources (Abdel Hafez, 2017).

Big Data in "Smart City"
In Dubai context, to reach the smart status and become a leading global smart city, it has made great efforts to utilize big data and technological innovations in order to reshape the way residents and visitors alike experience the city. Governors plans, for example, to offer free internet connection all over the city using high bandwidth Wi-Fi networks, 5000 hotspots, high-speed fiber optic and 50 billion linked devices (Tanaza.com, 2019). Dubai hosts The Smart Dubai Summit which is the leading Big Data conference the Middle East (Expotrade, 2019). The government also embrace smart initiatives to upgrade six fields (Syeeda, 2016): (1) Smart Economy: more innovation and opportunity with new smart business initiatives and developing a data-driven economy. For example, financially providing startups with $545 million secured fund. (2) Smart Mobility and Infrastructure: establishing a unified platform that links all transportation system components. 21 meters are made to ease data collection. (4) Smart Environment: promoting citizens to buy zero emission electric cars, by distributing 100 green vehicle charging stations all over Dubai. (5) Smart Governance: regulating data in a way that improves collaboration between public and private sectors. (6) Smart Living: Dubai works at improving city connectedness to simplify living condition. It also has begun creating Smart Home and smart technology applications. So that, inhabitant can get benefit from them even while being in his home.
Various smart city's sectors are benefiting from big data innovations, for example, healthcare sector may have new organized healthcare records, increase preventive care services and ease patient treatment. Transportation sector can reduce accidents number and analyze road users' behavior (Abdel hafez, 2017). The table below clarifies big data utilization in smart life and its main benefits and challenges: All of these efforts reflected positively in Dubai's to be the only Arabic city that listed in the top 50 smart city governments in the world for 2018, it is ranked the 40th among 140 governments and preceding Paris city, according to the Eden Strategy Institute, a social innovation consulting firm (Smartcitygovt.com, 2018), and to be rated among fixed income investment cities by Moody's Investors Serviceawq (Smart Dubai Government, 2019). Also, Dubai ranked among the highest cities for quality of living across the Middle East and Africa, according to the Mercer's18th annual Quality of Living survey (Abdel hafez, 2017).

Regulating Dubai Big Data
Everything in our modern life is heavily regulated. Our houses components and construction, food ingredients, means of transportation, companies way of operating, educational institution plans, and health services procedures are all examples of regulated items in any modern country environment.
International Data Corporation predicts that by 2020, 32 billion will be responsible for creating about 44 trillion gigabytes of information in the market as they will be interconnected (Xpandretail, 2019). This flow of information is also combined with highly developed computing abilities and new algorithms. That means, generating near real-time analysis that push operational performance and create new insights. (Harrison and Donnelly, 2013). Another issue that needs to be considered is the open data monetizing, because it doesn't available always for free. Some entities consider their data as Intellectual Property. Telecom companies are a very obvious example as they own structured data (call data, geo-location data) and unstructured data (web browsing logs, social media posts... etc.) that generates high value when analyzed. In some contexts, this value is priceless, as telecom data was used to in a daily pattern predict the outbreaks of Ebola disease, so that to take defensive action to fight  (Durou, 2015).

Data Ownership and Management
The Dubai Data Law confirms that data relating to the Emirate are considered as "Dubai Data" and treated as an asset owned by the Government (Dubai Data Law, 2017). However, to manage information as an asset, Dubai Data have to depend on clear governance frameworks with accountability regarding data usage and exploitation (Dubai Data Establishment, 2016). On one hand, the government entities are supposed to play a vital role in maximizing the potential benefits from these big volume of information. They have to enhance the opportunities of using and reusing of data by manage data collection and retention for future utilization. Also, harmful contents have to be restricted (Castro, 2014). On the other hand, data ownership has to be respected. Data with commercial sensitivity or personal nature may be protected by intellectual property rights (IPR). So that government cannot claim ownership for such information. In other words, it is not allowed to distribute them as an open or shared data (Dubai Data Law, 2017). In February 2018, DDE launched the Dubai Data Policies to identify the way "Dubai Data" is used (Wilkinson, 2018).
Nevertheless, many public entities have been created to manage big data on a larger scale and coordinate the fragmented efforts of individuals, specialized governmental departments and private organizations.

Regulatory Legislations
Dubai efforts towards managing big data resulted to the evolution of many regulatory laws and legislations, that also to be applied on government entities, such as Dubai Data Law, Penal Code, Cybercrime Law, Telecommunications Law and Dubai Statistics Centre Law which are applied to both nationals and residents of the UAE (Dowle and Fox, 2018). This also includes new strategies, such as Cyber Security Strategy by DESC in 2016 (Dubai Electronic Security Center, 2017). In addition, governments always try to issue more effective or efficient policies, in order to get the best benefit from data and avoid information related problems such as: security and privacy issues.
The main regulatory legislation regarding Dubai Data is the Law No. (26) of 2015 -known as the Dubai Data Law-published at purpose of regulating data dissemination and exchange in the Emirate of Dubai (Dubai Data Establishment, 2016). Moreover, the regulatory manual and classification framework comes as a helping instruments that Dubai government used to manage and determine the way big data can be used by different entities and parties, and smart city applications. In more details, DDE published the Dubai Data Manual according to Article 6 of the Dubai Data Law. Also, it developed the Data Classification Framework which is required by Article 7 of the Dubai Data Law, for the purposes of categorizing Dubai Data as being either Open or Shared (as we are going to explain below).
In more details, Dubai Data Manual is defined as: "A document which includes a set of rules, standards, forms, and procedures regulating the dissemination, exchange, and protection of Dubai Data, and which must be used as a reference by Data Providers". Different entities are obliged to classify their Data in accordance to Dubai Data Manual which is empowered by Law No. (26) of 2015 (Dubai Data Establishment, 2016). The large available volume of data that spread among different entities made it very critical to establish a structured framework to collect, analyze and share the data (Durou, 2015). It identifies the ways in which government's entities have to deal with their data, in compliance with the government liabilities to develop user-centric and data-driven services (Dubai Electronic Security Center, 2017). As mentioned before, regulation as a public policy instrument has an obligatory and negative nature. Some Examples of negative penalties related to misuse of data, as listed in Dubai Penal Code, are (Dowle and Fox, 2018): -Article 378, (imprisonment of up to a year and/or a fine of up to AED10,000 for a person who reveals secrets of an individual). -Article 379, (imprisonment of up to a year and/or a fine of up to AED20,000 for a person entrusted with a secret).
-Article 379, Penal Code. (imprisonment of up to five years for an offender who is a public official or in charge of a public service).

Big Data Classification
For the purposes of classifying Dubai Data as being either Open or Shared, DDE developed the Dubai Data Classification Framework, as required by Article (7) of the Dubai Data Law (also embedded in Dubai Data Manual). It aims as categorizing datasets according to its priority/ regularity using many components, such as compliance with smart Dubai priorities (especially, Smart Economy and Smart Living) as mentioned in the Dubai Data Classification Framework (Smart Dubai, 2017). In addition, it takes in consideration the schedule of governmental priorities by embedding it in the policies and the Dubai Data Manual. Also, standards are designed to classify data into open or shared, and classify shared data into confidential, Sensitive, or Secret Data (Resolution No. (2) of 2017).
So that, to make data available via Dubai Data Platform, it is required to classify the data as (Wilkinson, 2018): (1) Open Data: data that can be openly available to individuals and organizations for use, reuse and sharing. Its characterized by being detached from copyright, patents, censorship or such restrictions that affects its availability and way of dissemination (Giest, 2017). Many of Big Data initiatives are related to the idea that (government) data should be placed in the public domain (van der Sloot and van Schendel, 2016). The Dubai Open Data Law with an integrated platform comes to regulate sharing of non-confidential information between government entities and the public (Syeeda, 2016) (2) Shared Data: owned or managed by government party and made available for sharing and reuse by other government party. According to Dubai Data Manual it is classified as confidential, sensitive or secret. (A) Confidential: sharing data is restricted among government entities, (B) Sensitive: it is shareable within certain groups and managed with strict controls (as it may cause major harm, e.g. a threat to life, to public or individual interest), (C) Secret: it is shareable in a limited way between certain individuals and subject to strict controls and regulation. Example of Dubai shared data is the confidential personal data (Dubai Data Establishment, 2016).
Worth mentioning that all the Middle East nations including GCC countries were in a long way to go on data sharing. In 2015, they were ranked below the 50th globally, according to Open Data Barometer (data.gov.sa., 2019). However, the UAE planned to develop its open data portals (Durou, 2015). Nowadays, the officials of DDE announces that Dubai is going to provide access to 100% of open and share data in its online portals (Expotrade , 2019).

Regulation Challenges
In big data regulatory policy instruments building, number of challenges increasingly arouses. So that, it is very important to eliminate or avoid the effects that made big data hard to be regulated. Challenges may resulted from the characteristic features of big data, security and privacy, integration and processing of Big Data (Abdel Hafez, 2017).
Firstly, Big data attributes conforms one of the biggest problems that stems from diverse nature of data coming from internal and external sources. It is widely described with its seven Vs which are: Volume: The massive volume of data generated from emails, social media, search engines, texts, audio and video ..etc and accumulates over time (Hochtl et al., 2017). Knowing that, stored data volume all over the world was about 800,000 PB in 2000 and it is predicted to increase to 35 ZB in 2020. Notably, about 10 TB produced daily by Facebook and 7 TB by Twitter, other companies make terabytes every single hour (Thabet and Soomro, 2015), Velocity: data speed that requires special technology infrastructure as it too hard to deal with. New technologies with traditional algorithms might not be able to cope with the complex nature of data (Hochtl et al., 2017) and its unprecedented speed which requires timely reaction (Ahmed, 2015). The current software applications capacity faces new challenge related to processing and analyzing data while in motion (Thabet and Soomro, 2015). Variety: data heterogeneity that resulted from its different origins, formats and types (Hochtl et al., 2017). According to specialists 80 to 90% of data in any organization is unstructured with significantly increasing pattern (Ahmed, 2015). Veracity: data precision and truthfulness. Inefficiency may stem from, untruths, uncertainty, and missing values. Also, it is considered by many as the biggest challenge of Big Data. Validity: data correctness and accuracy regarding the intended usage. Volatility: data validity period (retention period). Real-time data is more needed for beneficiaries (Thabet and Soomro, 2015). Value: the desired outcome of big data processing (Thabet and Soomro, 2015).
Secondly, security and privacy considerations acts as another challenge facing Big data regulatory approaches and hindering its usage in smart cities. Many considers that person's privacy may be violated by any entity that get access to it or by malicious application or software that could affect data travelling over the various types of network. Moreover, DDE focuses on increasing personal data security and privacy as a tool of enhancing Dubai economical potential. As a result, data security has to be regulated using public policy with convenient legal terms and conditions (Wilkinson, 2018;Expotrade, 2019).
Regarding the personal data, UAE has no General Federal data protection law as these applicable in Europe, and it has no single regulator. However, Article 21 of the Cybercrime Law forbid affecting individual's privacy and Dubai government establishes the E-security Authority in purpose of regulating information protection. 24 Moreover, constitution guarantees secrecy and corresponding freedom when using means of technology especially with regard to an individual's personal and family affairs (Woods, 2018). This helps in issuing individual general right to privacy, however such law is restricted to citizens who are nearly 12% of population. However, companies are required to ensure that their activities or under the scope of the data protection regulation, as it regulate the natural personal activities with regard to the processing of personal data and the free data movement (Dowle and Fox, 2018). Regulatory policies also adhere government entities to have previous consent to use personal or commercial information data, or to share it with other entities (Wilkinson, 2018).
Organizational and individuals' privacy is addressed in the Federal Law No. 1 of 2006 in which electronic transactions and commerce data security must be ensured and in Federal Law No. 3 1987 (the "Penal Code") that protects individuals from of their personal data disclosure. (Woods, 2018). In addition to UAE laws and regulations, many companies have to notice that they may fall within the scope of the European Union's General Data Protection Regulation (GDPR). So that, they have to ensure compliance among different laws requirements (Hadef & Partners, 2018).
Dubai government entities are required to conform to the new policies. Beside the liabilities and commitments of these entities, big data regulations affect the free zone authorities and private sector with indirect impact, especially with regard to the government contracting issues. Accordingly, suppliers and service providers have to cope with the new obligations (Wilkinson, 2018).

Discussion and Recommendations
A better understanding of issuing appropriate regulatory legislations is vital for governors and data beneficiaries. This literature review tackles number of idea: (1) Dubai great effort towards achieving its vision of being the smartest city in the world (2) Policy instruments utilization to improve the way citizens and residents experience the city; and (3) Dubai big data regulation and governance.
Over the last few years, the Emirate of Dubai has made great efforts to transform as a smart city and diverse its reliance on oil revenues. In doing so, it has made important updates to the legal frameworks and the investment and legal environment. Additionally, it benefited from many political instruments to ease its modern smart life and improve the way individual experience the city.
The paper tackles the expansion of urban development in Dubai, which necessitated a parallel development in the political, legislative, technological, investment and other areas. In addition, Dubai's technological capabilities and infrastructure enhances its readiness to achieve its vision to be the smartest city in the world. Also, the Government of Dubai recognize the power of big data as a key to smart transformation and investment diversification, as well as putting Dubai at a leading position as attractive destination for investment and trade worldwide.
Dubai has utilized political instruments in a systematic way for regulating classification, publishing, exchanging, using and reusing of big data, including a large number of laws related to data regulation like: Dubai Data Law, Dubai classification framework and Dubai data Manual. However, the orientation towards technological superiority and smart life has made it attractive to stakeholders and investors and, on the other hand, coveted by cybercriminals or data hackers. It is also notable that, by 2021, Dubai looks forward to make a huge amount of open data available to individuals and citizens use. Knowing that, it contains information that was not available before.
Regarding the regulating this big volume of data utilization and managing, the ownership of the data, the legal frameworks governing it, and the political instruments controls it are all points to be deeply and regularly discussed. The main concern is avoiding data misusing, breaching or destruction. New governmental entities were establishing to the same purpose.
To end with, data belonging to Dubai government according to DDL and revealing or accessing of personal financial data (including financial behavior, services details, customer analytics... etc.) of customers and stakeholders can affect the competitiveness and financial positions the banking sector. This raises the question of whether the legislations and laws governing the use of data comply with the requirements of the banking sector in Dubai regarding financial data, ownership rights, confidentiality and privacy of financial customers.