<![CDATA[This study examines policy directions for data protection and security in smart cities from a digital communication governance perspective by integrating regulatory frameworks, technological innovations, and communication-based governance mechanisms to address emerging digital risks. A systematic mapping study guided by the PRISMA protocol was conducted using the Scopus database, covering publications from 2015 to 2024 and employing a comprehensive search strategy on smart cities, data protection, privacy, cybersecurity, data governance, and Internet of Things security. The study applies two complementary approaches: bibliometric mapping using RStudio-Biblioshiny and CiteSpace to identify thematic clusters, keyword citation bursts, and topic evolution, and qualitative policy-oriented synthesis of high-impact and highly relevant studies to translate bibliometric patterns into actionable policy insights. The findings reveal three dominant conceptual domains: technology ecosystems (e.g., IoT, artificial intelligence, blockchain), privacy-enhancing techniques (e.g., federated learning, differential privacy, cryptography), and regulatory and governance frameworks (e.g., GDPR compliance, consent management, and fundamental rights). From a communication perspective, these domains are closely linked to processes of digital information exchange, risk communication, transparency, and citizen engagement within smart city systems. The results demonstrate that effective data protection in smart cities depends not only on strong synergy between technical safeguards and policy governance, but also on how data-related risks and policies are communicated, understood, and trusted by the public. This study proposes a multi-level policy framework linking regulatory instruments, privacy-enhancing technologies, and institutional governance mechanisms, complemented by communication-based approaches such as transparency, risk communication, and public engagement, operating across city, national, and cross-border levels. The study contributes to smart city governance and communication literature by offering an explicit and integrative policy model that supports adaptive, citizen-centered, and sustainable data protection strategies in the digital age.]]>
