to know for a burglar. Is your refrigerator an old power guzzler? The local retailer of appliances is interested. Do you or the kids watch TV or play computer games all night? Did a boy-/ girlfriend move in and did you not tell your social worker? Do changes in the consumption during the day indicate that an elderly citizen is developing dementia? Cases for the social authorities. And supply data can be combined with data from other sources adding to the profiling. It is possible that Facebook still knows more about many of us than the utilities, but the introduction of smart meters, and the risk of unwanted profiling done by the utilities and their owners make privacy issues become a relevant consideration. DATA MINIMIZATION - ENOUGH IS ENOUGH Among the basic principles of data processing included in the regulation of personal data is a demand for data minimization. It is an expression of a proportionality perspective. In relation to the purpose, data collection must be sufficient, relevant and limited to what is necessary. How often is it really necessary to read utility meters? Supposedly, this depends on whether data collection is only for invoice purposes, or if the data will also be used for other purposes, including creating profiles of consumers. There are no clear limitations in the EU legislation on how the data may be used, nor any limitations on how often utility meters may be read. It depends on national legislation. And supply data has great value. It can deliver much more than the possibility of better (and cheaper) billing. Utilities can use the data to measure the network load, detect leaks and optimize both operation, energy utilization and investments. Authorities can get a contribution to energizing energy policy and energy planning. Naturally, we can expect from the national legislation that such use of supply data is stated as legal. But what about the above mentioned uses for control by the social authorities? Do we really want supply data to be used to that kind of control? SUPPLY DATA NETWORK MAY BE HACKED Utility meters can use very different communication channels, including the electric grid (Power Line Carrier, PLC), the telecommunication network or a specific wireless network including Wi-Fi. In Europe, smart meters typically have not been connected directly to the internet. Often subnets, based on a data concentrator connecting a number of smart meters, are used. However, it is not only the internet that can be hacked. All kind of electronic networks can be hacked. Through a smart meter. Through a data concentrator. Through the cables.
And supply data is personal data. For household consumption at least, data can be related to a specific person or family. In addition, they are tied to customer data such as name and address and meter identification number. The Article 29 Data Protection Working Party (WP29) considers in its Guidelines on the right to data that data “provided by the data subject” includes “the personal data that is observed from the activities of users such as raw data processed by a smart meter …” As of this May, new rules from the EU’s regulation of personal data (General Data Protection Regulation - GDPR) has come into effect. This must be understood in the context of four out of five Europeans not feeling that they have complete control over their own personal data. In fact, seven out of ten prefer to have given consent to the collection and processing of their personal data explicitly and in advance. This could speak for a tight regulation of the use of supply data. On the other hand, the EU expects that the internal digital market will contribute 415 million EUR to our economy and create hundreds of thousands of jobs. This speaks for not making it too difficult to exploit the collected supply data. A balance has to be found, and through some principles for processing and special rights, the regulation tries to establish this balance. Among other things, personal data must be collected for explicitly-mentioned and legitimate objectives and cannot be processed in a way that is incompatible with these objectives. The Energy Efficiency Directive from 2012 touches upon data privacy and security, and together with the above mentioned recast of the market directive for electricity data protection of privacy issues will come in focus. While GDPR creates the basic regulation of supply data, the market directives for electricity and natural gas would act as lex specialist towards the GDPR provisions. In contrast to the GDPR, energy markets are regulated by directives leaving more room for national legislation for the Member States. So far, we have no market directive for district heating as we have not much trans-border trade. SUPPLY DATA REVEAL WHO YOU ARE Previously, the utility meter was read once a year. Today, technology can read the meter as often as the utility wants, even at the (same) moment that you use the energy (real-time readings). Big data is created and with this it is possible to create a profile of the consumer - an individual or a family. This data may reveal information about consumption patterns, daily routines, activities and lifestyle. Actually, it can tell what a specific individual is doing right now. Is anybody home? Great
J O U R N A L N 0 . 3 / 2 0 1 8
Made with FlippingBook Ebook Creator