Someday soon your home power meter will likely be tracking your electricity consumption very closely, graphing it over time, recommending the best time to run your utilities and more. Cities laced with Smart Grids, giant spiderwebs of wires connecting Smart Meters in our homes. We’ll get cost savings, rational planning, reduced environmental impact – maybe even a big app ecosystem built on top of our data. But what about privacy?
The European Union’s Working Party on Data Protection has issued five recommended requirements for the protection of personal privacy in a time of Smart Meters in the home (PDF). Below is what the group says needs to happen in order to gain the benefits of Smart Metering data while minimizing the risk and cost to personal privacy. What do you think?
From the Working Group’s report:
What’s a Smart Meter?
“Smart meters are installed in the homes of utility consumers, and are capable of two way communication. They inform consumers about the amount of energy they are consuming, and this information can also be sent to energy suppliers, and other nominated parties. The key feature of smart meters is that they provide the ability for these remote communications between the meter and authorised parties such as suppliers, network operators, and authorised third parties or energy service companies.”
In some European countries, specifically France to date, newly installed electrical systems are required to be Smart Meters. The Working Group says the scale of Smart Metering is going to be enormous: “it is projected that the vast majority of European citizens will have one installed in their homes before the end of this decade.”
The Working Group’s recommendations:
Electricity consumption data should be treated as Personal Information, because it can be traced back to an individual person. Europeans treat Personal Information very seriously, sometimes arguably at the expense of technological innovation.
Push-button consent: the Working Group recommends that Smart Meter providers develop easy buttons that consumers can push to grant or remove consent that their data be shared with anyone who seeks to offer them enhanced services.
The social good is not always the primary consideration. “The imperative to reduce energy consumption,” writes the Working Group, “although it might be a sensible public policy objective, does not override data subjects’ rights and interests in every case.”
Personal data collected should be kept to a minimum as required to fullfil services offered – and be deleted as soon as possible except in cases where the electricity consumer has requested services like annual comparisons of consumption.
Privacy by Design: “Security should also be designed in at the early stage as part of the architecture of the network rather than added on later.”
Privacy by Design in Smart Grid creation is a subject that data protection legal firm Hogan Lovells has written about before. (It was Hogan Lovells (via) from whom we discovered the EU Working Group’s recommendations discussed here.) The firm points out that legal policies regarding privacy and Smart Grids are being rolled out around the world and are complicated by the different legal frameworks through which clouds of data now pass.
“Getting data privacy ‘right’ is an economic and social imperative. Trust and confidence in the security and privacy of the critical systems of our planet – especially the digital version of its central nervous system, the Internet – is foundational to individuals’ continued engagement and reliance on such things as online commerce, e-health and smart grids. If individual consumers don’t feel that their privacy and security are protected, they will not support modernization efforts, even though the capabilities of technology advancements are proven and the potential benefits to society are extensive.”