Are smart meters smarter than we think?
Consumer profiling will track much more than energy consumption if not properly safeguarded, says the EDPS.
Last Friday, the European Data Protection Supervisor (EDPS) adopted its opinion on the Commission Recommendation on preparations for the roll-out of smart metering systems, which gives guidance to Member States to prepare for the roll-out of these systems.
Whilst the Europe-wide rollout of smart metering systems may bring significant benefits, it will also enable the collection of personal data, tracking what members of a household do within the privacy of their own homes. It could detect whether they are away on holiday or at work, if someone uses a specific medical device or a baby-monitor, and how they like to spend their free time. These patterns can be useful for analysing energy use for conservation purposes, but together with data from other sources, the potential for extensive data mining is very significant. Patterns and profiles could also be used for other purposes, including marketing, advertising and price discrimination by third parties.
In light of these risks, the EDPS welcomes the efforts by the Commission to provide guidance to Member States. In particular, the EDPS supports the plan to prepare a template for a data protection impact assessment and submit it to the Article 29 Data Protection Working Party for advice.
At the same time, the EDPS regrets that the Commission has not provided more specific, more comprehensive and practical guidance in the Recommendation. However, it considers that some guidance can still be given in the data protection impact assessment template. On 9 March 2012, the Commission adopted a Recommendation on preparations for the roll-out of smart metering systems. The rollout is foreseen by 2020, subject to an economic assessment of costs and benefits. This assessment is to be carried out by each Member State by 3 September 2012.
Giovanni Buttarelli, Assistant EDPS (pictured), says: "The EDPS calls on the Commission to assess whether further legislative action is necessary at EU level to ensure adequate protection of personal data for the roll-out of smart metering systems and pragmatic recommendations for such legislative action. Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament. These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches."
The EDPS recommends, among other things:
• More guidance on the legal basis of the processing and the choices available to data subjects, including on frequency of meter readings
• Mandatory application of privacy-enhancing technologies (PETs) and other ‘best available techniques’ for data minimisation
• More guidance on retention periods
• Direct access to consumers to their energy usage data, as well as disclosure to them of their individual profiles and the logic of any algorithms used for data mining and information on remote on/off functionality
Contact Details and Archive...
Related Articles...