There's been a fair bit of press recently on the privacy issues surrounding the UK's smart meter roll-out – currently in its foundation stage (figuring out how it's actually going to work) before the official start of the roll out in 2014 – some of it is balanced, some of it less so.
So, I figured I'd summarise it.
Firstly, it's worth pointing out that everything is up in the air. There's no law, no final decisions, just a large swathe of proposals that the Department for Energy and Climate Change (DECC) have put forward as consultation documents; if you have insomnia then the full range of proposals can be found here.
DECC's April 2012 Data access and privacy consultation document contains 96 pages of policy suggestions and requests for comment broken out into 4 main sections:
- Consumer access to data
- Supplier access to data
- Network operator access to data
- Third party access to data
- Allow suppliers to access monthly (or less granular) energy consumption data, without customer consent, for billing and for the purposes of fulfilling any statutory requirement or licence obligation;
- Allow suppliers to access daily (or less granular) energy consumption data for any purpose except marketing, with clear opportunity for the customer to opt out; and
- Require that suppliers must receive explicit (opt-in) consent from the customer in order to access half-hourly energy consumption data, or to use energy consumption data for marketing purposes.
It also adds a few exceptions:
- Allow suppliers to access daily energy consumption data on an ad hoc basis, without customer consent, where the supplier has reasonable suspicion that theft is being committed, or for the purposes of accurate billing (for example, at change of tenancy/change of supplier/change of tariff
events) and addressing customer queries;
- Allow suppliers to access half-hourly energy consumption data for use in approved trials, with clear opportunity for the consumer to opt out;
- For pre-payment customers, allow suppliers to access more regular readings as top-ups are made, provided this has been explained to the customer.
If you're skimming you can stop there, that's the main thrust, the rest of this article adds further detail chapter by chapter.
The important point in this chapter is that the Government proposes to:
impose tighter restrictions on the collection and use of energy consumption data than the Data Protection Act would on its own.
It goes on to state that:
Personal data are defined in the Data Protection Act as “…data which relate to a living individual who can be identified from those data, or from those data and other information
which is in the possession of, or is likely to come into the possession of, the data controller”.
The Government’s view is that energy consumption data from smart meters should be considered to be personal data for the purposes of the Act. This view is supported by the Information Commissioner’s Office and Opinion 12/2011 of the Article 29 European Data Protection Working Party
So there you have it. Our consumption data will be classed as personal data and be protected under existing data protection legislation with further protection under the licencing obligations that the suppliers, network operators and third parties will
also have to adhere to (more on that later).
Consumer access to data
DECC makes clear that they feel it is important for consumers to access their own consumption data to “reduce energy consumption and save money on bills”. They also state that:
Suppliers will be required to offer domestic customers an in-home display (IHD) on installation of a smart meter. This will enable domestic consumers to see information about their energy consumption displayed in near real time.
There will also be requirements designed to protect the security of the smart metering system including the IHD.
Amongst some general technical stipulations they also require that:
smart meters must be capable of storing 13 months’ worth of consumption data, at half-hourly consumption intervals. SMETS [Smart Metering Technical Specification] will also require that the smart metering equipment is capable of sharing consumer information across a secure communication link to a consumer display.
.. and that it is also important to ensure that:
when people move home, there are checks in place to prevent the new resident from accessing data about the previous resident, and that when people change supplier, the new supplier is not able to access data from the period before they became the registered supplier (unless the consumer gives the new supplier permission)
Supplier access to data
Suppliers are the consumer facing energy companies that bill us for the electricity (& gas) that we use.
There's not much to add from this section after that laid out in my introduction except for these sound bites taken from the Smart Meter rollout impact assessment which:
- assumes £236 million present value benefit up to 2030 from reduced theft
- estimates £820 million present value benefits from electricity demand shift due to the uptake of time-of-use tariffs
- assumes significant (over £1 billion present value) benefit from improved debt handling up to 2030
- assumes £4.4 billion present value domestic consumer benefits from energy saving – over a quarter of the total benefits expected from the domestic roll-out of smart meters
This also caught my eye (my emphasis):
Whilst the framework would allow suppliers to access daily energy consumption data assuming consumers did not opt out, views from stakeholders suggest that third party market participants (such as energy services companies providing energy efficiency diagnostics) are most interested in half-hourly or more granular data – for which explicit (opt-in) consent would be required by both suppliers and third parties
It's notable as it's the only place I could see in the entire 96 page document that hints at giving a consumer the opt-in ability to allow a third party access at a greater frequency.
There's then some mention of the role of the Data and Communications Company (DCC) which will be a heavily regulated “third party entity” that will adhere to a Smart Energy Code. Further discussion on how the DCC will be set-up is outside the scope of this article but there's plenty of excruciating detail here and here. In short it will control all access to smart metering data through a licencing system.
In this supplier access chapter, the key points in relation to the DCC were that:
[the DCC] will perform standard checks of parties wishing to access data from smart meters, including that they are signatories of the Smart Energy Code, and where appropriate, the registered supplier for the meter point in question. However, the DCC is not expected to play any pro-active role in determining what data suppliers can access. Instead, in submitting any access request to the DCC, suppliers would effectively be confirming (or ‘self-certifying’) to the DCC that they had the necessary permission to access the data, where this was required. Under the proposals set out above, rules about what data suppliers could access, under what conditions, would be set out in licence, and this would be regulated by Ofgem.
There will also be high-level obligations on the DCC to protect the physical integrity of the smart metering system and handle confidential information appropriately
Network operator access to data
Distribution Network Operators (DNO) are “companies licensed to distribute electricity in Great Britain by the Office of Gas and Electricity Markets” (Wikipedia).
They own the cables in the street and meters in our homes and lease the use of the network to licenced energy suppliers which are the companies that we get our bills from.
This short chapter states that the requirements of the DNOs in the context of access to smart metering data are different to those of suppliers. It states that DNOs (my emphasis):
- would want to be able to access half-hourly electricity and gas consumption data from all properties but that this could be aggregated to mitigate privacy concerns. Network operators might need half-hourly energy consumption data specific to each household in future, for example to manage cust
omers with electric vehicles or micro-generation, but this was not required at the current time.
- expect to be able to access other types of technical data – including data on “reactive energy” (i.e. power component of electrical energy), system quality (for example, voltage levels and loss of supply data), meter events (for example, physical tamper attempts and interferences) and meter configuration – but that this technical data does not show the customer’s energy consumption data.
There is a discussion over the licencing and regulatory framework for DNOs and;
To avoid having to revisit licence conditions, if and when plans for aggregation are approved, the Government considers it appropriate to set out in licence conditions now that, subject to those plans being approved, network operators could have access to half-hourly
As well as asking for feedback on the proposals and noting that aggregation technologies need further definition it sums up by saying:
The proposals described in this chapter would apply to energy consumption data accessed by network operators. However, as set out above, network operators may wish to access other technical data from smart meters (such as electricity quality or voltage readings) which does not show energy consumption data. It is proposed that technical data such as this would be outside the scope of the Government’s policy framework for data access and privacy. However, where such data constituted personal data according to the Data Protection Act, then the Data Protection Act would apply.
Third party access to data
Arguably the most important chapter in this document, it details how the term:
‘third party’ generally refers to non-licensed parties, such as energy services companies [ESCOs] and switching sites.
However, suppliers wishing to provide services to a customer for whom they are not currently the registered supplier (for example, for a tariff quote) should also be considered to be a ‘third party’. From a competition point of view, it will also be important for consumers to enable third parties to access data without the registered supplier’s involvement.
It then breaks things down under distinct headings.
Access direct from individuals
- If they have already accessed it themselves (through one of the routes described in Chapter 2) [Consumer access to data], consumers could send their own energy consumption data directly to third parties. For example, an individual could send their data to a third party in electronic format, having accessed it via the Home Area Network (HAN).
- Such arrangements would be governed by contract between the consumer and third party – for example, an individual would agree to terms and conditions when signing up for a particular service – and would be outwith the smart metering regulatory regime. Third parties would be bound by relevant legislation such as the Data Protection Act. The Government does not consider it necessary or appropriate to introduce any other specific measures in respect of these transactions.
- However, the Government is conscious that data captured via the HAN which is sent on to third parties could include more granular near real-time data, which could allow appliance-level use to be identified and which prompts the greatest privacy concerns. Whilst consumers would explicitly have to agree to the collection of this information (for example, they would need to acquire an additional device to enable this), it is important that consumers are clear about what is involved. The Government is therefore discussing this issue with manufacturers of relevant devices to encourage good practice.
Consumers may also wish to give third parties consent to access their data remotely, via the Data and Communications Company (DCC), once it is available – for example, if they are unable, or do not wish, to access their own data themselves. Whether the DCC is used will also depend on whether the third party offers its service on this basis. In practice, the consumer would not need to know about the DCC’s role: the consumer would simply be giving the third party permission to access data remotely.
Once it is established, the DCC will perform standard checks of third parties seeking to access data from smart meters, including that such parties are signatories of the Smart Energy Code. However, the DCC is not expected to play any pro-active role in determining what data third parties can access.
- The Government’s view is that in order to provide appropriate protection to consumers, third parties should have to take steps to verify that the request for third party services has in fact come from the individual living in the premises in question (and not from someone else purporting to be that person). Such verification checks are commonplace in other sectors, such as online banking. Ideally, the third party should be able to verify that the request came from the named party on the contract, but balancing risk and practicality, the Government has worked on the basis that checking it is someone in the household (i.e. someone who has access to the meter point) is a good enough proxy.
- This issue does not apply to suppliers acting on behalf of their own customers because suppliers will already have their own means of verifying that the customer is who they say they are, and the DCC will check that the supplier is the registered supplier for the meter point in question. However, it would apply to suppliers acting on behalf of consumers for whom they were not currently the registered supplier.
- Verification of the individual could be carried out in a number of ways. The Government has for some time been discussing a particular approach – the Customer Identification Number (CIN) model – with stakeholders. On receipt of the request for data access from a third party, the DCC would generate a four-digit CIN and send it to the consumer’s meter (and possibly also in-home display (IHD)). The consumer would send this CIN on to the third party (for example, via entering it on a website), who in turn would send it back to the DCC.
Once the loop had been completed, the DCC could grant access to the third party. Capability to display a CIN is being built into the Smart Metering Equipment Technical Specifications (SMETS), on a contingency basis.
the Government therefore proposes that third parties should be required in the Smart Energy Code to confirm (or ‘self-certify’) that they had obtained the necessary consent properly from the consumer. If this approach were adopted, then there may need to be some retrospective audit to check that consents were being obtained properly
This seemed sensible:
It will be important to ensure that consumers remain aware of decisions they may have made previously about who can access their data, for which purposes, where that data is being accessed on an ongoing basis. The Government therefore proposes to require third parties to provide annual reminders to consumers about the data that they are accessing, and how consumers can change the arrangements if they wish to.
As did this:
The Government will consider in due course the potential need for more stringent arrangements and checks if third parties wished to offer load control services (for example, remotely turning appliances on and off). At this stage, and until that further work is complete, third parties would not be able to offer load control services via the DCC.
The last paragraph of this chapter definitely warrants a mention:
Smart meter data potentially offers more detailed information about energy usage than had previously been available, and this may lead to increased requests for access to personal data from law enforcement agencies (such as the police). Data controllers should ensure they have procedures in place to deal with such requests and ensure appropriate safeguards are established before disclosure of data. Data controllers should take care to verify that the request is from an appropriate authority and be satisfied that the disclosure of the data is necessary for the purposes of crime prevention or detection, or the apprehension or prosecution of offenders.
Awoogah! No request for comments after it, like so many others within the document. It is written as a given and with no details as to what particular 'procedures' should be in place. As I read this the DCC can arbitrarily decide that disclosure is necessary with no stipulation as to exactly what the severity of the crime being investigated (or pre-empted) might be. This is a pretty suspect statement. Where's the detail? At best this is DECC oversight, a pretty massive one given the title of the document. We've already had big brother related headlines and this doesn't exactly go out of its way to alleviate those concerns.
Finally, the last chapter is short and covers the non-domestic sector which I've chosen to skim over for the sake of brevity.
Overall it seems pretty well thought out document but it's hard to ignore that last paragraph and how wide that law enforcement catch-all is.
So, things to keep an eye on (as it is to late to comment on this round of consultation) are:
- supplier/third party self-certification of permissive rights to data
- DNO access, exactly what they will get and how will the aggregation functions work
- could the police use the DCC data arbitrarily?
Hopefully this provides some clarity on the situation. It helped me if nothing else.