European Smart Grid has No Privacy Protection

The Smart Grid is watching you
The Smart Grid installs a meter in every home and business. It sends usage info back to the power company and other authorized third parties. But consumers will have no control over the data, and little or no ability to enforce privacy.

EU citizens might try to rely on the European Union Data Protection Directive. But enforcement is a sore issue for the EU DPD.

“Its an open secret that the framework is largely not enforced,” said a recent report for the Article 29 Working Party, a group of European regulators charged with enforcing the Data protection law. Implementation of the EU DPD is probably highest among US based multinationals, which implement strict compliance programs for risk management purposes and as part of overall corporate governance schemes.

To increase enforcement, mechanisms are needed to force cooperation among data protection authorities; incentivize individual enforcement by consumers and consumer organizations; and engage the media.

Peter Hustinx, the European Data Protection Supervisor, recently called for replacing the EU DPD with a regulation, European legislation with direct effect in Member States, to avoid the inevitable disharmony in transposition of a directive. While an appealing prospect, such a regulation would be excruciatingly difficult to negotiate and agree upon among 27 Member States.

“I am concerned about the privacy implications,: says the Ontario Information Commissioner (see Youtube clip)

Meanwhile, in the US, the Naperville City Council reaffirmed its commitment to Naperville utility customers’ privacy, security and right to choices through unanimous passage of the Naperville Smart Grid Initiative Customer Bill of Rights, a revolutionary document receiving national attention for its content. The Customer Bill of Rights ordinance can be viewed at https://bit.ly/gmQcVL.

The Customer Bill of Rights received national recognition, including from the U.S. Department of Energy, for its focus on customer rights. The document provides utility customers with an outline of their core rights to be informed, to privacy, to options and to data security. The final Customer Bill of Rights was developed based on customer feedback and input throughout the past seven months as well as current national and state guidelines and policies for smart grid projects.

“The City Council has tremendous foresight and recognizes that customers must have a say in the implementation of the smart grid in Naperville,” Community Relations Manager Nadja Lalvani said. “That includes a promise that their inherent rights as customers will be protected to the fullest extent. The Customer Bill of Rights, and its inclusion in our Municipal Code, puts weight behind that promise. While we are pleased the city continues to receive national recognition for this document, our primary goal has always been to ensure customer privacy and security first and foremost.”

In the future, the Customer Bill of Rights will serve as the policy shaping the Naperville Smart Grid Customer Privacy and Advocacy Plan and Customer Privacy and Advocacy Handbook. These documents, currently in development by city staff, will provide a roadmap for the city to uphold the rights affirmed in the Customer Bill of Rights. The Customer Privacy and Advocacy Handbook will be made available publicly so all utility customers can understand the additional privacy measures the city is taking to protect its customers’ personal data. It will also provide detailed direction to customers on how to file any privacy violation complaints and petition the Public Utilities Advisory Board for a resolution.

Issues of third-party access to smart grid data continue to be vigorously debated, despite broad agreement from regulators and stakeholders on best practices and guidelines. Issues for which consensus is proving hard to achieve include how consumers should authorize third-party access and how utility liability should be limited when utilities are required to disclose data to authorized third parties, said Doug Michael, a senior adviser with Department of Energy. Another challenge is establishing the applicable complaint procedures once third-party access has been authorized, and the specific data that utilities should be required to disclose to authorized third-parties, he said.

There’s no consensus on whether utilities could charge a fee for providing third-party access to consumer energy data, and whether authorized third-party service providers should be required to obtain further informed consent before disclosing such data, Michael said. State certification requirements for third parties also remained an open issue, he said.

Some states like Texas have even passed legislation regarding third-party access to smart grid data, panelists said. Smart grid data privacy and security is all about consumers, said Michael Brady, a Comcast vice president. Consumer education about the benefits of smart grid and the use of smart technologies will be of significant importance to the success of deployment, he said. States should carefully consider the conditions under which consumers can authorize third-party access, said Commissioner Paul Centolella of the Ohio Public Utilities Commission. The consensus is that authorized third parties should be required to protect the privacy and security of consumer data and use it only for the purpose of specified in the authorization, and that states should define the circumstance, conditions and data that utilities should disclose to third parties, Michael said. State commissions should also understand the limit of jurisdiction, he said. Collaborating is key, said Kenny Mercado, CenterPoint Energy senior vice president.

Whether a roaming agreement is needed is another issue, as consumer would be charged outside their utility areas more often, said Brent Struthers, a senior director with Neustar. The industry should plan for the worst, he said, noting providers can use privacy impact assessment tools to evaluate any potential privacy risks. It’s important to be patient, he said, saying smart grid deployment isn’t a process that can be rushed through. Struthers acknowledged that sometimes it’s difficult to get utilities and telecom companies involved.

3 Responses

  1. Very relevant post. I believe this is a huge aspect of consumer education as well as a role to be played by relevant hardware/technology that protects consumer data privacy. Consumers should be aware of the potential risks posed by Smart meter technology and should be given a forum to provide inputs to frame appropriate response( e.g. Naperville City Bill of Rights). At the same time parties responsible for deployment need to ensure they have built in mechanisms to handle any potential threats. Any short-cuts in deployment in the name of reduced costs will lead to serious consequences for consumers data.

  2. Interesting point of view. Only my point is that grid operator already have information. They make control of powermeter every once half year. Smart grid would give them information more frequently, nothing more (based on my opinion). Is it there significant diference?

  3. Great post. I do not know of now what to do about it. If I can I like to protest against this smart meeter stuff , but where and how to stop this. Especially here in Germany people are so used to this and see nothing wrong , like puppets is their behavior , not knowing and caring for little…Bothering if a frog mates , but overlooking important issues to pay attention to.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Join the global off-grid community

Register for a better experiencE on this site!