"The Europe-wide rollout of smart metering systems may bring significant benefits, but also entails considerable risks to the protection of personal data," the European data protection supervisor (EDPS) warned in June.
In the conclusion of his formal opinion on EU plans, the EDPS added that "it enables massive collection of personal data from European households and may lead to tracking what members of a household do within the privacy of their own homes."
The implementation of smart meters is widely seen as an essential pre-requisite of smart grids – the next step in the evolution of power networks, which will allow the supply of electricity to be planned more effectively and economically.
Enabling ‘demand response’ and dynamic, time-of-use pricing structures to become a reality, smart meters open the way to integrating the growing contribution of renewable energy sources, and herald the arrival of smart devices – such as washing machines – which will turn themselves on when power is cheapest.
As a result, proponents argue, consumers will reap the rewards in terms of greater energy awareness and lower bills. Critics, however, contend that the significant threat to privacy inherent in the new technology is simply too high a price to pay, and that consumer profiling will track much more than energy consumption, at least unless countries heed the call from the independent EDPS watchdog for proper safeguards.
Unprecedented granularity: data protection concerns
The crux of the matter, it seems, lies in the frequency of measurement and the granularity of the data collected.
Taking readings every 15 or 30 minutes, smart meters make it possible to obtain very fine grained and detailed energy consumption data, and with that kind of granularity, those with access to the data can know when an individual appliance is switched on, or off.
It could also potentially enable the specific appliance itself to be identified, while such detailed breakdown of energy usage over time could help demonstrate clear patterns of household behaviour. All this is a far cry, opponents argue, from the simple, traditional model of annual ‘official’ meter readings, with self-reported data provided in the interim.
The EDPS raises a number of security, privacy and data protection concerns, ranging from the potential use of data by burglars to predict when a house will be unoccupied, and the commercial value of the highly detailed personal profiles generated, to the possibility that an individual’s state of health could be inferred from the known use of particular medical devices. Despite the apparent Orwellian overtones, not everyone sees this as a sign that Big Brother has finally arrived.
Smart meter data collection – an overblown concern?
"We believe this is seriously overblown," says Varun Nagaraj, senior vice president, Product Management and Marketing at smart meter manufacturer, Echelon.
"Given what Google and all the other on-line companies know about individuals and their habits, it is ridiculous that we are spending cycles debating whether a customer’s privacy is compromised because a utility could look at a consumer’s energy usage pattern at a 15 minute granularity and then create a detailed profile about that consumer."
He argues that although it is previously unprecedented within the energy sector, it is far from a unique position in the modern world. "Let’s not forget that credit card companies know a consumer’s spending profile or healthcare companies know a person’s medical history," he says. "And Google knows what you are doing at a very granular level. Let’s not lose perspective."
For Anna Fielder of Privacy International, the comparison is not quite so straightforward. "Two wrongs don’t make a right," she says, "and in any case you can always choose not to use Google, or a particular credit card. The rules of the game are completely different with smart meters."
Fielder says that it is all about proportionality – the data collected should be reasonable for the legitimate needs for energy supply, planning and proper network management, but no more, and given the potential commercial value of such data, she believes consumers must have a say in how it is used.
Moreover, in the absence of time-of-use tariffs, at least at the moment, she questions the whole idea of very frequent sampling. "Data collected every half hour? Why?"
Appropriate regulation of smart metering devices
One area where there is broad agreement is the need to implement an appropriate framework of regulation. "The smart grid industry is working with consumer groups and stakeholders to ensure that smart meters are secure and the personal data is protected," explains Michael John, solution manager at metering specialists Elster.
"All stakeholders, including official EU mandated expert groups and institutions like the European Smart Metering Industry Group (ESMIG), view the protection of personal data as a top priority."
Nagaraj believes there are plenty of existing examples to draw on. "This issue of data privacy or permissions has been implemented in so many industries using clear policies. It is not difficult to just take a page from one of those playbooks." He suggests that one simple approach to regulation might be to specify what a utility can, or cannot, do with granular usage data.
"For example, let’s say the utility is able to use signature-based approaches to deduce that the refrigerator in your house is old and inefficient. Pass a regulation that the utility cannot provide that data to an appliance manufacturer without your explicit permission."
EDPS recommendations for smart grids
John points out that the European Commission Smart Grids Task Force Expert Group 2 is currently working on a data protection impact assessment for smart grids and smart meters – something which the EDPS’s document addresses in a number of targeted recommendations for possible legislation.
It argues that the inclusion of a mandatory requirement for such impact assessments and an obligation to notify personal data breaches should form the very minimum requirements.
Among other things, the EDPS also calls for the mandatory application of privacy-enhancing technologies and other ‘best available techniques’ for data minimisation, greater guidance on data retention periods and the choices available to data subjects, including the frequency of meter readings, together with transparent access to their energy usage and individual profiles.
It is a position that Fielder supports. "Privacy International agree with the European Data Protection Supervisor," she says. "Beyond collecting what is necessary for billing and the proper running of the network, companies should be seeking specific informed consent."
Since successive generations increasingly accept routine data sharing at a level that their parents would have found overly intrusive, some observers believe privacy will quickly cease to be an issue, particularly if smart meters do live up to their promise.
Even so, with the next envisioned wave of smart technology including meter-less solutions, where appliances and loads themselves communicate directly with the smart grid, the concern may not end there.
Power theft is a major issue in Latin America where illegal hook ups and black market siphoning costs economies billions each year. Brazil, however, may have found the answer through the establishment of a smart grid system based on meticulous metering.
Across the globe, power companies and local communities are coming together to implement mini smart grids, as a demonstration of how smart technologies could revolutionise our future energy networks.