Jusletter IT

The EU internal market in electricity aims at,inter alia , achieving efficiency gains, competitive prices, higher standards of service and security of supply. For these reasons, the Electricity Internal Market Directive,¹ a part of the Third Energy Legislative Package (2009),² encourages a long-term modernisation of electrical grids in Europe. The European Commission considers a roll-out of a regulatory framework for the next-generation electricity distribution networks (the so-called smart grids). The advanced metering infrastructures are considered the first step towards smart grids. The Directorate-General for Energy currently seeks the experts’ opinion.³ Regulatory initiatives are expected to follow in the coming years.

Put simply, electrical grids are «smart» if they – being deeply integrated by digital technologies (ICT) – apply sensing, measurement and control devices with two-way communications to electricity production, transmission, distribution and consumption. This makes possible to dynamically respond to changes in grid’s condition. Smart grids promise to increase efficiency, optimise supply and demand, reduce energy losses, minimise the risk of energy theft, integrate renewable generation sources (e.g. wind) and raise customer awareness of energy usage and costs, among others. If a consumer herself produces electricity (e.g. solar panel), smart grid will allow her to sell this energy to the grid. For these reasons, smart grids caught attention of a number of governments around the world, including the EU (e.g. the UK, the Netherlands and Italy) and the US.

One of the most important components of smart grids are the advanced metering infrastructures (AMI, colloquially: smart meters), which keep track of all electricity flowing in the system. They are also capable of real-time digital communication between consumer and network operator(s). These new meters are to replace the electromechanical meters that are commonly used nowadays. Although the exact scope of their functionalities depends on a particular electrical grid, there is no doubt about the metering capacity raising an important number of privacy and data protection questions. (In other words, there are many smart grid «options» and the precise answer will always depend on a particular solution.) These have recently caught attention not only of legal scholars, but also of the European Data Protection Supervisor (EDPS)⁴ and the Art. 29 Working Party (an EU advisory body on privacy protection). The main issues in this regard are: (1) whether smart metering violates the right to privacy and the right to data protection, (2) whether this interference can be justified, and (3) how to ensure observance of these rights within smart metering?

This paper will address these questions limiting itself to the EU perspective and the EU regulatory framework. It is meant to be an exploratory paper rather than an exhaustive one resolving all outstanding issues. After overviewing the EU legislative framework for privacy and data protection, we address whether and how smart metering could interfere with these rights. We eventually conclude each our concern with a few questions for further consideration.

The safeguard of the right to privacy and the right to data protection at the European level is based on two systems, yet overlapping.⁵ The first one (i.e. the Council of Europe) is based on the Art. 8 of the European Convention on Human Rights (ECHR) and certain sector-specific instruments, namely the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (No. 108) with an additional protocol (No. 181). The ECHR establishes the European Court of Human Rights (ECtHR) in Strasbourg. While the ECHR itself is silent about protection of personal data, the Court has interpreted it from the right to privacy.

The other (i.e. the EU) is based on its Treaties, the Charter of the Fundamental Rights (CFR) and the secondary legislation, namely the Directives. Art. 16 (ex Art. 286) of Treaty on the Functioning of the European Union (TFEU) and Art. 39 of Treaty on the European Union (TEU) both recognise the right to data protection. Art. 7 of the Charter provides the right to respect for private and family life and its Art. 8 provides for the protection of personal data. The Court of Justice of the EU in Luxembourg ensures the uniform application of the EU law.

The EU secondary legislation consists of three «basic» instruments: the Data Protection Directive (95/46/EC),⁶ the ePrivacy Directive (2002/58/EC),⁷ as amended by Directives: 2006/24/EC and 2009/136/EC,⁸ and the Data Retention Directive (2006/24/EC).⁹ The «specific» instruments consist of the Council Framework Decision 2008/977/JHA¹⁰ (dealing with data protection with regard to criminal matters, i.e. former 3rd pillar) and the Regulation 45/2001¹¹ (lying down data protection rules for the EU institutions and bodies). In 2010 the European Commission launched the revision process of these instruments.¹²

The content of the right to privacy can be securely derived from the pertinent case law of the ECtHR. It has ruled that Art. 8(1) of ECHR – with its four components: private life, family life, home and correspondence – can cover a wide range of issues, such as integrity, access to information and public documents, secrecy of correspondence and communication, protection of the domicile, protection of personal data, wiretapping, gender, health, identity (i.e. a right to have some control over identity markers such as one’s name), sexual orientation, protection against environmental nuisances and so on. This list is non-exhaustive.

Smart metering, by collecting and processing data on all electricity flows within the grid, is capable of contributing to ubiquitous surveillance of the energy consumers by collection of facts and details arising from consumption of electricity (cf. profiling). Depending on the actual technical design of a particular electricity grid, smart metering can have a profound negative impact on privacy. That is why precise criteria are needed to regulate it.

Art. 8(2) of the ECHR¹³ specifies the criteria permitting legitimate interference with the right to privacy and other rights included in its Art. 8(1). Any limitation on the exercise of these rights must be: (1) prescribed by law (criterion of legality), (2) necessary in democratic society (necessity), and (3) serve at least one of the certain public interests: «national security, public safety or the economic well-being of the country, ... prevention of disorder or crime, ... protection of health or morals, ... protection of the rights and freedoms of others » (legitimacy). Furthermore, any interference must be proportionate to the legitimate aim pursued and it must correspond to a pressing social need (proportionality). Some methods to assess lack of proportionality include manifest disproportionality or existence of an alternative and less intrusive solution.

While it is quite easy to enact the smart grids legal framework (i.e. to fulfil the criterion of legality), it is much more difficult to assess whether its interference with privacy can be justified (i.e. necessity, legitimacy and proportionality). Does the smart metering contribute to the «economic well-being of the country »? Does it contribute to energy efficiency and a more competitive energy market? Is this interference proportionate to the aim pursued? Are there any less invasive alternatives? Is there a good «proportional» reason to send detailed metering data outside the consumer’s home? Why allowing third parties to look at metering data if smart grids are presented as predominantly consumer-friendly and consumer-serving? Answering these questions depend on the functionalities chosen by the smart grids operators. Imposing a system that is said to be supportive of the interest of the consumer, while integrating it with functionalities that cannot be controlled by the consumer and serve third parties interest, is a straightforward challenge to the right of privacy.

While privacy builds a shield around individual, creating a zone of autonomy and liberty, data protection puts the activity of the processor in a spotlight, gives the individual subjective rights to control the processing of her personal data and enforces accountability of the controller and processor.

The compatibility of smart grids with the EU data protection regulatory framework has to be examined. Put very simply, this framework is based on the principles of fairness, lawfulness, minimisation, quality, legality and security. It is apparent that smart metering interferes with these values.

Firstly, it must be clear what data processed for smart metering are the personal data and thus whether the EU data protection framework apply. Smart metering collects two main types of data. The first one is the «personal data» within the meaning of Art. 2(a):¹⁴ «any information relating to an identified or identifiable natural person » (i.e. the data subject). An identifiable person is «one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity .» Examples for personal data include identification data and the metering data necessary for billing. The second type is the «technical data,» i.e. those gathered from metering, distribution or transmission in order to allow the distributors to assess the performance of the grid. Such data do not contain reference to homes, households nor individual consumer. Examples for technical data include measured values like voltage. The collection of technical data could be based either on the so-called aggregated data, e.g. street or building-related data that could not (and do not need to) be retraced to the individual consumer, or anonymous data in case the data are retrieved from an individual connection point/device. Technical data are not covered by the EU data protection framework. However, the classification of certain types of data into these two categories can be quite problematic. Whether any information derived from energy measurement can be considered as the personal data? How to protect against de-aggregation of data?

Secondly, there are various actors within smart grids, e.g. a range of grid operators (transmission system operators (TSO) and distribution system operators (DSO)) or energy producers. Hence the distinction between the data controller (i.e. one who determines the purposes and means of the processing of personal data) and the data processor (i.e. one who processes personal data on behalf of the controller) might be blurred (cf. Art. 2(c)-(e)). It also hampers a number of the data subject’s rights (seeinfra ). Is it possible to clearly distinct the roles and responsibilities of these two types of entities within smart grids in order to qualify them as controllers and processors? Whether any other concept (e.g. «joint control») can be applied and why?

Thirdly, one of the main values of the EU data protection framework is the principle of data minimisation. In other words, the personal data can be collected and processed only for specific, explicitly defined and legitimate purposes. They must be adequate, relevant and not excessive in relation to the purpose of their collection. The data cannot be further processed in a way incompatible with those purposes (Art. 6). Observance of this principle is the responsibility of the controller. In smart metering, the network operators might be interested in collection of much more personal data than it is relevant from the consumer perspective. These operators aim at increasing efficiency of the grid. They would like to offer added value services on a commercial basis, often in co-operation with third parties. Hence it is necessary to list exactly what personal data can be collected for the purposes of smart metering. Put simply, «how much» personal data is strictly necessary for smart metering? What for these data will be used? Whether any personal data gathered with regard to smart metering can be further processed? If so, what data precisely and for what purposes?

Fourthly, the personal data can be retained only for as long as it is necessary to fulfil the purposes of their collection (Art. 6(1)(c)). Thus the length of the retention period matters for smart metering. The consumer is interested in her personal data retention mainly for billing purposes and the possibility for legally challenging the electricity bill,¹⁵ if something goes wrong. The grid operators might need these data for more purposes, including statistics and analysis in order to improve their networks’ efficiency. (Albeit most of such data are rather of a technical nature, one cannot preclude usage of personal data for these purposes.) Not surprisingly, law enforcement might also be interested in accessing them. What data retention period is optimal? Who bears the costs of retention? Who, apart from the data subject, and in what circumstances, can access these data?

(The application of the Data Retention Directive for smart metering must be assessed separately, as it applies only for provision of publicly available electronic communications services or of public communications networks. However, such networks could be used for two-way communication within smart grids.)

Fifthly, the current framework empowers the data subject with certain rights concerning their personal data, e.g. the right to access them, to rectify any wrong or incomplete information or to object their processing on a legitimate basis (Arts. 12 and 14). With a certain lack of clarity who processes what types of data within smart metering, the consumer might have some difficulties in exercising these rights. How to strengthen their rights within smart grids? Should the consumer be empowered with certain new rights specific only for smart grids (smart metering)? What are these rights?

Sixthly, the Data Protection Directive provides a number of legal bases for processing personal data. From the point of view of smart metering, the relevant ones are: unambiguous consent of the data subject (Art. 7(a)) and performance of a contract to which the data subject is a party (Art. 7(b)). In case smart metering is compulsory, the data subject will not be able to freely give such consent. On the other hand, whether the consent once given for smart metering can be withdrawn? Would this be possible at any time? If so, does it mean the «classical» electricity meter would come back to the household at issue?

Seventhly, the Data Protection Directive requires the confidentiality (Art. 16) and security (Art. 17) of processing personal data. In addition, the controller must notify the supervisory authority before carrying out any processing operation (Art. 18). In 2009 the ePrivacy Directive was amended to include the data breach notification. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the controller must notify this to competent national authority and – in certain circumstances – to the data subjects involved (effective from May 11, 2011). How to ensure the secure and confidential processing of personal data within smart grids? Should the data breach notification be applied also to smart grids? (The clear definition who is the controller/processor plays a vital role here.)

In addition, it is worth to mention briefly the possible application of the ePrivacy Directive in case when electronic communications services are used for data processing within smart metering. This Directive introduces the concepts of traffic and location data (Art. 2(b)-(c)) and it provides for certain safeguards for the data subjects. The traffic data (i.e. data processed for the purpose of the conveyance of a communication) must be erased or made anonymous when they are no longer needed for the purpose of the transmission of the communication (Art. 5(1)). Processing of such data is permissible only up to the end of the period during which the bill may lawfully be challenged or payment pursued (Art. 5(2)).

The location data (i.e. data indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service) may only be processed when they are made anonymous, or with the consent of the users (subscribers) to the extent and for the duration necessary for the provision of a value added service. The data subject has a right to object the processing of location data other than traffic data at any time (Art. 9(1)).

The list of these challenges has not been exhausted in this paper.

In our research we have the following objectives: to identify the privacy and data protection challenges with regard to smart metering (smart grids), to answer whether smart metering is consistent with the current EU regulatory framework for privacy and data protection, and – finally – to discuss how to fit smart metering into this framework in order to safeguard these rights. This paper contributes mainly to the first objective and paves the way for further research.

Firstly, we have found that smart metering, depending on its actual architecture, can have a profound negative impact on privacy. It might be difficult to justify its interference with the right to privacy and whether such interference can satisfy the criteria of necessity, legality and proportionality.

Secondly, smart metering raises a number of data protection issues, namely (1) classification of data processed within smart metering as personal or technical data, (2) distinction between the data processors and controllers, (3) application of the data minimisation principle, (4) length of data retention period, (5) scope and exercise of the data subject’s rights, (6) consent for processing, and (7) security and confidentiality of data processing. However, exact answers to these questions highly depend on the technical design of a given smart grid.

As a tentative conclusion, each smart metering solution requires the assessment whether its interference with the right to privacy fulfils the criteria of necessity and legality and whether it is proportionate to the aim pursued. In addition, smart meters need to respect the general data protection principles. These proved to be sufficiently clear and satisfactory, but - with regard to smart metering - there is a need for tailoring them down to a more concrete regulatory level. Whether this needs to be done at the EU level or at the level of the Member States, either by soft or hard law, needs to be looked at in further research.

---

Paul de Hert, Dariusz Kloza, Vrije Universiteit Brussel – Research Group on Law, Science, Technology and Society (LSTS), Pleinlaan 2, 1050 Brussels, BE
paul.de.hert@vub.ac.be ;dariusz.kloza@interia.pl ;www.vub.ac.be/LSTS/

In this paper we have included some observations of Ms. Colette Cuijpers, Mr. Bram Reinders and members of the Expert Group 2 (Regulatory Recommendations for Data Safety, Data Handling and Data Protection) of the Task Force Smart Grids (seeinfra ). Needless to say, usual disclaimer apply.

---