On September 21, 2010 Hogan Lovells privacy partners Marco Berliri and Winston Maxwell briefed the Italian smart metering consortium E-Cube on the practical aspects of privacy by design. The seminar commenced by a presentation of the E-Cube project by Telecom Italia Director of Public Policy, Lorenzo Pupillo. The e-Cube project involves leading Italian industrial companies and universities in Italy, and is funded by the Italian government. A full presentation of the e-Cube project can be found in Dr Pupillo’s paper here.
Seven pillars of privacy by design.
After Dr Pupillo’s introduction, Marco Berliri and Winston Maxwell presented the seven principles of privacy by design, contrasting the preventive and “positive sum game” approach with the current confrontational and “zero sum game” approach that is currently the norm when dealing with data protection authorities in some European countries. Marco Berliri gave an overview of the current legislative framework for privacy in Europe, while Winston focused on the June 2010 report of the smart grid task force at the European Commission. The report, submitted by the so-called Expert Group 2 (EG2), fully endorses the privacy by design approach, recommending that European standards organizations working on smart grid standards take privacy requirements into account. The EG2 report urges smart grid stakeholders to be inspired by security and privacy practices of other industries, particularly telecommunications and banking. The EG2 report also highlights a methodology developed by a consortium of electricity providers in the Netherlands to conduct privacy impact assessments of smart grids systems.
NIST report compared.
Marco and Winston then compared the European approach as outlined by the EG2 report with the August 2010 recommendations of the NIST in the U.S. The NIST’s report on privacy over smart grid contains a useful discussion of different concepts of personal data which go from the U.S. concept of “personally identifiable information” (PII) to data about behavior inside the home that can be developed using Non-intrusive Appliance Load Monitoring (NALM) which provides a very detailed individual fingerprint of a given household’s behavior. The NIST suggests that the traditional notion of PII in the U.S. may not be adequate to address the risks posed by granular use data. Marco compared PII with the European concept of personal data. In response to a question from an E-Cube consortium member, Winston and Marco described the process of developing privacy use cases, using the two examples presented in the NIST report, as well as a use case involving the Canadian electricity company Hydro-One. Each use case requires breaking a service into small individual parts. For each part of the service one must ask whether key privacy requirements are being addressed. For example, if a consumer brings home a smart thermostat from the store and plugs it in for the first time, that thermostat will first seek to communicate with the home area network, which will in turn communicate the details of the thermostat to a central server so that the thermostat can be authenticated and registered in the service. In a privacy use case, this seemingly simple process may be broken down into five or more individual parts and for each part one must ask the questions: Is the communication link encrypted? Is the device transmitting the minimum amount of data necessary? Are organizational measures in place to ensure that the data are accessible only by the right people in the organization? Does the process contemplate a date when the data would be deleted? It is by building these individual use cases that Privacy by Design can be built up, piece by piece. As aptly put by the EG2 report: “Security is a path, not a destination!”
Sharing consumption information.
Finally, Marco and Winston compared Italian legislation which obligates electric utilities to share consumer usage data with the similar requirement adopted in December 2009 by the California Public Utilities Commission. Winston mentioned that the U.S. FCC is placing a particular emphasis on innovations at the edges in the smart grid ecosystem but this policy creates a dilemma for regulators who may not have jurisdiction over the service providers to whom the data are supplied. Winston pointed out that the California PUC is expected to issue more detailed privacy requirements before the end of 2010 and that these requirements are expected to address the issue of transfers of data to a third party service providers.
Marco reminded participants of the rules regarding transfer of personal data outside the European Union, pointing out that some data may in fact be transferred outside the European Union if an electricity service provider outsources some of its data processing, or makes use of cloud computing.
A copy of Marco and Winston’s presentation can be found here.