Chronicle of Data Protection

Europe's Article 29 Working Party issues smart meter guidelines

By Winston Maxwell (Paris) and Marco Berliri (Rome)

The European Union's Article 29 Working Party published on April 11, 2011 an opinion on smart metering, recommending Privacy by Design, data minimization, and consumer interface options that give customers increased control over their data and privacy settings.

The opinion indicates that most data collected by smart meters will be considered "personal data" under the Data Protection Directive because the data will be associated with a unique identifier such as a meter identification number, which in turn can be linked to a living individual. The opinion states that the "data controller" will in most cases be the energy supplier, but that the grid operator may also be controller, as may be the third party service provider (so-called Energy Service Companies, or ESCOs). As mentioned in the Art 29 WP's opinion 1/2010 on data controllers and processors, it is not infrequent for there to be more than one controller.

Data collected by smart meters may be processed based on consent, but the opinion warns that consent must be made on a "fully-informed" basis. The Art 29 WP recommends that the household control panel for smart meters include a push button consent option to help consumers exercise their consent options, and change the options over time. 

The opinion goes into considerable detail on some issues, commenting for example that a smart meter with a small, text only, user interface would provide consumers with insufficient access to their own data, in particular to load graphs.  The opinion also describes how the collection of data from the smart meter should be minimized, for example by keeping load graph data within the smart meter until the data actually needed by the energy supplier.  Many of the recommendations resemble existing practices in the telecoms industry for the handling of traffic data and location data.  For example, smart meter data should be deleted as soon as they are no longer needed. Controllers should develop written policies on data retention and evaluate each purpose for which smart data are needed and ensure that only the minimum data necessary for that purpose are retained, while other data are deleted. For example, some customers may request historic year-to-year consumption comparisons. For those customers, and those customers only, the controller may retain historic consumption data.

The opinion strongly recommends the implementation of Privacy by Design, including privacy impact assessments, security and privacy audits.

See the authors' previous blog entry on smart meters and privacy on design.

Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end

Copyright © Hogan Lovells. All Rights Reserved. "Hogan Lovells" or the "firm" refers to the international legal practice, including Hogan Lovells International LLP and Hogan Lovells US LLP, each of which is a separate legal entity. Attorney advertising. Prior results do not guarantee a similar outcome.

Hogan Lovells US LLP
555 Thirteenth Street, NW
Washington, DC 20004 | USA
Phone:
+1 202 637 5600

Fax:
+1 202 637 5910
Hogan Lovells International LLP
Atlantic House | Holborn Viaduct
London EC1A 2FG | United Kingdom
Phone:
+44 20 7296 2000

Fax:
+44 20 7296 2001