cer national smart metering programme information paper on … · 2019. 1. 24. · the cer is not a...
TRANSCRIPT
CER National Smart Metering Programme Information Paper on Data Access & Privacy
DOCUMENT TYPE:
Information Paper
REFERENCE:
CER/15/139
DATE PUBLISHED:
29 July 2015
The Commission for Energy Regulation, The Exchange, Belgard Square North, Tallaght, Dublin 24. www.cer.ie
1. Executive Summary
The National Smart Metering Programme (NSMP) is a plan for upgrading how electricity and gas retail markets operate, in order to improve levels of service for all energy customers. It is similar in nature to the move from analogue to digital in the markets for communications services. This upgrade in services will involve a step change in the amount of energy consumption data that will be available to customers, energy network companies and suppliers. Currently, suppliers are provided with an actual (usually 4 actual reads a year) or estimated meter reading(s) every two months and bill their customer on that basis. The introduction of new technology will allow for the collection of actual energy consumption data on a daily basis. This will allow for the provision of new services such as Time of Use Tariffs and Smart Pay As You Go. Consumers will also have access to their detailed energy consumption information. This information as well as new services will provide consumers with the ability to better understand and manage their energy use, which in turn could lead to them reducing their overall energy consumption and thereby saving money on bills, and reducing carbon emissions. As this upgrade in services will produce more consumption information the CER is considering the best way to ensure this information is processed lawfully in accordance the Data Protection Act 1988 and in a manner which both protect energy consumers and enables them to benefit from this upgrade. Concerns about data access & privacy have been raised in other countries rolling out smart meters. In order to address these concerns, the European Union Article 29 Data Protection Working Party has provided guidance, supplemented with regulatory recommendations from the Smart Grid Task Force for data protection impact assessments. Most recently the Commission has adopted the document "Benchmarking smart metering deployment in the EU-27 with a focus on electricity" [COM (2014) 356] which, in a section on data access and security, recommends “consent” as the most appropriate mechanism to increase consumer confidence, consumption and to facilitate the sharing of data. The CER’s assessment regarding data access & privacy commenced in July 2013. Since then we have worked closely with the Data Protection Commissioner in developing an interim Privacy Impact Assessment and a review of EU and international best practice. We gathered evidence to assess the case for providing this data automatically to industry stakeholders. Using the evidence adduced, and recognising international best practice CER has concluded that allowing customer choice on the principle that obtaining the
CER/15/139 - Information Paper on Data Access & Privacy
3
customers’ “consent” is the preferred grounds on which granular consumption data is processed. The CER considers this allows flexibility and choice for consumers if they want to share their data or not. It is also in keeping with the Data Protection Commissioner’s recommendations and best practice in Europe.
CER/15/139 - Information Paper on Data Access & Privacy
4
Table of Contents
Executive Summary .............................................................................................. 2 1. Introduction ....................................................................................................... 5
1.1 Purpose of this paper ................................................................................... 5 1.2 Structure of this paper ................................................................................. 5
2. Background to Data Privacy within a Smart Metering Context ........................ 6 2.1 Context: Smart Meters – Raising Privacy Concerns .................................... 6 2.2 Background ................................................................................................. 7
2.2.1 Legal Context ........................................................................................ 7 2.2.2 Role of the CER .................................................................................... 7 2.2.3 CER Papers relevant to Addressing Data Privacy under the NSMP ..... 8 2.3 NSMP Core Design .................................................................................. 8
3. Data Protection & the High Level Design ....................................................... 10 3.1 Working with the Data Protection Commissioner ................................... 10 3.2 Interim Data Privacy Impact Assessment ............................................... 11 3.3 Call for Evidence .................................................................................... 12 3.4 International Practice .............................................................................. 14
4. Designing for Consent .................................................................................... 16 4.1 Approach taken ...................................................................................... 16 4.2 Networks Model ...................................................................................... 17
5. Next Steps ................................................................................................... 19
CER/15/139 - Information Paper on Data Access & Privacy
5
1. Introduction
1.1 Purpose of this paper
The purpose of this paper is to set out the CER’s position in the context of data privacy on the appropriate design basis for Networks and Suppliers to gain access to customers’ half hourly consumption data. The Paper does not cover the processing of granular consumption data once collected by the network companies and suppliers – this is the responsibility of each relevant Data Controller, in accordance with data protection legislation1.
1.2 Structure of this paper
Section 2 discusses the background to data privacy, the role of the CER and the NSMP high level design;
Section 3 discusses the approach taken to examine the basis for access to granular consumption data;
Section 4 discusses designing for consent; and
Section 5 discusses the way forward and next steps.
1 https://www.dataprotection.ie/viewdoc.asp?DocID=796
CER/15/139 - Information Paper on Data Access & Privacy
6
2. Background to Data Privacy within a Smart Metering Context
2.1 Context: Smart Meters – Raising Privacy Concerns
Smart meters will lead to a step change in the amount of data that will be available to consumers, networks companies and suppliers about consumers’ energy consumption. This increase in consumption data will provide for the introduction of new services such as Time of Use Tariffs and Pay As You Go. Consumers will be able to access much more detailed information which they can use to understand and manage their energy use, which in turn could lead to them reducing their overall energy consumption and saving money on bills, and reduce carbon emissions. The increase in energy consumption data will also enable the industry to operate more efficiently2 and support the provision of new energy services to help consumers manage their energy use. Currently, the network companies and suppliers are provided with actual meter reading(s) (usually 4 actual reads a year) or estimated meter reading(s) every two months and bill their customer on that basis. This level of collection is readily accepted by society as both necessary and legitimate. Smart metering will involve the processing of more detailed consumption information. The data collected, either alone or when combined with other information such as an address or meter point reference number, for instance, falls within the meaning of personal data3, as defined by the Data Protection Acts. It is therefore important to give consumers clarity and reassurance about the ways in which their energy consumption data can be accessed, by whom and for what purposes. Concerns about privacy4 have been raised in a number of other countries. It is essential that the interests of consumers are protected in order to maintain their confidence. Market arrangements are required which will provide appropriate protections for consumers while delivering the benefits of a smart metering rollout and promoting competition in the energy supply and services markets.
2 i.e. no need for site visits for to take meter readings etc. More accurate data will allow for accurate billing 3 "personal data" means data relating to a living individual who is or can be identified either from the data or
from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller; 4 particularly in the Netherlands, US, and Canada. Austria, Portugal, Norway and Spain. These concerns
appeared to arise because energy utilities had failed to develop appropriate engagement strategies with consumers.
CER/15/139 - Information Paper on Data Access & Privacy
7
2.2 Background
2.2.1 Legal Context
From a data protection perspective, it is the role of the Data Protection Commission’s Office to ensure that the processing of data complies with the provisions of the Data Protection Acts 1988 and 2003. Data controllers and processors must:
Obtain and process information fairly;
Keep it only for one or more specified, explicit, and lawful purposes;
Use and disclose it only in ways compatible with these purposes;
Keep it safe and secure;
Keep it accurate, complete and up-to-date;
Ensure that it is adequate, relevant and not excessive;
Retain it for no longer than is necessary for the purpose or purposes; and
Give a copy of his/her personal data to an individual, on request. For the avoidance of doubt, with respect to the NSMP:
Networks and Suppliers5 are Data Controllers;
The CER is not a Data Controller.
2.2.2 Role of the CER
The CER has been designated as the Competent Authority6 for the rollout and
specification of the NSMP. Member states are also obliged, under Article 9 2(b)
of the Energy Efficiency Directive 2012/27 EU, to “ensure the security of the
smart meters and data communication, and the privacy of final customers, in
compliance with relevant Union data protection and privacy legislation”. As the
designated Competent Authority for the NSMP, it is essential that the design and
specification rolled out by the CER is lawful from a data privacy perspective, for
the present and for the future.
5 This does not represent the full list of data controllers in the energy market. 6 Under Annex 1 of EU Directive 2009/72/EC, CER has been designated as the competent authority by the
Department of Communications, Energy & Natural Resources with responsibility for progressing the roll out and specification of smart meters (and associated technologies) in the electricity and natural gas retail markets in Ireland.
CER/15/139 - Information Paper on Data Access & Privacy
8
2.2.3 CER Papers relevant to Addressing Data Privacy under the NSMP
In July 2012 the CER issued its Decision on the National Rollout of Electricity and Gas Smart Metering7. Of particular relevance to this Paper, the CER outlined its opinion that consumption data derived from smart meters belonged to the customer. The CER formed this opinion having taken into account progress of the continuing discussions to revise European legislation relating to data protection and the opinions of the Article 29 Working Group and of the Data Protection Commission on how the current legislation should be interpreted. This has important implications for data privacy, such as:
Individuals need to be properly informed as to how their energy consumption data will be used;
Consumption data must be adequate, relevant and not excessive in relation to the purposes for which it is being used;
Consumption data must be accurate and up to date;
Consumption data must not be kept for longer than is necessary; and
Individuals have rights to require (some of) their consumption data to be deleted.
In December 2012, the CER published an Information Paper8 giving a commitment to work with the Data Protection Commissioner’s (DPC’s) Office and to consider how existing legislation, including the Data Protection Act, will apply to the NSMP, and what, if any, additional measures might be needed to supplement the existing protections and access rights. The aim was to provide a clear policy framework for all stakeholders.
2.3 NSMP Core Design
In October 2014, the CER published the High Level Design9 which supports the flow of granular10 consumption data from smart meters through to industry participants and onto customers, as illustrated in the figure below, as follows:
The smart meters capture and return half hourly interval data to Networks.
Networks then forward the data to Suppliers on a daily basis.
Suppliers process the half hourly interval data for consumer facing services such as for Time of Use (TOU) billing and Pay as You Go (PAYG) balance calculation purposes.
7 CER12008 8 http://www.cer.ie/docs/000023/cer12213(e).pdf
9 http://www.cer.ie/document-detail/SmartMeteringProject-Phase2/699
10 Granular for the purposes of the high level design is meant data captured at half hourly intervals.
CER/15/139 - Information Paper on Data Access & Privacy
9
Essentially, the design is based upon a smart meter which could communicate
data out of the home at half hourly granularity each day. The CER acknowledged
a design principle of Privacy by Design in the High Level Design Decision paper
(core design).
CER/15/139 - Information Paper on Data Access & Privacy
10
3. Data Protection & the High Level Design A Data Protection group was established in July 2013 to address data privacy concerns within the design and roll out of smart meters. A number of key activities have been undertaken by the group during the High Level Design which included:
Working closely with the Data Protection Commissioner;
Carrying out an Interim Privacy Impact Assessment (PIA);
Engaging with Industry Stakeholders in a Call for Evidence process; and
Reviewing International Practice. These outputs, together with data from the CER Customer Behaviour Trials and other programme outputs have influenced the high level design. There was an underlying assumption from industry that half hourly consumption data would be freely available to (and within) the industry for processing. This assumption was formed on the basis that smart meters would be capable of recording consumption readings at half hourly granularity. Accordingly, there was a need to raise the level of understanding and awareness of data protection and privacy issues in the programme – but in a way that recognised the legitimate interests of all stakeholders and respected the principles of the NSMP.
3.1 Working with the Data Protection Commissioner
The Data Protection Commissioner (DPC) considers that it would be disproportionate for industry stakeholders to expect to be able to use half hourly consumption data to meet the NSMP objectives on an automatic basis (i.e. regardless of the wishes of consumers). In a letter to the CER in 2011, the DPC commented that: “a strong justification is required for the making available of detailed data on an ongoing basis and … at this stage, we are not aware of the basis for acceptance of this [half hourly] interval.” A constructive working relationship with the DPC was formed by the CER to respond to the DPC’s concerns. Some of the suggestions that were made by DPC officials during these discussions (particularly in relation to the need to carry out a Privacy Impact Assessment at an early stage in the programme) have already been implemented by the CER. Other issues raised by the DPC are currently being addressed.
CER/15/139 - Information Paper on Data Access & Privacy
11
The DPC commented on the NSMP in his 24th Annual Report, published in May 2014.11 The report:
Outlined the Commissioner’s concerns (these are all issues that the CER had been aware of and is addressing); and
Welcomed the inclusion of a data protection team into the CER's organisation.
3.2 Interim Data Privacy Impact Assessment
Programmes that involve the collection of personal information could give rise to
privacy concerns. A Privacy Impact Assessment is a process for evaluating a
project to identify its potential impacts on individual privacy and data protection
compliance, to examine how any detrimental effects might be overcome, and to
ensure that the project complies with data protection principles.
An interim Privacy Impact Assessment was completed in October 201312. It
considered how existing legislation, including the Data Protection Acts 1988 and
2003, applies to smart meters’ data, and what if any additional protections might
be needed to supplement the existing protections and access rights to provide a
clear privacy policy framework.
It was initially conducted by means of desktop review of technical documents
published by the CER, and a review of the research that had been sponsored by
the Sustainable Energy Authority of Ireland into public attitudes on smart
metering. Workshops and interviews were then carried out with selected groups
of stakeholders. These stakeholders were Energy Company and CER officials
who were closely associated with the programme.
The DPC’s views were reflected in the interim assessment. It explained that:
“the programme needs to ensure that the default setting for data extracted from smart meters, and used within the industry, is at an appropriate level that gives individuals the greatest degree of privacy.”
In terms of risks to individuals, the assessment explained that:
“An inappropriately fine level of granularity will result in individuals
being required to disclose more information than is necessary to meet the
purposes of the programme.”
11
http://www.dataprotection.ie/docimages/documents/Annual%20Report%202013.pdf, p 33. 12
A revised interim PIA was also completed in October 2014. CER plans to carry out a further updated PIA in October 2015.
CER/15/139 - Information Paper on Data Access & Privacy
12
In terms of compliance risks, the assessment referred to the risk of:
“Failure of the CER and Data Controllers to ensure that personal
information is adequate and not excessive in relation to the purposes for
which it is processed; and the potential failure of the Data Controllers to
adopt appropriate aggregation and anonymisation techniques and to adopt
privacy by default strategy.”
In terms of associated organisation/ corporate risk, the assessment
commented:
“The CER runs the risk of reputational damage if it fails to gather sufficient
evidence to satisfy itself that it is acting in a proportionate manner when
mandating the granularity with which consumption data should be
processed. Data Controllers run the risk of reputational damage should
they process inappropriate amounts of information. The potential failure of
the data controllers to adopt appropriate aggregation and anonymisation
techniques and to adopt privacy by default strategy.”
In terms of experience from other countries, the assessment pointed out that:
“Consumers may make international comparisons and consider that their
privacy interests have not been sufficiently protected by regulators, Vis a
Vis citizens in other countries who can exercise a wider range of choices
as to the granularity of consumption data that is disclosed to Networks,
Suppliers and third parties for a range of purposes.”
Annex A contains a table summarising the privacy risks. The assessment was
revised in November 2014, following publication of the CER’s Smart Metering
High Level Design Decision Paper.13 It drew attention to the CER’s plans to
address the privacy risks. Annex B contains a table setting out these plans.
3.3 Call for Evidence
The CER considers that if consumers are to be able to take full advantage of the
economic benefits that are available to electricity networks in terms of the cost of
producing electricity, pricing practices in the wholesale and retail electricity
markets should be mirrored. Currently, the wholesale price of electricity (i.e. the
price that is charged by producers to suppliers) can change every half hour. If at
a stage in the future customers are to be offered individual tariffs that are based
on an electricity market that can change its price every half hour, then their
electricity meters will need to be capable of measuring electricity consumption in
intervals of 30 minutes.
13
CER Decision Paper on Smart Metering High Level Design, CER/14/046, 14 October 2014.
CER/15/139 - Information Paper on Data Access & Privacy
13
In examining the case for the CER to mandate the provision of half hourly data
from the customer’s meter to industry stakeholders on an automatic basis (i.e.
regardless of the wishes of customers), the CER sought evidence from industry
stakeholders to justify such a requirement.
The consultation process involved an initial period of stakeholder engagement and industry workshops, prior to a formal Call for Evidence to industry stakeholders in October 2013. In specific terms, it was designed:
To seek views and evidence from interested parties on the levels of data access and retention requirements that are required by Networks and Supplier companies;
To seek views on third party access to data and the role that consumer consent might play in such access;
To enable the CER to strike the right balance between protecting consumers privacy and achieving the NSMP objectives;
In respect of “mandates”, to seek evidence that would support the compulsory provision of half hourly data. This evidence was sought from trials, pilots and any case studies available; and
For data purposes that the CER would not be minded to mandate, the Call for Evidence asked for evidence, examples, pilot and trial information to aid justifications for the processing of half hourly data.
Fifteen data use cases were examined to assess the extent to which they support a compulsory requirement for half hourly data. Annex C contains a summary of the findings in respect of each use case. Responses were returned to CER in November 2013. Some key outcomes from the process were that:
Insufficient evidence emerged to support the processing of data more granular than day/night/peak for Time of Use billing and Energy Use Statements.
There was a lack of justification / evidence of benefit, at this stage, for granular consumption data to be considered necessary for other processing purposes, such as settlement, marketing, energy efficiency, theft, product development, debt management etc.).
A further series of bilateral meetings was carried out between March and May 2014 to:
Give stakeholders the opportunity to revise and extend their previous remarks; and
CER/15/139 - Information Paper on Data Access & Privacy
14
Enable the CER to ask some more specific and probing questions in light of comments received.
However, no further evidence was forthcoming that robustly challenged the key outcomes from the earlier consultation exercise.
3.4 International Practice
In developing its approach to data protection and the smart metering solution design, the CER has continued to monitor developments in other countries in smart metering, in particular in the US and European rollouts. These developments include:
Opinions of the Article 29 Data Protection Working Party, including opinions on smart metering14 and the definition of consent15, which are precursors to the European Commission’s Recommendation to prepare for the rollout of smart metering systems;
Proposed reform of the 1995 European Data Protection Directive16;
Proposed regulatory recommendations prepared by the Smart Grid Task Force for data protection impact assessments for smart grid and smart metering systems
In February 2014, a review of smart meter programmes that are currently underway in Europe and beyond was carried out to ascertain whether a common approach was being adopted with regard to the granularity of consumption data which was being captured by smart meters and used by market participants. The review demonstrated that a range of solutions have been, and are being, adopted, but no clear pattern has emerged. While some programmes do involve the mandatory use of half hourly consumption data, others do not. The roll-out programmes within each country appear to have been planned quite independently of each other, and consequently there are few common strands or standards that apply. This probably reflects different cultural and privacy expectations in each country. Consumers in different countries face:
Different levels of compulsion about whether smart meters are to be installed;
14
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp183_en.pdf 15
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf 16
http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
CER/15/139 - Information Paper on Data Access & Privacy
15
Different default granularities of interval data “pushed” or “pulled” from the smart meter; and
Different requirements on how frequently the meter readings can be sent from the meter to the collection agency.
In 2014 the European Commission adopted the document "Benchmarking smart metering deployment in the EU-27 with a focus on electricity"17 that builds upon a body of work and literature. On data access and security it comments that:
“In the internal energy market, data should flow freely, but the fundamental right of protection of personal data as provided for in Article 8 of the Charter of Fundamental Rights of the European Union, Article 16 of the TFEU and Directive 95/46/EC100 on protection of personal data and the national laws implementing it, must always be guaranteed. To increase consumer confidence, consumption and also own production data should be protected and only shared, with consumer consent, at the appropriate level of detail between Network operators and retail market actors for running novel businesses, energy services and new choices for consumers.”
The CER will continue to learn from the experience of other programmes while recognising the specific needs of the Irish energy markets and the benefits of the smart metering rollout as outlined in the trial.
17
COM /2014/0356
CER/15/139 - Information Paper on Data Access & Privacy
16
4. Designing for Consent
4.1 Approach taken
Using the evidence adduced, and recognising international best practice CER has concluded that obtaining the customers’ “consent” is the preferred grounds on which granular data from smart meters is processed. The CER considers this allows flexibility and choice for consumers if they want to share their data or not. It is also in keeping with DPC recommendations and best practice in Europe. In order to develop a practical working model to incorporate customer choice a solution needed to be developed. In terms of privacy and data protection, the following guiding principles were adopted:
There should be a persistent and enduring right for customers to change their minds.
The choices made available to customers need to be transparent, simple and straightforward.
Text or conditions in customer contracts need to be clear and transparent about who data is to be shared with.
Although customers can give consent (or not) to half hourly consumption data leaving the home, this does not extend to give the customer the right to determine the method of data collection for the minimum level of granularity/frequency of data determined to be necessary to fulfil regulated duties18. In exploring the options for a model based on obtaining consumer consent for the processing of half hourly consumption data by Networks and Suppliers, the following guiding principles have been developed:
Any solution should aim to maximise the number of smart meters installed19.
When considering solutions we should look to maximise programme benefits while at the same time keeping costs at a minimum.
All customers with smart meters will be migrated onto a Time of Use tariff20 (where feasible).
18
i.e. billing 19 while respecting the privacy of individuals and balanced with their rights and freedoms 20 Customers will be given the choice as to when to move on to a Time of Use Tariff. CER/15/136 discusses this in more detail.
CER/15/139 - Information Paper on Data Access & Privacy
17
We want to minimise the number of people who object from a data privacy perspective. This places an emphasis on a successful customer engagement strategy.
To achieve the highest level of engagement, we are working on the basis of a consent model based on opt-out. The half hourly data flows as per the Core Design as default, unless the customer opts out of sharing interval data.
As is the case at present a certain level of granularity and frequency of data is required to leave the home regardless of customer consent in order to fulfill regulated duties
It is accepted that there are follow-on implications for the smart metering benefits possible for those customers who have opted out of half hourly consumption data leaving their home21.
Any solution must not frustrate market processes and market roles.
Any solution must also not frustrate Change of Supplier and Change of Legal Entity events.
Customer consent should be independent for electricity and gas.
4.2 Networks Model
These guiding principles were subsequently used by the Networks companies to develop and propose appropriate technical solutions. The customer will have a right to object to access by the industry on privacy grounds to their interval data. This is a right that is persistent, enduring and the customer can change their mind. This right is based on the opt out model.
The Core design is based on daily interval data collected by ESBN and provided to the market participants:
● Data access opt outs will not be covered by core design22
● Number of data opt outs assumed small23
● Data opt out customers will still get a smart meter
● Leverage the existing market processes for data opt out customers to ensure minimising cost while maximising benefits
21 while respecting the privacy of individuals and balanced with their rights and freedoms 22 The core design captures 30 minute interval data on a daily basis. Data opt out customers will have their tariff register data collected on a bi monthly basis as is the current practice. 23 In light of recent of recent roll out experience in the UK and other smart metering programmes.
CER/15/139 - Information Paper on Data Access & Privacy
18
● Following the existing process for data collection for these opt outs will mean ESBN will provide:24
– Set of bi-monthly values25 to enable supplier to bill Time of Use tarrifs
– Profile Data for settlement for customers on Time of Use tarrifs.
This technical model sets the basis for maximising participation in the smart metering programme. A more detailed discussion on maximising participation can be seen in the accompanying policy paper CER/15/137.
24 GNI will also leverage existing market processes and provide bi monthly reads to data opt out customers
for the purpose of billing. 25 Meter register consumption data as per the time of use tariff bands.
CER/15/139 - Information Paper on Data Access & Privacy
19
5. Next Steps
The CER will continue to engage with suppliers, network operators, stakeholders, the Data Protection Commissioner and the European Commission and European Working Groups to fully explore and address data protection issues, legal requirements and best practice in relation to data privacy, processing, retention, maintenance, use and security. It is possible that, at a European level, an overall agreement on a new legal data protection framework, cast in the form of a Regulation that replaces the existing Data Protection Directive, might be reached during the first half of 2016. Although it would not be fully in force until 2018, the CER has endeavoured to ensure that the NSMP’s design will meet any new privacy standards that may be introduced. Accordingly, the NSMP will ensure that:
Data protection by design and default is embedded into the programme;
Data minimization principles are respected;
Consumers are aware of the choices (in terms of the granularity of data collection) that will be available, what benefits these choices will offer, and how these choices can be made (and changed);
Consumers will have the right to obtain their personal data in a commonly used structured format; and
Consumers will have the right not to be subject to a measure based on profiling where it legally or significantly affects them.
CER/15/139 - Information Paper on Data Access & Privacy
20
Annex A Summary of significant privacy risks
A table setting out the significant privacy risks that were identified by the interim Privacy Impact Assessment (PIA) in October 2013 is set out below. In the following Annex B, CERs plans to address these risks are outlined.
Significant privacy risks
Risk Observation
Potential effect on
individuals and the
programme
1 Information
integrity and
security
Detailed plans, over and above the
December 2012 ESBN Paper on
security, outlining the technical
controls that specify how smart
metering information will be protected
have not yet been developed.
Security breaches will
cause bill payers to
lose confidence in the
programme and in the
ability of
suppliers/networks to
protect their personal
data. The DPC may
take appropriate
enforcement action.
2 Inappropriate
access to
consumption
data following a
change of
ownership
Detailed plans setting out how data
held on a meter or Mandated In-Home
Device that relates to a previous user
can be secured have not yet been
developed.
Bill payers are highly
unlikely to permit
historical consumption
data held on smart
meters or In-Home
devices being made
available by default to
other individuals
following a change in
legal ownership of the
meter.
3 Transparency
of the
programme
Detailed customer engagement
strategies have not yet been
developed.
Bill payers who are not
fully engaged with the
programme’s objectives
may not take sufficient
account of the granular
data that will become
available to positively
change their energy
consumption
CER/15/139 - Information Paper on Data Access & Privacy
21
behaviours. This results
in the increased risk of
invalid consent (where
bill payers are not
informed for one reason
or another).
4 Disclosure of
consumption
data within
Data
Controllers and
to other data
controllers
Detailed plans specifying the
mandated purposes for which granular
consumption data must be used, and
other purposes that bill payers may be
offered choices about, have not yet
been developed.
Bill payers may not be
offered as wide a range
of choices about the
purposes for which their
consumption data may
be used, compared with
bill payers in other
countries. This may
cause them to lose
confidence in the
programme. This also
results in a risk of
secondary or unlawful
usage by other data
controllers.
5 Granularity of
consumption
data
Detailed plans specifying the
granularity with which consumption
data may be used for specific
purposes have not yet been
developed.
Bill payers may not be
offered as wide a range
of choices about the
granularity of
consumption data that
will be used for specific
purposes, compared
with bill payers in other
countries. This may
cause them to lose
confidence in the
programme.
6 Retention of
consumption
data
Detailed plans specifying the periods
for which granular consumption data
should be retained have not yet been
developed. Retention schedules
should be detailed and justified.
Bill payers may find that
their consumption data
is being retained for
longer periods than is
the case in other
countries. This may
cause them to lose
confidence in the
CER/15/139 - Information Paper on Data Access & Privacy
22
programme.
CER/15/139 - Information Paper on Data Access & Privacy
23
Annex B Addressing the privacy risks
The interim assessment was revised in November 2014, following publication of the CER’s Smart Metering High Level Design Decision Paper.26 It drew attention to the CER’s plans to address the privacy risks. A table setting out these plans is set out below. Risk
Addressing the privacy risks
Risk Recommendations CER Response
1 Information integrity and Security
Develop a governance
structure for the security
aspects of the
programme.
Information integrity
and security matters
will feed into the
project governance
structure.
Ensure audits and
compliance with
standards for industry
stakeholders, such as
the information security
standard ISO27001.
The CER will appoint a Subject Matter Expert to progress these issues.
2 Inappropriate access to consumption data following a change of ownership
Adopt similar
specifications to those
published by the Smart
Metering Equipment
Technical Specifications
in Great Britain,
including the concept of
a PIN code.
Technical
specifications will be
developed following
a series of market
process workshops,
taking account of
advice from relevant
Subject Matter
Experts, and
monitored by the
Information Integrity
and Security work
stream.
Mandated In-Home
Device to show
instantaneous energy
usage with limited
storage capability.
26
CER Decision Paper on Smart Metering High Level Design, CER/14/046, 14 October 2014.
CER/15/139 - Information Paper on Data Access & Privacy
24
Risk Recommendations CER Response
Provide the consumer
with a simple and easy
means to remove (all)
data from the Mandated
In-Home Device via a
button – in effect
returning the device to
its factory settings.
3 Transparency of the programme
Review a wide selection
of available evidence to
better understand what
constitutes effective
consumer engagement
in the context of smart
metering.
The CER will appoint a communications lead to facilitate greater public engagement.
Having established what
needs to be done to
engage consumers,
determine who is best
placed to deliver
consumer engagement.
The engagement with
consumers would need
to consider the main
interface with the
consumer pre-, during,
and post-installation of
smart meters.
Relevant work will be carried out through the Consumer Engagement Advisory Group.
Develop a Privacy
Charter to describe the
programme and provide
clear reassurance to
consumers about the
ways in which their
personal data will be
used, and the choices
they have about this.
Data controllers should
review their existing
privacy policies in
anticipation of the rollout
The communications lead, with the support of the Data Protection work stream, will develop appropriate material and encourage stakeholders to adopt a Privacy Charter.
Networks and Suppliers will be expected to review
CER/15/139 - Information Paper on Data Access & Privacy
25
Risk Recommendations CER Response
of smart meters. They
will need to change if
meter data will be used
for new purposes.
their own privacy policies.
4 Disclosure of consumption data to data controllers
Assess EU and
international
developments to learn
lessons from
experience in other
countries and how they
are managing data
access from smart
meters.
Gemserv provided a report to the CER in February 2014, and will continue to provide data protection advice and support to the CER.
Consult further with the
Irish public,
stakeholders, consumer
bodies and Energy
Supply Companies to
understand their
viewpoints regarding
smart metering data.
Relevant work will be carried out through the Consumer Engagement Advisory Group.
5 Granularity of consumption data
Following an analysis of
the Call for Evidence,
the CER should consult
with the wider public
regarding what
granularity would be
considered acceptable.
The Call for Evidence gathered sufficient evidence for the CER to decide that customers ought to be presented with choices about whether their half hourly consumption data should be aggregated.
Relevant work will be carried out through the Consumer Engagement Advisory Group.
Consider how and by
whom any aggregation
or anonymisation of
consumption data is
achieved, and the role
of ESBN in its function
Aggregation will be carried out at the meter, before interval data leaves the home.
CER/15/139 - Information Paper on Data Access & Privacy
26
Risk Recommendations CER Response
of data collection on
behalf of the
programme.
Assess solutions developed in other EU countries and elsewhere.
Gemserv provided a brief report to the CER in February 2014, and will continue to provide relevant advice and support to the CER.
6 Retention of consumption data
Data controllers should
publicise their retention
strategies in a Privacy
Charter.
The Data Protection work stream will encourage stakeholders to develop appropriate material in a Privacy Charter.
Review the existing
standards and policies
that apply in the energy
sector for retention of
register reads and
consumption data, given
that the data will be
available at a more
granular level.
The CER will examine this issue in due course.
Develop a specification
of requirements for data
retention across the
NSMP Smart Meter
Architecture, applying
principles of data
minimisation.
The CER will examine this issue in due course.
CER/15/139 - Information Paper on Data Access & Privacy
27
Annex C Summary of findings from the Call for Evidence.
In examining the case for the CER to mandate the provision of half hourly data from the customer’s meter to industry stakeholders on an automatic basis (i.e. regardless of the wishes of customers), the CER sought evidence from industry stakeholders to justify such a requirement. The necessity for the use of half hourly data for the following purposes were considered: 1. Electricity Time of Use Billing 1.1 Background There are three broad uses of electricity consumption data in the context of TOU tariffs, for both customers and suppliers:
To calculate an accurate bill (or to check the accuracy of the bill);
To understand the potential cost implications of a particular tariff choice;
To identify alternative tariffs that would be attractive, if available. Suppliers need to access sufficient energy consumption data to ensure that they are able to bill their customers accurately. The CER will require Suppliers to develop a single standard domestic TOU tariff structure, which domestic customers of that supplier will migrate to by default at an appropriate time following the installation of their smart meter. 1.2 Outcome The receipt of consumption data is a legitimate processing condition and the TOU mandate will require Suppliers to have a certain amount of information, but the evidence adduced from the consultation exercise was not sufficient for Data Protection work stream to support the processing of half hourly data for this purpose on automatic grounds without the customer’s consent. Applying the principle of data minimisation, the Data Protection work stream considered that a monthly feed of data, broken down by Day/Night/Peak as the default position could provide Suppliers with sufficient data to calculate a bill, delivering the programme objectives whilst also protecting the privacy of consumers. Naturally there would be some exceptions, e.g. to facilitate accurate readings required for Change of Supplier and Change of Legal Entity events. 2. Gas Billing 2.1 Background As with electricity billing, Suppliers need to access sufficient energy consumption data to ensure that they are able to bill their customers accurately, and the three broad uses of gas consumption are the same as the use cases of electricity
CER/15/139 - Information Paper on Data Access & Privacy
28
consumption data (see section 1.1 above). Unlike the electricity market, the CER decided in July 2012 not to mandate gas Time of Use tariffs. 2.2 Outcome Suppliers were not able to provide sufficient justification or evidence that supports the provision of half hourly data on automatic grounds, based on the core design. While the arguments are strong about consistency across both fuels, the evidence adduced from the consultation exercise was not sufficient for the Data Protection work stream to support the processing of half hourly data for this purpose based upon the core design, without the customer’s consent. Applying the principle of data minimisation, the Data Protection work stream considered that less granularity is sufficient, giving Suppliers adequate data to calculate a bill, and delivering the programme objectives whilst also protecting the privacy of consumers. Naturally there would be some exceptions might need to be considered, e.g. to facilitate accurate readings required for Change of Supplier and Change of Legal Entity events. 3. Presentation of Energy Usage Information 3.1 Background Smart metering trials conducted in Ireland demonstrated that the richness of data provided in the smart bill contributed to achieving energy reductions, both in peak and overall demand. Customers participating in the trials were found to reduce peak usage, with a peak shift of up to 11.3% when receiving bi-monthly and monthly statements. The Call for Evidence acknowledged that the presentation of timely and relevant information from smart meters would help realise the potential economic and environmental benefits. 3.2 Outcome The Data Protection work stream acknowledged the role that tailored energy efficiency advice/data can have on energy savings. Suppliers were provided with half hourly data as part of the customer behaviour trials, which was then aggregated-up into bands for presentation on the customer’s bill / statement. However, the data protection work stream was not persuaded that sufficient evidence exists to support the case that half hourly interval data is necessary to reduce peak usage, as this data was not made available to domestic customers during the trials. From a data minimisation perspective, the receipt of less granular at day/night/peak granularity, to reflect the default Time of Use tariff, could well accomplish the same outcomes.
CER/15/139 - Information Paper on Data Access & Privacy
29
4. In-home Displays (IHD) 4.1 Background It is proposed that an IHD is to be provided to domestic customers, which will display real time energy usage information. Instantaneous data can be displayed on the IHD without it being needed to be collected by industry participants. Some privacy issues exist due to non-bill payers seeing balance information in the home. 4.2 Outcome There was consensus in the responses to the Call for Evidence that neither Suppliers nor Networks required access to data for this purpose. 5. Harmonised Downloadable File (HDF) 5.1 Background Data protection legislation already provides that consumers should be able to access their own smart metering energy consumption data, if it is stored by a data controller. The Call for Evidence considered access to data by consumers via a Customer Web Interface that would be provided by Suppliers and network businesses. 5.2 Outcome Stakeholders were not able to provide any evidence that supports the likely take-up and utilisation of the HDF, and the Data Protection work stream queried whether consumers will readily understand why both Networks and Suppliers will be obliged to support an HDF. Given that the main customer relationship is with their Supplier, it seemed illogical for Networks to face a similar obligation. The Data Protection work stream considered that customers should be able to see what they had previously agreed to share with their supplier. So, if the customer only wanted to share daily consumption data readings with the supplier, the HDF ought to be expected to be only able to present daily readings. If the customer wanted to share half hourly data with the supplier, then the HDF ought to be expected to present half hourly records. 6. Electricity Settlement 6.1 Background Wholesale market settlement is the process that reconciles the amount of energy that an electricity supplier has arranged to be put on to a distribution network,
CER/15/139 - Information Paper on Data Access & Privacy
30
and the amount that has (or is estimated to have) been used by customers. Electricity is currently settled on a half hourly basis.27 The Call for Evidence tested the proposition that interval data from smart meters could be used to estimate the amount bought by each supplier in each half hour much more accurately, and without the need to use standard load profiles. Settlement based on more accurate data could lead to a closer relationship between the amount of wholesale bought each half hour, and the actual consumption of that Supplier’s customers. However, these benefits could also arise without the disclosure of personal data to suppliers if “Privacy by Design” principles were observed. Was there a case for half hourly data to be made available to ESBN prior to it being aggregated (i.e. de-personalised) for submission to the market operator? 6.2 Outcome Some level of energy consumption data was obviously required by Suppliers in order to meet existing licence conditions, through the Single Electricity Market Trading and Settlement Code. However, the Data Protection work stream was not persuaded that aggregated half hourly data was necessary for settlement on automatic grounds, especially in the context of Time of Use products with set time bands. 7. Marketing 7.1 Background Suppliers will already have arrangements in place that determine whether customers are willing to receive direct marketing communications, in line with data protection legislation. 7.2 Outcome The requirement for suppliers, and indeed any data controller, to obtain customer consent for marketing purposes is the preferred mechanism for using data for marketing purposes. It was not considered necessary for Suppliers to have access to a customer’s half hourly data in order to carry out targeted marketing campaigns. 8. Energy Efficiency 8.1 Background
27
About 8,000 large industrial and commercial customers have half hourly (or quarter hourly) meter readings. For domestic and smaller commercial customers, half hourly figures are currently estimated using typical consumer profiles.
CER/15/139 - Information Paper on Data Access & Privacy
31
Energy efficiency targets can be achieved by customers reacting to price signals and by using more energy efficient appliances in the home. Energy efficiency targets can also be met by encouraging third parties to provide appropriate advice. Energy Suppliers considered that, with access to more granular data, the energy savings delivered to date could be significantly increased. However, would they be able to persuade consumers to take-up advice on energy efficiency without first being able to demonstrate the value to them, which arguably requires that they receive half hourly data by default? 8.2 Outcome The evidence adduced from the consultation exercise supported the case that tailored energy efficiency advice/data can have a significant impact on energy savings. However, the customer behaviour trials did not test the impact that the provision of half hourly data to customers would have on customer behaviour. The supplier involved in the trial was provided with HH granular data, but it was then aggregated-up into time bands for presentation on the customer’s bill / statement, together with various energy efficiency hints and tips. Accordingly, there is insufficient evidence for the Data Protection work stream to assert, with confidence, that half hourly data is unequivocally necessary for this purpose. 9. Detection & Prevention of Theft 9.1 Background Suppliers are required by License conditions to take all reasonable steps to detect and prevent theft of electricity and gas.28 Currently, theft of energy is detected through a combination of triggers, meter inspections and suspicious consumer behaviour. The costs of theft are currently added to all customer bills, so reducing theft would benefit all consumers. 9.2 Outcome The Data Protection work stream noted that are merits in the industry receiving daily or weekly data, which is a significant improvement on today’s arrangements, but considered that the privacy of all customers also needs to be respected. There is a case, however, for the industry receiving half hourly or hourly consumption data daily where Suppliers have reasonable grounds of suspicion that theft is being committed. 10. Product Development, Tariff Design and Innovation 10.1 Background
28
SLC8.
CER/15/139 - Information Paper on Data Access & Privacy
32
Was access to half hourly data necessary to enable Suppliers to develop new retail offerings, design new tariffs and to innovate? 10.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that half hourly data was always needed for this purpose. It may well be possible to develop new retail offerings, design new tariffs and innovate based on sample data from smart meters, or aggregated or anonymised data. 11. Pricing 11.1 Background Pricing is the process of providing customers with a future price for their electricity or gas. The process is normally undertaken when Suppliers offer new terms of supply to new or existing customers at Change of Supplier or Change or Legal Entity. Currently, Suppliers ascertain historic consumption by asking domestic customers for their meter readings or annual usage, accompanied with information about their premises. A major benefit of smart metering is that the potential availability of actual consumption will enable Suppliers to offer a product much more closely aligned to the customer’s usage. 11.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that HH interval data was always needed for this purpose. 12. Wholesale Hedging 12.1 Background Wholesale hedging is a commercial activity. The better the information Suppliers have on their consumer’s usage, the better they will be able to forecast their future energy demands and buy ahead. 12.2 Position Some stakeholders considered that aggregated or anonymised data is sufficient for this purpose. Accordingly, the Data Protection work stream did not conclude that half hourly data was necessary to satisfy this requirement. 13. Debt Management
CER/15/139 - Information Paper on Data Access & Privacy
33
13.1 Background Will access to granular data enable Suppliers to better identify consumers in payment difficulty? The provision of accurate meter readings and the ability for consumers to track their own usage through the Mandated In-Home Device may help reduce the debt build up. 13.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that half hourly data was always needed for this purpose. 14. Network Management 14.1 Background Distribution businesses have obligations in their licenses to operate and ensure the maintenance of a safe, secure, reliable, economical and efficient distribution system. Smart metering data may help network operators fulfil these obligations. Was half hourly data necessary to assist network operators to discharge their obligations? 14.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that HH interval data was always needed for this purpose. One of the network operators considered that access to anonymised consumption data would be adequate to realise the benefits. 15. Network Charges 15.1 Background The roll-out of smart meters will increase the amount of information available on what electricity and gas customers consume, and importantly when consumption occurs at any given point in a day. This makes it technically possible for Network and Transmission operators to introduce new charging methodologies or structures, which could allow for more accurate Distribution Use Of system and Transmission Use of System pricing. Was half hourly data always necessary for this purpose? 15.2 Outcome Stakeholders did not provide any evidence that supports changing the ways in which distribution and transmission companies charge. Therefore, the Data Protection work stream did not consider that it was necessary to allow network or
CER/15/139 - Information Paper on Data Access & Privacy
34
transmission operators access to half hourly data without the consumer’s consent.