At present, the renewable energy sources and the energy efficiency represent a great theme. The renewable energy sources and the efficiency of energy consumption are heavily promoted by the European Union. Pursuant to the Directive 2009/28/EC on the promotion of the use of energy from renewable sources, at least a 20 % share of energy must come in 2020 from the renewable sources. To achieve the target the member states should encourage energy efficiency and energy saving. Therefore, the consumers should be provided with more information about their energy consumption.
A mean for achieving the abovementioned goals is a smart grid and smart meters. The smart grid is "an electricity network that can intelligently integrate the actions of all users connected to it - generators, consumers and those that do both - in order to efficiently deliver sustainable, economic and secure electricity supplies. A smart grid employs innovative products and services together with intelligent monitoring, control, communication, and self-healing technologies."[1] The smart meters are meters that enable the customers to control their energy consumption in real time.[2] The smart meters are connected with the infrastructure of energy supplier and facilitate a real-time control over the customers.[3]
The roll-out of the smart grid is included in the Third Energy Package adopted by the European Commission in 2009. Pursuant to the Directive 2009/72/EC concerning common rules for the internal market in electricity, at least 80 % of consumers in the member states shall be equipped with intelligent metering systems by 2020. In Italy, the penetration of the smart grid is even nearly 100 percent.[4] In March 2012 the European Commission issued a Recommendation on preparations for the roll-out of smart metering systems (hereinafter: "Recommendation").[5] According to the Recommendation the smart grid marks a new development towards greater consumer empowerment, greater integration of renewable energy sources into the grid and higher energy efficiency and makes a considerable contribution to the reduction of greenhouse gas emissions and to the job creation and the technological development in the European Union.
As mentioned before, the feature of the smart grid is an information flow from the consumer to the energy suppliers concerning the energy consumption in real time. "Data from a smart meter can tell an observer much more about a home than the information from a more traditional meter using older technology."[6] This results in processing of the data relating to individual users and their private life. The data from the smart meters are processed primarily by the suppliers. The information about the individuals may be also useful for police and the intelligence services in combating crime and terrorism. Under the assumption that the majority of households in Europe disposes of electricity and gas, the roll-out of the smart grid and smart meters opens the door to a mass surveillance of the energy consumers.
" Smart-metered information, collected at levels as fine as one-minute intervals, can be disaggregated into its constituent appliance events, allowing both consumers and utilities (and anyone else with access to the information) to see exactly what makes up an individual household's electricity demands. Such detailed information about the in-home activities of electricity customers can thus be used to piece together a fairly detailed picture of an individual's daily life or routine."[7] The data from the smart grid may contain information about the private life of the individual. From the data, anyone with access rights is able to learn when the consumer wakes up and takes a shower as well as when she usually returns home, switches the light on and cooks a dinner. Since every home appliance has its specific energy consumption,[8] the information about the household's equipment is available to the supplier. This is amplified by the fact that some electronic devices are equipped with a wireless radio that sends information about the energy usage to the supplier.[9] The smart meters can even tract the exact position of the electric device inside a building.[10] Thus, it is feasible to get the real time information about the position of the person in the house through the data from a stove or a television that has been switched on.
Since the smart meter detects a typical energy consumption of each electronic device, it can also record an electronic device used for e.g. specific health problems (for example a device for oxygen therapy used frequently by patients with the sleep apnea). This implies that the data processed by the means of the smart grid may have a character of the sensitive personal data pursuant to the art. 8 of the Directive 95/46/EC on the protection of individuals with regard to the processing of
- 197/198 -
personal data and on the free movement of such data.
The records relating to the energy consumption of households represent an enormous quantity of data. Those data may be subject to profiling and data mining in order to get valuable information about consumers' behaviour. The information may be exploited for direct marketing purposes. By the means of profiling, home appliances producers may draw a picture of a typical user of their products. Provided that marketers estimate when the consumer is usually at home, they may contact her in person.
The information obtained by the means of the smart meters may also be used for the so called event-driven marketing.[11] For instance, when a refrigerator or a television breaks down, the consumer may be addressed with an offer to purchase new devices. The increased energy consumption may signify a purchase of new home appliances due to an increase in the family income. As a consequence thereof the family may get unsolicited offers for specific products and services.
The data from smart meters may lead to price discrimination due to information imbalance between the consumers and the energy suppliers or third parties.[12] If the data on the energy consumption are linked to data concerning a party of a contract on energy supply, and eventually of other person sharing a house with her, the information about the energy usage becomes data about an identified or identifiable natural person. These data are personal data pursuant the art. 2 of the Directive 95/46/EC. The Article 29 Data Protection Working Party (hereinafter: 'The Article 29 Data Protection WP') has identified particularly these personal data: unique smart meter ID and/or unique property reference number, metadata referring to the configuration of the smart meter, a description of the message being transmitted, the data and the time stamp and the message content such a meter register is reading, alerts, network level information or load graphics.[13]
Pursuant to the Recommendation the rights and obligations provided by Directive 95/46/EC are fully applicable to smart metering which processes personal data. The controller has to prove legal grounds for processing of the data from the smart meters pursuant the art. 7 of the Directive 95/46/EC. The controller must fulfil the principles of personal data processing set in the art. 6 of the Directive. The data must be processed for specified, explicit and legitimate purposes. The processing of the data must be adequate, relevant and not excessive in relation to the purposes for which they are processed.
According to the Recommendation member states should perform an analysis prior to launching the processing operations, in order to determine to which extent suppliers and network operators need to store personal data for the purposes of maintaining and operating the smart grid and for billing. This analysis should allow member states to determine, if the periods for the storage of personal data set in national law are no longer than necessary for the purposes of operating smart grids. This must include mechanisms to ensure that the time limits set for the erasure of the personal data and for a periodic review of the need to store the personal data are observed. The Recommendation encourages member states to find technical and legal solutions which safeguard the protection of personal data as a fundamental right under art. 8 of the Charter of Fundamental Rights of the European Union and art. 8 of the European Convention on Human Rights (hereinafter: 'ECHR') that requires justifying any interference with the right to the protection of personal data. The legitimacy of interference must be assessed on a case-by-case basis in the light of the cumulative criteria of legality, necessity, legitimacy and proportionality.
The Recommendation assumes an adoption of the data protection impact assessment that describes the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address the risks, the safeguards and security measures and mechanisms to ensure the protection of personal data and to demonstrate a compliance with the Directive 95/46/EC, taking into account the rights and legitimate interests of data subjects. Moreover, the member states should encourage the network operators to incorporate the data protection by design and the data protection by default in the process of deployment of smart grids and smart metering.
In January 2013, the European Commission introduced a Data Protection Impact Assessment Template (hereinafter: "DPIA Template") for smart metering and smart grids. The DPIA Template was criticized by the Article 29 Data Protection WP.[14] In accordance with the Article 29 Data Protection WP the DPIA Template does not provide a precise definition and a description of the types of data processing. The DPIA Template should also encourage the companies concerned to ensure that only as much personal data is collected and processed as it is absolutely necessary. The Article 29 Data protection WP recommends using the privacy enhancing technologies and other techniques for data minimization.
- 198/199 -
Koops calls the current society where public and political debate became sensitive to risks, a crime society.[15] "Although most people would rationally agree that ultimately, not all risks can be eliminated, not even if unlimited resources were available, newspapers and parliamentary debates tend to blow up accidents, disasters, and attacks and consequently demand all possible action to prevent similar harm from happening in the future.... Framing social developments in terms of risk and desiring to eliminate danger as much as possible almost logically lead to a culture of control."[16]
The collection of personal data by the means of smart meters provides the police and the intelligence services with a new tool to search for those risks. For example, an extensive consumption of energy may signify an indoor marijuana grow house. Nevertheless, cannabis growers are nowadays aware of the smart meters and attempt to get around it, e.g. by cultivating marijuana in smaller crops.[17] In future, law enforcement bodies may consider energy consumption above average potentially suspicious.
The data recorded by the smart meter need not to be requested by the law enforcement body only in the case of suspicion of cannabis cultivation. Since the smart meters register detailed energy consumption of the consumer, the data may be used in an investigation of crime not related to the drug production. From the data the police and the intelligence services may obtain information about users' presence at home at specific periods of time or even in real time, information about the presence of other persons in the house or about the electric devices in the house and their operation. "Sometimes an LEA [law enforcement agencies] is less concerned about the use of a building than the conditions prevailing at the scene of a crime. For example, smart meter readings that record the instant of a power outage may mark the detonation time of a nearby car bomb. A sudden surge in air conditioning may pinpoint the moment when a burglar broke through a glass door or window. A long absence of running showers or baths in the home of a suspected child abuser may contribute to evidence of the abuse."[18]
In the United States, energy suppliers disclose energy bills to the law enforcement bodies under the same process as telecommunication service providers disclose communication subscriber records. The law enforcement bodies issue a subpoena for a disclosure and the supplier provides the law enforcement bodies with records.[19] For instance, in 2012 San Diego Gas & Electric disclosed records of 4 062 customers to the police.[20]
The Recommendation mentions the Directive 95/46/EC. However, this directive does not apply to the processing operations concerning the public security, defence, state security and the activities of the state in areas of criminal law (art. 3). Despite the fact that the processing of personal data in the field of public security, defence, state security and the activities of the law enforcement bodied is not covered by the aforementioned directive, the processing must comply with the art. 8 of the ECHR.[21] The European Court of Human Rights (hereinafter: 'the Court') found that storing and using of the personal information by the state constitutes an interference with one's right to respect for the private life. Such interference breaches art. 8 of the ECHR unless it is in accordance with the law, pursue one or more of the legitimate aims referred to in paragraph 2 of the art. 8 and it is necessary in a democratic society to achieve those aims. (Leander v. Sweden).[22] In order to fulfil the requirement of foreseeability, the law must be sufficiently clear in its terms to give individuals an adequate indication as to the circumstances in which and the conditions on which the authorities are empowered to resort to any such measures (Malone v. The United Kingdom).[23] In case that the Court finds that there is no domestic law which regulates the monitoring, the interference is not in accordance with the law (Copland v. The United Kingdom).[24] Provided that the use of data on the energy consumption by the law enforcement bodies is insufficiently regulated, the requirements of foreseeability and clarity of legislation laid down by the art. 8 of the ECHR are not met.
The data about the energy consumption that are recorded by the smart meters and retained by the energy supplier may draw a detailed picture of the private life of the consumer and as such, the data may be frequently used by the law enforcement bodies. The nature of these data resemble traffic and location data regulated by the Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector along with the Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (Data Retention Directive). Since the European legislator obliges the member states to equip at least 80 % of consumers with the smart meters in 2020, the data on the energy consumption of the majority of European population will be potentially available to the police and the intelligence services. For this reason, these data use should be subject to a special legislation. This legislation should define the types of data that emerge in connection with the energy consumption, conditions under which the state authorities could request the data from the
- 199/200 -
energy suppliers and the retention period of the data in the databases of suppliers. Due to the fact that these data are related to the private life of consumers, predefined states authorities should be authorized to request the data only for the investigation and the prosecution of serious criminal offences. The legislation should also provide sufficient measures for the security of the data recorded by the smart meters and retained by the suppliers. The consumer must as well be provided with adequate remedies and rectification. Only if the use of the data is covered by a special legislation, the protection of the energy consumers against an extensive unregulated surveillance can be guaranteed.
V. Conclusion
The advantage of the smart grid is an instrument for better suitability and for an effective transmission of energy originating from the renewable energy sources. The consumers' awareness of their energy usage is increased by the smart meters that record energy consumption of a household and transmit the data to an energy supplier.
Since the smart meter records the data about every home appliance and electric device in a building and the operation thereof, anybody with access to the data may be informed about the private life of an individual. The information obtained directly from a database or by means of data mining or profiling may serve to marketers to get knowledge about their (potential) customers or to address them with a targeted advertising.
The data about the energy consumption may not be used only by the energy suppliers and other marketers but also by the police and the intelligence services. The law enforcement bodies may get useful information for the investigation and the prosecution of crime. The intelligence services may use the data to identify risks for the national security. Thus, the data recorded by the smart meters may be used as a tool of surveillance of energy consumers.
The Recommendation on preparations for the roll-out of smart metering systems refers to the Directive 95/46/EC on processing of personal data. Nevertheless, this directive does not apply to the processing of personal data in the field of security, defence and in criminal law. As the European Commission plans a massive dissemination of the smart meters, there should be a harmonized legislative measure to regulate the use of the data on the energy consumption in the areas which are not covered by the Directive 95/46/EC. ■
NOTES
[1] European technology platform for the electricity networks of the future, Frequently Asked Questions, SmartGrids.eu (online). Available at http://www.smartgrids.eu/FAQ .
[2] Smart Meters: Controlling your Energy Bill?, Euroactive.com (online, 2013). Available at http://www.euractiv.com/energy-efficiency/smart-meters-controlling-energy-linksdossier-257199 .
[3] Cronin, M.J., Smart Products, Smart Services: Strategies for Embedded Control, Cambridge University Press, Cambridge: 2010, p. 176.
[4] Zhang, Z., Smart Grid in America and in Europe (part II): Past Accomplishments and Future Plans, Public Utilities Fortnightly, vol. 149, no.2 (2011), p.33. Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1799722 .
[5] Commission Recommendation of 9 March 2012 on preparations for the roll-out of smart metering systems (2012/148/EU).
[6] McNeil, S. K., Privacy and the modern grid, Harvard Journal of Law & Technology, vol. 25, no. 1 (2011), p. 3.
[7] Leake Quinn, E., Smart Metering & Privacy: Existing Law and Competing Policies. (2009), p. 3. Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=14(2285 .
[8] Ibidem., p. 2.
[9] Mims, C., Smart Gadgets are Like Sleeper Cells in Your Kitchen, Technologyreview.com (online), (2011). Available at http://www.technologyreview.com/view/425(27/smart-gadgets-are-like-sleeper-cells-in-your-kitchen/?p1=blogs .
[10] Reilly, L., Automatic Consumer Privacy Rights Embedded In Smart Grid Technology Standards By The Federal Government Introduction, Vermont Law Review, vol. 36 (2011), p. 478. Available at http://lawreview.vermontlaw.edu/files/2012/02/18-Reilly-Book-2-Vol.-36.pdf .
[11] Event-driven marketing is a marketing discipline. The basis for commercial and communication activities of a marketer is a change in customer's individual needs based on an event in customer's life. (see Van Bel, J.E., Sander, E., Weber A., Follow That Customer!: The Event-Driven Marketing Handbook, Racom Communications, Chicago: 2010)
[12] Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems, 8 June 2012. Available at https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-06-08_Smart_metering_EN.pdf .
[13] Opinion 12/2011 of Article 29 Data Protection Working Party on smart metering, 4 April 2011 (WP 183), p. 7.
[14] Opinion 04/2013 of the Article 29 Data Protection Working Party on the Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems ('DPIA Template') prepared by Expert Group 2 of the Commission's Smart Grid Task Force, 22 April 2013 (WP205).
[15] Koops, H. J., Technology and the Crime Society: Rethinking Legal Protection, TILT Law & Technology Working Paper No. 010/2009 (2009). p. 16. Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=13(7189 .
[16] Ibidem., p. 7.
[17] Smart meters help cops identify and bust indoor marijuana growing operations, Allvoices.com (online), (2011). Available at http://www.allvoices.com/contributed-news/8347690-smart-meters-help-cops-identify-and-bust-indoor-marijuana-growing-operations .
[18] Neustar White Paper: When Smart Grids Grow Smart Enough To Solve Crimes, Energy.gov (online), (2010), p. 6. Available at http://energy.gov/sites/prod/files/gcprod/documents/Neustar_Comments_DataExhibitA.pdf .
[19] Ibidem, p. 5.
- 200/201 -
[20] California Public Utilities Commission, Annual Privacy Report of San Diego Gas & Electric (2013), p. 6. Available at http://www.cpuc.ca.gov/NR/rdonlyres/1AAFED95-3F3F-4296-B4B6-8CB8E6704CC1/0/SDGEAnnual_Privacy_Report_2012.pdf .
[21] Article 8 of the ECHR
(1) Everyone has the right to respect for his private and family life, his home and his correspondence.
(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
[22] Decision of the European Court of Human Rights from 26 March 1987, no. 9248/81 (Leander v. Sweden).
[23] Decision of the European Court of Human Rights from 2 August 1984, no. 8691/79 (Malone v. The United Kingdom).
[24] Decision of the European Court of Human Rights from 3 April 2007, no. 62617/00 (Copland v. The United Kingdom).
Lábjegyzetek:
[1] The author is Institute of Law and Technology, Faculty of Law, Masaryk University in Brno.
Visszaugrás
