EC’s Recommendation on smart metering rollout preparations lacks specifics on data protection, Data Protection Supervisor find


Brussels, Belgium — (METERING.COM) — June 12, 2012 – The European Commission’s Recommendation on preparation for the rollout of smart metering systems is welcome but it lacks more specific and more practical guidance on data protection, according to the European Data Protection Supervisor.

However, some guidance can still be given in the data protection impact assessment Template, which is currently under preparation by the Expert Group 2 of the EC Task Force on Smart Grids.

In an 18 page Opinion, the EDPS evaluates the Recommendation, which provides guidance to member states on, inter alia, the measures that should be taken in order to ensure that smart metering and smart grid systems are designed and operated subject to adequate data protection safeguards.

The EDPS says he particularly appreciates the efforts of the Commission to make use of newly proposed concepts such as data protection by design and practical tools such as data protection impact assessments and security breach notifications. The references to data minimization, data protection by default, privacy enhancing technologies (PETSs), transparency, and consumer are also welcomed.

However, stakeholders must be aware that processing of personal data in the context of smart grids/smart metering will have to fully comply with safeguards established in applicable data protection law, including the e-Privacy Directive. The EDPS also recommends member states to integrate data protection concerns into the cost-benefit analysis.

There are also several factors that suggest that specific legislative or regulatory action at national or at the EU-level could be beneficial and/or necessary, which the Commission should assess. Among these the supply of electricity and gas are regulated industries currently undergoing very significant changes, which call for adjustments of the regulatory framework.

Further, the EDPS recommends that there should be more guidance on a number of issues, including the retention periods of meter data and direct access to consumers to their energy usage data. A solution should be found to ensure that the data collected by the smart meters is made available to consumers in a user friendly way, and preferably independently of third parties.

The EDPS also recommends that meter readings should not be done more frequently than once every half an hour or hour, except if there is informed consent for a very specific value-added service requiring more frequent readings.

An opt-out for individuals who do not wish to take advantage of time of-use tariffs or other services based on smart meter functionalities (for privacy reasons, health reasons, or otherwise) is also proposed, recommending that they should not be required to switch to a smart meter. Alternatively, these customers should be given the choice to have a smart meter installed on which ‘smart functionalities’ including both collection of granular data and remote on/off control are disabled.