EPDS Warns Of Smart Meter Privacy Risks

The European Data Protection Supervisor (EDPS) has expressed privacy concerns about smart metering systems, which are due to be rolled out across the European Union by 2020.

The EDPS acknowledged there were numerous benefits to smart meters, but said that more must be done to improve security and how the data collected is stored.

EU member states are currently carrying out an economic assessment of costs and benefits ahead of smart meter rollouts, which is expected to deliver £7.2 billion in net benefits to the UK in the next 20 years.

Data mining fears

Smart Meters have long been proposed as a way of reducing energy use, but their benefits have been called into question by those who believe they will fail to deliver the expected benefits to householders and business owners.

Security concerns have long persisted, with analysts predicting that they will be hacked due to a lack of protection and their physical location in non-secure areas.

Chief among the EDPS’ concerns is the amount of sensitive personal data the meters could reveal, such as whether users are away on holiday or at work, if they use certain medical devices or a baby monitor and what they do with their free time.

Although he acknowledged this information might be useful for analysing energy use for conservation, he claimed the patterns discovered could be used for marketing, advertising and price discrimination by third parties.

To allay these concerns, the EPDS has issued a number of recommendations, such as offering more information on the legal basis of data processing and the choices available to citizens, such as the frequency of readings.

Recommendations

Privacy-enhancing Technologies (PETs) should be obligatory and there should be more guidance on how long the data is kept, the EPDS said. This information should also be made available to consumers, as should the ways it is used, it added.

“The EDPS calls on the Commission to assess whether further legislative action is necessary at EU level to ensure adequate protection of personal data for the roll-out of smart metering systems an – in his opinion – provides pragmatic recommendations for such legislative action,” said Giovanni Buttarelli, assistant EDPS. “Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament.

“These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches.”

What do you know about Green IT? Find out with our quiz!