Since the new Electricity Supply Act came into force on 1.1.2008, the electricity market has experienced step-by-step deregulation. Along with the range of alternative energy sources used, this has led to the need for a new way of metering use. Digital meters, so-called «smart meters», can store large amounts of data; this brings certain risks from the point of view of data protection.
The main data protection risks involved in using electronic energy meters, or smart meters, are explained below and recommendations made for improving data protection.
Liberalisation of the electricity market and renewable energies
On 1 January 2008 the Electricity Supply Act came into force. Under this act, the state-regulated market will be opened up in stages. In a first step, major customers with an annual electricity consumption of over 100 megawatt hours were permitted to enter the liberalised market. Since 2009, some 50,000 companies have been able to choose their power supplier. This involves considerable changes for the 900 or so electricity supply companies in Switzerland. In a further step, from 2014, small businesses and households will also have access to the liberalised market. This means electricity consumers in Switzerland will be able to choose where they purchase their electricity. This second stage in the liberalisation process will however be subject to an optional referendum, as was the first.
The opening of the market leads to a separation of the grid and power supply. In other words, electricity customers will in future have an electricity distribution grid operator and an electricity supplier; they cannot choose the former but have a free choice of the latter.
The growing proportion of electricity in the grid from alternative energy sources (solar and wind power) creates an increasing need to control how power is fed into the grid and used. It is relatively easy to control electricity production from conventional power stations (nuclear, coal, oil and gas), whereas regulating supply from solar and wind power is more difficult. Power load fluctuations can be balanced out by adjusting the supply from conventional power stations, making use of pumped storage hydroelectric plants and electricity trading.
In order to plan power supply and low-cost tariffs, a precise consumption forecast is required, since short-term over- and under-capacity is expensive for power suppliers. Therefore, power suppliers require detailed information about household energy consumption. It is even conceivable that in future, power-hungry household appliances will be run during high-load periods in order to achieve more balanced and efficient power utilisation in the grid. For example, freezers and refrigerators could be cooled or vehicle energy storage devices recharged during low-load periods on the transmission grid.
Current means of metering power use and technical requirements for new energy meters
Until now, electricity use has been measured electromechanically using either a single-tariff or double-tariff electricity meter. The single-tariff meter has a single counter and records total power use. If the power company provides electricity at high and low rates, double-tariff meters are used to record power consumed at the high tariff (usually during the day) and at the low tariff separately. The meter is read on site every six months or annually.
With the separation of grid operations from power supply, it becomes necessary to be able to set each electricity meter individually, as the different suppliers set their tariffs according to supply and demand. Therefore, digital meters are required which can record power consumption at different times. Digital electricity meters can also be read at a distance, i.e., they can in future be read at any point in time, without the need for someone to be physically present at the meter. This means they can be read more flexibly and cheaply.
Besides these requirements, depending on their grid operator and power supplier, customers will also be able to access their current and previous user data online or via a terminal in the home. This will provide information about energy use and should help to reduce consumption.
Risks from the data protection perspective
Intelligent electricity meters display the total and current power consumption and the utilisation period. Depending on how the device is configured, household load profiles can be drawn up in differing degrees of detail. A load profile is compiled by recording power consumption every quarter of an hour (35,000 measured points per year) and is stored in the device until it is read or overwritten.
Due to the technical configuration of digital electricity meters, as well as providing metering and billing data they are able to compile an energy use profile for a household or company. The detailed data may provide customers with important information regarding their power consumption and therefore possibilities for making savings. It may also contain information about business activities, production processes, personal activities, daily routine, illness etc. However, in the view of the Federal Data Protection and Information Commissioner, it is not necessary for this detailed information to be passed on automatically to the power supplier or grid operator. Energy use forecasts can also be compiled on the basis of anonymised data collected from several households.
The principles of data protection should be respected when utilisation data which is not relevant for billing purposes is collected, i.e., data used to compile a household's load profile. This means that both when the people concerned are informed and the system is configured, it should be ensured that the process is proportionate, secure, and its purpose evident to the data subject. In the context of Smart Grid this has the following consequences:
The principle of proportionality requires that no more personal data should be collected than is necessary for processing purposes. The purpose of processing must be explained when the data is collected, e.g. in general terms and conditions, but this explanation should not be formulated in such a general way that it could essentially include any kind of processing. In other words, the purpose to which the data will be put should be defined from the beginning and only the data that is absolutely essential for this purpose should be selected for use. This prevents a stock of wide-ranging information being collected.
Data security should involve the whole data life cycle, from the point it is generated in the smart meter to the time it is deleted by the power supplier or grid operator. This does not only include the regular metering of power consumption and data storage, but also the range of transmission possibilities (terminal in the home, transmission to the grid operator or power supplier).
When data processing is outsourced to third parties, the general provisions of Art. 10 of the Federal Act on Data Protection (FADP) should be observed.
Recommendations of the FDPIC
- Comprehensive and clear information should be given to data subjects about data processing (in particular its purpose, but also when data will be passed to third parties), for example in the general terms and conditions.
- When energy use forecasts are compiled, data should be collected from a number of households or anonymised; detailed consumption profiles which make it possible to identify individual households should not be compiled.
- Grid operators and power suppliers should not have access to real-time data.
- Access control and logging of energy consumption/load profile readings from energy meters.
- Protected access and access logs in case load profiles are saved with power suppliers and/or grid operators.
- Data should be transmitted in encrypted form both within the building and when sent to the power supplier or grid operator.
- Data should be protected from loss, theft, unauthorised access, disclosure, use or modification.
- The consent of data subjects should be obtained before household load profiles are passed on or evaluated.
Smart Meter und Smart Grid - Intelligente Energiemessung, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
The Smart Grid and Privacy, Electronic Privacy Information Center EPIC
Opinion 12/2011 on smart metering, Article 29 data protection working party (EU)
(Last update: April 2011)