![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
The Smart Meter Implementation Programme is the Government's flagship energy policy. In its search for solutions to address privacy dilemmas raised by smart meters, the Government has been content with using data protection principles as a policy framework to regulate the processing of consumers' personal information. This is worrying since the question of who has access to what type of information and how it is used cannot simply be regarded as raising information security, authenticity and integrity issues. If we are to go beyond the rhetoric of protecting the privacy rights of energy consumers we must scrutinise the context in which legitimate interests and reasonable expectations of privacy subsist. To remedy this apparent policy oversight, the paper undertakes two tasks: first, to clarify the content and application of data protection and privacy rights to smart meters; and second, it outlines a policy framework that will address the lack of specificity on how best innovation and privacy issues can be better calibrated. More importantly, it calls for targeted substantive reforms, development of accessible privacy policies and information management practices that promote transparency and accountability and deployment of technological solutions that will help reduce emerging fault lines between innovation and privacy in this sphere of energy policymaking.
Keywords:
Notes
Ernst & Young. 2012. Smart grid: a race worth winning? Available at http://www.ey.com/Publication/vwLUAssets/Smart_Grid-_a_race_worth_winning/$FILE/Smart%20Grid%20-%20a%20race%20worth%20winning.pdf. Pp.18-24.
Department of Energy and Climate Change. 2012a. Smart metering implementation programme (April update). Available at http://www.decc.gov.uk/assets/decc/11/consultation/smart-metering-imp-prog/4938-smart-metering-imp-prog-update-apr2012.pdf: para. 3.3.
Brynjolfsson, E., Hitt, L., and Kim, H. (2011). Strength in numbers: how does data-driven decision- making affect firm performance? Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1819486.
McKinsey Global Institute. 2011. Big data: the next frontier for innovation, competition, and productivity. Available at http://www.mckinsey.com/Insights/MGI/Research/Technology_and_Innovation/Big_data_The_next_frontier_for_innovation, pp. 4–11.
Federal Trade Commission. 2012. Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers. Available at http://www.ftc.gov/opa/2012/03/privacyframework.shtm, Bradwell, P. 2010. Private lives: a people's inquiry into personal information, p. 38 Available at http://www.demos.co.uk/files/Private_Lives_-_web.pdf; Accenture. 2011. Revealing the values of the new energy consumer, p. 32 Available at http://www.accenture.com/SiteCollectionDocuments/PDF/Resources/Accenture_Revealing_Values_New_Energy_C onsumer.pdf.
Schmidt, A. 2012. Context-aware computing: context-awareness, context-aware user interfaces, and implicit interaction. In: Soegaard, M. and Dam, R.F. (eds), Encyclopedia of human-computer interaction. Aarhus, Denmark: The Interaction Design Foundation. Available online at http://www.interaction-design.org/encyclopedia/context-aware_computing.html.
Engage Consulting. 2011. Engage Consulting briefing note: smart metering implementation programme: government response to prospectus consultation.
Consumer Focus. 2010a. Consumer Focus response to smart metering implementation programme: data privacy and security. Available at http://www.consumerfocus.org.uk/files/2009/06/Consumer-Focus-response-to-Smart-Metering-Implementation-Programme-Data-Privacy-and-Security.pdf, pp. 4–6. House of Lords. 2009. Surveillance: citizens and the state. Select Committee on the Constitution, 2nd Report of Session 2008-09, HL Paper 18-I. London: The Stationery Office. Paragraphs 10-14. Reference should however be made to the explicit mention of Article 8 ECHR concerns in Department of Energy and Climate Change. 2011. Impact assessment: Smart Meter rollout for the domestic sector. Available at http://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/1485-impact-assessment-smart-metering-implementation-p.pdf, p. 82. However, this dimension is not followed through in any meaningful detail in subsequent documents.
European Commission. 2012. Safeguarding privacy in a connected world – a European data protection framework for the 21st century. COM(2012) 9 final, 9.
European Commission. 2010. Energy 2020 a strategy for competitive, sustainable and secure energy (Communication). COM (2010) 639 final Action 3.
Oxford Economics. 2012. The value of smart metering to Great Britain – draft report for British Gas, p. 7.
Department of Energy and Climate Change. 2011a. Smart metering implementation programme: response to prospectus consultation: overview document. Available at http://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/1475-smart-metering-imp-response-overview.pdf; Data access & privacy – Smart Metering Implementation Programme. 2011b. Available at http://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/1477-data-access-privacy.pdf;. Impact assessment: Smart Meter rollout for the domestic sector. 2011c. Available at http://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/1485-impact-assessment-smart-metering-implementation-p.pdf
Department of Energy and Climate Change. 2010. Smart Metering implementation programme: data privacy and security (supporting document). Available at http://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/232-smart-metering-imp-data-privacy-security.pdf, pp. 6–10.
DECC, note 2, 2012.
DECC, note 12, 2011b.
Department of Energy and Climate Change. 2012. Smart meter rollout for the domestic sector (GB): Impact Assessment (Government response stage). Available at https://www.decc.gov.uk/assets/decc/Consultations/smart-meter-imp-prospectus/221-ia-smart-roll-out-domestic.pdf.
DECC, note 12, 2011a. 41–47. Stakeholder groups include energy suppliers (12); communications sector (10); energy services companies (8); network operators (4); consumer and campaign organizations (3); trade associations (3); academics and professional institutions (3); and regulators (2).
Ibid., p. 6, Van Elburg, H. 2008. Report on effective customer feedback mechanisms, deliverable 6, work package 2, task 2 and 3 of ESMA-Project, supported by IEE, July 2008.
The Data and Communications Company will now provide secure communications between energy suppliers, network operators and authorised third parties on the one hand, and compliant smart metering equipment in UK domestic premises on the other. Licensees are required to ‘take all reasonable steps to ensure that it is able to comply’ with ISO 27001:2005. Energy UK. 2012. Energy UK's Privacy Commitments for Smart Metering: Version 1.0. Available at http://staging.energy-uk.org.uk/publication/finish/37-smart-meter-policies/448-energy-uk-privacy-commitments-for-smart-metering.html.
Energy Networks Association. 2011. Privacy impact assessment: use of smart metering data by network operators. http://www.energynetworks.org/electricity/futures/smart-meters.html. Wright, D. 2011. Should privacy impact assessments be mandatory? Communications of the ACM 54, no. 8: 123–124; Clarke, R. 2009. Privacy impact assessment: its origins and development. Computer Law and Security Review 25, no. 2: 123–135.
Bennett, C., Charlesworth, A., Clarke, R., and Oppenheim, C. 2008. Privacy impact assessments: international experience as a basis for UK guidance. Computer Law and Security Report 24, no. 3: 233–242.
DECC, note 16, 2012: 88.
Information Commissioner's Office (ICO). 2009. Privacy impact assessment handbook, Version 2.0 (June 2009). Available at http://www.ico.gov.uk/for_organisations/topic_specific_guides/ pia_handbook.aspx.
McDaniel, P., and McLaughlin, S. 2009. Security and privacy challenges in the smart grid. IEEE Security and Privacy, May/June 2009, p. 73.
IBM. 2012. Managing big data for smart grids and smart meters. 25 May, 2012: 2, http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=WH&htmlfid=IMW14628USEN.
Knyrim, R., and Trieb, G. 2011. Smart metering under EU data protection law. International Data Privacy Law, March 1, 2011: 121, Klopfert, F., and Wallenborn, G. 2011. Empowering consumers through smart metering. Report for BEUC. Available at http://docshare.beuc.org/Common/GetFile.asp?ID=43184&mfd=off&LogonName=GuestEN; Hargreaves, T., Nye, M., & Burgess, J. 2010. Making energy visible: a qualitative field study of how householders interact with feedback from smart energy monitors. Energy Policy 38: 6111–6119, Darby, S. 2006. The effectiveness of feedback on energy consumption: a review for DEFRA of the literature on metering, billing and direct displays. Available at http://www.eci.ox.ac.uk/people/darbysarah.php.
Turow, J. 2011. The daily you: how the new advertising industry is defining your identity and your worth, 18–31. New Haven, CT: Yale University Press.
Cohen, J. 2012. Configuring the networked self, 115–121. New Haven, CT: Yale University Press.
Eurobarometer. 2011. Special Eurobarometer 359 Survey attitudes on data protection and electronic identity in the European Union. Available at http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf, p. 137.
Quinn, E. 2009. smart metering & privacy: existing law and competing policies. Report for the Colorado Public Utilities Commission, Spring 2009. Available at http://cospl.coalliance.org/fez/eserv/co:7930/reg72m562009internet.pdf, p.11.
European Data Protection Supervisor. 2012. Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-06-08_Smart_metering_EN.pdf, Para. 14-20 and 72.
Rheingold, H. 2002. Smart mobs, the next social revolution. Cambridge, MA: Perseus, pp. 84–85. This view is echoed very much by scholars such as Ling and Dourish when they point to the way embodiment not only leads to consumers failing to recognise the significance of blurring contexts and spaces but sensory capabilities possessed by technologies permit access to personal information in settings when actual physical intervention would have been previously needed: Ling, R. 2008. New tech, new ties: how mobile communication is reshaping social cohesion, 3. Cambridge: MA: MIT; Dourish, P. 2001. Where the action is: the foundations of embodied interaction, 101. Cambridge, MA: MIT.
Brandimarte, L., Acquisti, A., and Loewenstein, G., 2010. Misplaced confidences: privacy and the control paradox. Ninth Annual Workshop on the Economics of Information Security (WEIS). Available at http://www.futureofprivacy.org/wp-content/uploads/2010/09/Misplaced-Confidences-acquisti-FPF.pdf. Many consumers are unaware that apps installed on their smartphones and devices can access address book and other personal information automatically: Smith, E. 2010. iPhone applications & privacy issues: an analysis of application transmission of iPhone Unique Device Identifiers (UDIDs). Available at http://pskl.us/wp/wp-content/uploads/2010/09/iPhone-Applications-Privacy-Issues.pdf.
Office of Fair Trading. 2012. OFT calls for information about online personalised pricing practices. Published 15 November 2012. Available at http://www.oft.gov.uk/news-and-updates/press/2012/104-12#.ULi3Q4VkgXw. See also Cavoukian, A., Polonetsky, J., and Wolf, C. 2010. SmartPrivacy for the smart grid: embedding privacy into the design of electricity conservation. Identity in the Information Society 3, no. 2: 275–294. Lupton, D. 2000. The embodied computer/user. In D. Bell and B. Kennedy (eds), Cybercultures reader, 477–488. New York: Routledge Press.
OfCom, Communications Market Report. 2011. Available at http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr11/UK_CMR_2011_FINAL.pdf, pp. 193–195. European Commission. 2012b. Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) COM(2012) 11 final. European Data Protection Supervisor. 2012b. Opinion on the Communication: A comprehensive approach on personal data in the European Union. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-03-07_EDPS_Reform_package_EN.pdf.
Anderson, R. 2010. Consultation response on smart metering. Published 28 September 2010. Available at ww.cl.cam.ac.uk/ ∼ rja14/Papers/fipr-smartmeters2010.pdf.
Consumer Focus. 2010b. Consumer Focus response to smart metering implementation programme: implementation strategy. Available at http://www.consumerfocus.org.uk/files/2009/06/Consumer-Focus-response-to-Smart-Metering-Implementation-Programme-Implementation-Strategy.pdf, pp. 7–9.
World Economic Forum. 2011. Personal data: the emergence of a new asset class. Available at http://www.weforum.org/reports/personal-data-emergence-new-asset-class, p.5, FTC, note 5 at 26.
Turow, note 27 at: 179–181.
Bennett, C. 2010. International privacy standards: can accountability ever be adequate? Privacy Laws & Business International Newsletter 106: 21, 21–22.
McDonald, M., and Cranor, L. 2008. The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society 4: 564.
Nissenbaum, N. 2009. Privacy in context: technology, policy and the integrity of social life, 105. Stanford, CA: Stanford University Press.
Gellert, R., and Gutwirth, S. 2012. Beyond accountability, the return to privacy? In D. Guagnin, L. Hempel, C. Ilten, I. Kroener, D. Neyland and H. Postigo (eds), Managing privacy through accountability, 261–283. London: Palgrave Macmillan.
Ibid., 274. They suggest that Article 8 ECHR, unlike data protection provisions and the Privacy Charter, emphasizes opacity rather than transparency, which is the operative default rule in data protection frameworks, p. 271.
Danahy, J. 2009. The coming smart grid data surge. Published October 5, 2009. Available at http://www.smartgridnews.com/artman/publish/News_Blogs_News/The-Coming-Smart-Grid-Data-Surge-1247.html.
Rabb, C. 2012. The meaning of ‘accountability’ in the information privacy context. In D. Guagnin, L. Hempel, C. Ilten, I. Kroener, D. Neyland and H. Postigo (eds). Managing privacy through accountability, 15–17. London: Palgrave Macmillan; Regan, P. 1995. Legislating privacy: technology, public values, and public policy, 221. Chapel Hill: University of North Carolina Press.
Office of the Privacy Commissioner of Canada. 2012. Web Leakage Research Test Results. Available at http://www.priv.gc.ca/information/pub/wl_201209_e.asp.
EDPS, note 31, 2012: para. 27-31.
Austin, L. 2012. Privacy, shame, and the anxieties of identity. Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2061748.
Hutnik, A. 2011. 3 FTC cases that could affect your mobile app. Published October 21, 2011. Available at http://mashable.com/2011/10/21/apps-ftc-settlements/. O'Reilly, L. 2012. Mobile operators agree to new app privacy rules. Published 20 February, 2012. Available at http://www.marketingweek.co.uk/news/mobile-operators-agree-to-new-app-privacy-rules/4000327.article.
See for example DECC 2012c: 24.
European Data Protection Supervisor. 2010. Opinion on promoting trust in the Information Society by fostering data protection and privacy. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10- 03-19_Trust_Information_Society_EN.pdf : 11-15, note 35, 2012b: para. 181, FTC, note 5 at 7-15.
Cohen, note 28 at 144–146.
Raab, note 46 at 24-29.
Bovens, M. 2007. Analysing and assessing accountability: a conceptual framework. European Law Journal 13: 447–468, 447–449.
European Data Protection Supervisor. 2010. Opinion on promoting trust in the Information Society by fostering data protection and privacy. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf. : para.11-15, EDPS 2011: para. 68-82.
It is not uncommon for contract terms to stipulate that the supplier does not have responsibility over subsequent use of information or their secondary usage. Energy suppliers may not be the only organisations who will utilise data optimising systems to integrate energy consumption history, choice of appliances and plug-in devices, visits to websites, phone calls and emails to customer services with databanks of publicly available information to profile consumers and monetise the information. See ICO, What Price Privacy Now? http://www.ico.gov.uk/news/current_topics/~/media/documents/library/Corporate/Research_and_reports/WHAT_PRICE_PRIVACY_NOW.pdf. See also the announcement by Telefónica to monetise value from its aggregated and anonymous mobile network data: http://blog.digital.telefonica.com/?press-release=telefonica-digital-thinking-things-concept-can-create-smart-m2m-connectivity-for-any-object.
Hon, K., Hor¨nle, J., & Millard, C. 2012. Data protection jurisdiction and cloud computing – when are cloud users and providers subject to EU data protection law? The cloud of unknowing. International Review of Law, Computers & Technology 26: 2–3, 134–136.
The ethics of digital curation may very well emerge as a principle, which ensures that certain privacy rights are non-negotiable. At present however, the application of this principle may be a difficult argument to run, given that consumers can ‘opt-out’ from installing smart meters in their homes. British Gas, Customer Charter (Summary version). The occupants living in Cosgrove Way may claim their ‘right to be left alone’ but at present the Programme provides no credible response the questions raised above. Customers are advised to read the full terms at britishgas.co.uk/termsandconditions. A good example would portals like Oopower that encourage consumers to provide information regarding the energy practices and appliances used in the home.
Cohen, note 28 at 150.
Organisation for Economic Cooperation and Development. 1980. OECD guidelines governing the protection of privacy and transborder flows of personal data. Available at http://www.oecd.org/internet/interneteconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.
Article 29 Data Protection Working Party. 2011a. Opinion 15/2011 Consent WP187. Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf. It widens the scope of the concept.
For ease of reading the relevant Opinion issued by A29WP will be stated in numerals.
Directive 95/46/EC Article 2(a), A29WP. 2011b. Opinion 12/2011 on smart metering WP 183. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp183_en.pdf 183: 6–8.
Ibid,. A29WP. 2011b. 8–10.
See also A29WP. 2009. The future of privacy: joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data WP168. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp168_en.pdf.
De Hert, P. and Gutwirth, S. 2009. Data protection in the Case Law of Strasbourg and Luxembourg: constitutionalization in action. In S. Gutwirth, Y. Poullet, P. de Hert, C. de Terwangne and S. Nouwt (eds), Reinventing data protection?, 8. Berlin: Springer.
A29WP. 2007. Opinion No 4/2007 on the concept of personal data WP 136. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf A29WP (2010).Opinion 3/2010 on the principle of accountability WP173. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf.
See for example A29WP, ibid,. 2010 173: 10-15 and note 62, 2011a 187: 11–12.
See A29WP 2010: 3–4 and Vyas, D. 2011. On the record: energy suppliers and credit reference information. Consumer Focus. Available at http://www.consumerfocus.org.uk/files/2011/10/Consumer-Focus-On-the-record.pdf.
De Hert and Gutwith, note 67 at 15–20.
Article 8(2) ECHR provides ‘There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others’.
Cuijpers, C., and Koops, B-J. 2013. Smart metering and privacy in Europe: lessons from the Dutch case. In S. Gutwirth, R. Leenes, P. de Hert, and Y. Poullet (eds). European data protection: coming of age, 269–293. Berlin: Springer.
See UK government's recent Impact Assessment of the draft European data protection regulation published on 22 November 2012. Available at https://consult.justice.gov.uk/digital-communications/data-protection-proposals-cfe/results/eu-data-protection-reg-impact-assessment.pdf
Even though ‘command and control’ regulations possess virtues of high dependability and predictability, this technique lacks the subtlety in managing polycentric public policy issues. The shortcomings of a centralised approach to rule enforcement and compliance are particularly acute in areas of public policy that are challenged by the scale and rapid nature of technological advances. Complex systems and networks continue to challenge traditional command and control strategies – smart meters now join the list of the ‘Internet of things’ that present society with a Faustian bargain.
Responsive governance may help address ‘regulatory deficits’ in situations where consumers do not take advantage of the protections provided by the law owing to their lack of information or understanding of how best to manage their exposure to particular risks or exploitative practices. Responsive governance has also been seen as a strategy designed to offset the problems of market failure, ‘regulatory creep’, the State's lack of resources and expertise and the need to keep pace with technological developments. Consequently, as Foucault reminds us, holding on to the trenchant ideology of ‘constraining’ or ‘controlling’ architectures is deceptive and an oversimplification of policymaking.
See EDRI ‘(3a) “profiling” means any form of automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour: http://protectmydata.eu/articles/articles-1-10/article-4/.
Eurobarometer 2012, A29WP, note 62 (2011a): 7.
See A29WP, note 62 (2011a).
A29WP. (2012). Working Document 02/2012 setting up a table with the elements and principles to be found in Processor Binding Corporate Rules 00930/12/EN WP 195. Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp195_en.pdf.
Responsive governance can be described as a strategy where organisational behaviour and policies are steered towards ensuring that technology push measures do not undermine consumers’ privacy and safeguards to their energy usage data. Some of its key elements include collaboration in problem-solving, engagement and responding to public opinion and concerns.
DECC, note 2, 2012a para. 3.3.
Ibid., para. 4.7–4.15, 4.20–4.25.
A PIA does not necessarily mean that the parties have complied with their privacy obligations.
DECC, note 2, 2012a: para. 4.17
A29WP, note 66, 2009, 168: 14–15, De Hert and Gutwirth, note 67 at 39–42.
See the mandate initiated by European Commission and accepted by CEN, CENELEC and ETSI, available at http://www.cen.eu/cen/Sectors/Sectors/Measurement/Documents/M441.pdf.
A29WP, note 66, 2009, 168: 53.
Erickson, T., and Kellogg, W. 2000. Social translucence: an approach to designing systems that support social processes. Transactions on Computer-Human Interaction 7: 59–83.
Von Schomberg, R. 2011. Prospects for technology assessment in a framework of responsible research and innovation. In M. Dusseldorp and R. Beecroft (Eds). Technikfolgen abscha?tzen lehren: Bildungspotenziale transdisziplina?rer Methoden, 39–61. Wiesbaden: Vs Verlag.
Culnan, M. 2000. Protecting privacy online: is self-regulation working? Journal of Public Policy & Marketing 19: 20–26.
The European Data Protection Supervisor has recently provided policymakers and Governments with recommendations, which lend specificity to the measures that enable industry to address and implement its privacy obligations: EDPS, note 31, 2012a. See also its emphasis on practical governance: EDPS, note 35, 2012b and EDPS, note 52. European Data Protection Supervisor. 2010. Opinion on promoting trust in the Information Society by fostering data protection and privacy. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10- 03-19_Trust_Information_Society_EN.pdf.