Advanced search
Publication Cover
Cogent Social Sciences Volume 10, 2024 - Issue 1
Submit an article Journal homepage
0
Views
0
CrossRef citations to date
0
Altmetric
Law, Criminology & Criminal Justice

Cessante ratione legis, cessat ipsa lex? Data and privacy protection in the digitized energy sector amidst green and digital transformation processes

Zoran DimovićLaw Faculty, University of Maribor, Maribor, SloveniaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0001-7860-1453View further author information
ORCID Icon
Article: 2367258 | Received 09 Sep 2023, Accepted 08 Jun 2024, Published online: 08 Jul 2024

Abstract

The ex ante regulation of green and digital transformation processes is set to significantly impact personal data and privacy protection in the digitalized energy sector. Although the drive for digitization aligns with EU values, goals, and objectives, it does not inherently ensure compliance with fundamental human rights. While general rules for personal data and privacy protection are sufficiently flexible to allow for appropriate interpretation, implementing sector-specific human rights regulations would enhance legal certainty. This is particularly crucial given the heightened sensitivity of the electricity sector compared to natural gas or heat. The observed lack of standardization in the digitalization of the energy sector is likely to become even more pronounced with the continued development of digital technologies. This increasing complexity underscores the need for comprehensive regulatory frameworks that address both the opportunities and challenges presented by the green and digital transformation. These considerations have significant implications for policymakers, academics, and legal practitioners. Understanding and addressing these issues is essential for ensuring that the transformation processes in the energy sector are conducted in a manner that respects personal data and privacy protection while advancing sustainable and digital innovation. The development of robust and specific regulations will be key to balancing these objectives and ensuring the protection of fundamental human rights in an increasingly digitalized energy landscape.

KEY FINDINGS

  • It is inevitable that ex ante regulation of green and digital transformation processes will impact personal data and privacy protection in the digitalized energy sector.

  • While the demand for digitization in the energy sector is generally in line with the values, goals, and objectives of the EU, it does not necessarily ensure compliance with fundamental human rights.

  • While general rules for personal data and privacy protection are flexible enough to allow for appropriate interpretation, sector-specific rules on human rights would enhance legal certainty, particularly given the sensitivity of the electricity field in comparison to natural gas or heat.

  • The observed sub-standardisation in the digitalisation of the energy sector is likely to become even more pronounced with the continued development of digital technologies in this field.

  • Altogether have important implications for policymakers, academics, and legal practitioners seeking to understand and address the challenges and opportunities associated with green and digital transformation processes in the energy sector.

Introduction

The foundations of the European Union (EU) are built on shared values of human dignity, freedom, democracy, equality, the rule of law, and the respect for human rights. These common values are derived from the Charter of Fundamental Rights of the European Union (the Charter).Footnote1 The Charter reaffirms, while taking into account the powers and tasks of the EU and the principle of subsidiarity, the rights that stem from the constitutional traditions and international obligations shared by the Member States, as well as from the European Convention for the Protection of Human Rights and Fundamental Freedoms, the Social Charters adopted by the EU and the Council of Europe, and the case law of the Court of Justice of the European Union and of the European Court of Human Rights.

Article 7 of the Charter explicitly guarantees the fundamental right to privacy for all people in Europe. Furthermore, the Charter emphasizes the fundamental right to protection of personal data in Article 8, which states that everyone has the right to the protection of their personal data. Both of these rights are protected on the primary level of EU law and have a constitutional nature. For these formal and substantive reasons, they must be taken into account in ongoing green and digital transformation processes.Footnote2

Energy law is an area of law that governs the production, distribution, and use of energy resources. In recent years, there has been a growing focus on the integration of green and digital transformation processes in the energy sector. Green transformation refers to the transition towards renewable energy sources, while digital transformation refers to the integration of digital technologies in the energy sector. The main legal issue is of whether the green and digital transformation is compliant with energy law and the Treaty on the Functioning of the European Union (TFEU),Footnote3 and the Treaty on European Union (TEU)Footnote4 is a complex legal matter that requires a detailed analysis. In general, the integration of green and digital transformation into energy law and EU treaties is a relatively new and developing area of law, and as such, legal scholarship on this topic is still in its early stages. However, it is clear that the green and digital transformation must be carried out in a manner that is consistent with the EU’s core values and objectives, as set out in the TFEU and TEU. This includes, among other things, the protection of fundamental rights and freedoms, non-discrimination, and the promotion of sustainable development. In terms of energy law, the integration of green and digital transformation is likely to require significant changes to existing regulatory frameworks. This may involve the development of new legal instruments and the modification of existing ones to reflect the changing technological and environmental landscape.

Overall, the extent to which the green and digital transformation is compliant with energy law and the EU treaties will depend on a range of factors, including the specific legal and regulatory frameworks in place, the nature of the technological and environmental changes involved, and the broader social and economic context in which the transformation is taking place. The integration of these two processes has the potential to transform the energy sector by increasing efficiency, reducing emissions, and promoting sustainability. However, there are also concerns regarding the protection of personal data and privacy in the digitalized energy sector.

To address these concerns, ex ante (Lavrijssen, Citation2016) regulation on green and digital transition processes is necessary to ensure compliance with fundamental human rights. While the demand for digitization of the energy sector is consistent with the values, goals, and objectives of the EU, it does not automatically guarantee compliance with human rights. General rules for personal data and privacy protection are flexible enough to address most legal issues in the digitalized energy sector. However, sector-specific rules on human rights would contribute to legal certainty, especially given the sensitivity of the electricity sector compared to natural gas or heat. In the rapidly evolving energy sector, with the continued advancement of digital technologies, it is of utmost importance to establish suitable legal frameworks to address the issue of observed sub-standardization. This includes intra-sectoral differentiation and the adoption of legal acts that require green and digital transformation from member states. In conclusion, the integration of green and digital transformation processes in the energy sector presents significant opportunities for transformation and sustainability. However, this must be balanced with the protection of personal data and privacy to ensure compliance with fundamental human rights. Effective regulation is necessary to ensure that these processes are consistent with the values, goals, and objectives of the EU. In particular, in the context of the digitalized energy sector, which is part of the intersection of the aforementioned processes, the possibility of the misuse of a large amount of sensitive personal data and illegitimate invasions of privacy must be carefully considered. It is widely believed that safeguarding personal data and privacy during the green and digital transition is a legitimate and constitutionally compliant objective. This is particularly important from the perspective of government interventions in certain rights and freedoms, regardless of whether we consider a supranational (EU) or national legal system of oversight. In the end, it should be noted that EU legal acts eventually permeate the legal systems of member states, either as constitutional or supreme nature law. Nevertheless, it must be acknowledged that any legal arrangement designed to protect these rights is not sufficient on its own. The imperative of the rule of law, with all its formal and material elements, must also be taken into account. This principle applies not only to the requirements of constitutionality and legality, public measures proportionality, non-discrimination, and equal treatment, but also to the protection of all human rights and freedoms. It is important to consider their interrelationships and relative nature when determining appropriate protection measures. When certain rights conflict with each other, a rigorous legal assessment is necessary to determine which should take precedence.

This legal issue is also relevant to the matter at hand, as protecting personal data and privacy must also be balanced with the protection of private property, market competition, and free economic initiative. With a detailed examination, we may encounter complexities in these relationships. Furthermore, it is crucial to highlight the constitutional and legal nature of protecting a healthy living environment, particularly when we consider the potential for energy savings in the digitalized energy sector, the decentralized electricity system with active customer participation, and ultimately, energy security and sustainable development in a broader sense. In the context of the energy field, it must be highlighted that addressing privacy as a separate consideration from general human rights protection is practical for reasons addressed and specified in this paper, which means that while privacy is intertwined with broader human rights, recognizing it as a separate and critical component in the energy sector allows for a focused and tailored approach to addressing the unique challenges posed by evolving technologies and data practices. This approach aligns with the principle that effective protection of human rights requires nuanced consideration of specific issues within different domains

This article aims to critically examine the coherence of the integration processes of the green and digital transformation with the EU’s shared values and objectives, particularly from a legal perspective, and evaluate their implementation. The central purpose of this analysis is to determine the extent to which these two transformation processes align with the EU’s values, and whether there is a unified understanding of the interpretation of the term ‘Green and digital’. Given the complexity of this subject matter, the article will adopt a rigorous legal analysis to evaluate the EU’s competence to adopt legal acts that require green and digital transformation from its member states. This is particularly relevant since the TEU does not specifically address digitalisation. Through this legal analysis, we will investigate whether EU law generally ensures adequate protection of personal data and privacy in the energy sector by means of the EU’s shared values.

Another significant objective of this article is to determine whether there is a need for specific sub-sectoral rules to govern the green and digital transformation, both in an exact and declarative manner, and if so, whether there is a need for intra-sector differentiation (demarcation between electricity, natural gas, heat, etc.). This is particularly important since the field of electricity is more sensitive than other energy fields, and any legal arrangements designed to protect the rights of individuals must take into account the complexities of the relationships between protecting personal data and privacy and the protection of private property, market competition, and free economic initiative.

Overall, this article highlights the importance of evaluating the coherence of the integration processes of the green and digital transformation with the EU’s shared values and objectives from a legal standpoint. By doing so, we can ensure that the ongoing twin processes of digitalisation and decarbonisation are implemented in a manner that is consistent with the EU’s values, objectives and legal framework, while also promoting energy security and sustainable development in a broader sense. As a conclusion the legal scope of this research is confined to data and privacy protection under the ongoing twin processes, its correlation to intra-sectoral rules in the energy sector (with a focus on electricity), relevant case law (if applicable), and policy documents, where the point of observation is the EU’s values, goals, and objectives. Behind this scope, neither other sectors’ digitalisation nor the development of digitalisation itself to promote both energy and twin transitions can be observed in isolation from the protection of privacy and personal data. As a result, various legal frameworks must function simultaneously: personal data protection law, privacy protection law, and energy law, all linked to the EU’s digital strategy to drive decarbonisation.

Research objective is to analyse and evaluate the effectiveness of current data and privacy protection measures in the digitized energy sector through twin transition, with the aim of proposing enhanced frameworks and strategies for ensuring robust privacy and data security. Based on the objectives given above, main key research question, which we are going to evaluate through investigation of green and digital transformation within TEU and TFEE core values and human rights on the energy field is ‘What are the implications and effectiveness of current data and privacy protection measures in the digitized energy sector, particularly in the context of ongoing green and digital transformation processes and how we can achieve correct strategies for privacy protection and data security in the energy field?

To summarize introduction, this academic article presents legal research on the constitutional rights, twin transformation, and energy law through traditional methodology to interpret rules, principles, and concepts systematically. The ‘Methodology’ section briefly explains the methodology employed, and the ‘Green and digital transformation processes’ section examines the foundations and principles used to interpret EU legislation on data and privacy protection, to address the proposed research questions. The article’s ‘EU legal framework for data and privacy protection’ section analyses how EU legal frameworks for personal data and privacy protection affect ongoing twin processes and vice versa, starting with the common values of the Treaty, followed by the GDPR,Footnote5 Recast Electricity Directive,Footnote6 and upcoming e-Privacy Regulation.Footnote7 The ‘Limitation of EU competency on twin transition’ sections provide a comparative analysis of the legal foundations of EU competency to adopt legal acts that require twin transition from member states. It also briefly examines the interaction between the EU and the USA on the field of personal data, privacy law legislation, and data exchange.Footnote8 However, the main scope of the article is not this topic, but it points out which information can be shared afterward.

As the twin integration processes are relatively new (since 2020 and 2021), legal scholarship studying the intersection between them is still inadequate, and further investigation is required. The ‘Principles to twin transition in Energy law’ section provides summaries of the previous chapters and analyses research questions.

The ‘Conclusion’ section answers the research questions and provides recommendations to further develop the concepts of intra-sectoral rules from the aspect of data and privacy protection. The findings of this research are of interest not only to academics but also to policymakers, supervisory and court authorities who must deal with the issues identified.

Methodology

A mixed method approach was chosen. The desk research consisted of online and literature research methods and data gathering. During this research, available literature and online information was collected on. Main research questions and objectives are defined. The literature research and review included, among other things, legislations, case law, policy documents, and relevant academic publications. Within that, analysis, compilation, description, abstraction, classification, legal reasoning, and synthesis is used. Study design is made on doctrinal level with analyzing legal principles, statutes, case law and legal commentary. As for methodology, normative-dogmatic approach is used as a starting point. Through it, examination of current legal regulation of fundamental human rights with an emphasis on the protection of personal data and privacy, both at the general and sectoral level. Within data collection on doctrinal research level legal texts, cases, statutes and scholarly articles was gathered. Within it qualitative analysis is done. A top-down approach is used, i.e. starting with EU primary law, including EU Charter, the European Convention for the Protection of Human Rights and Fundamental freedoms,Footnote9 TEU and TFEU. Axiological method is used with the aim of analysing the current legal regulation beyond the existing legal boundaries (out of the box principle). Adhere assessment of the appropriateness of the application of specific intra-sectoral rules for the energy field is used, whereby considered aspect of fundamental rights. Rule of law as a value, following the TEU, TFEU main purpose is considered, especially legality, proportionality, equal treatment, protection of acquired rights and legal expectations. Comparative legal method approach is partly used in the framework of research development, where should try to offer solutions within the existing legal framework. Findings are presented and research question findings is clearly highlighted in the context of research objectives. Conclusion is made with summarization of key findings and with providing recommendations for policymakers, legal practitioners and further research on this thematic.

Green and digital transformation processes in general

The EU, like the rest of the world, faces an existential threat from the climate crisis and is compelled to play a significant role in mitigating its impact. In addition to the ongoing climate crisis, new challenges have emerged, such as the overreaching trend of digitalisation in artificial intelligence, robotics, information and communication technologies, electric mobility, and digital services (Lavrijssen, Citation2017).

To respond to these challenges, the European Commission (EC) presented the European Green DealFootnote10 on 19 December 2019. This deal is a roadmap for making the EU’s economy sustainable and, as von der Layen stated, ‘a growth strategy – for a growth that gives back more than it takes away. It shows how to transform our way of living and working, of producing and consuming, so that we live healthier and make our businesses innovative’.Footnote11 Later, on 10th March 2020, the EC adopted the European Industrial Strategy,Footnote12 a plan for a future-ready economy that has three key priorities: global competitiveness, climate-neutral Europe by 2050, and shaping Europe’s digital future. The EC has laid the foundations for green and digital transformation through the adoption of these strategies. As of July 2021, the EU is legally obligated to accelerate its environmental transition by reducing net greenhouse gas emissions by at least 55% by 2030. The proposed package ‘Fit for 55’,Footnote13 an integral part of the European Green Deal, aims to bring EU legislation in line with the 2030 goal to reduce net greenhouse gas emissions by at least 55% by 2030 and achieve climate neutrality by 2050. As can be seen, the pressing issues of climate change pose an overwhelming goal – achieving a transition to a carbon-neutral economy by 2050. This is based on the fact that from 2000 to 2019, global carbon dioxide emissions increased by 40% (Da et al., Citation2023).

Regarding the twin digital transformation, we aim to make the energy system more sustainable, and digitalisation is necessary to optimise consumer participation. The green and digital transitions are ongoing integration processes that rank at the top of EU priorities.Footnote14 As green and digital transformations are two separate but interconnected trends that are shaping the future of our society and economy. But EU is not the only one striving to achieve prosperous goals. In fact, there are already other countries, like China, which are striving to achieve those goals of liveable ecosystem and high-quality economic development through various approaches to achieve a shift from its traditional export and factor-driven economy (Da et al., Citation2022). Green transformation, also known as sustainable development, involves transitioning towards an environmentally friendly and resource-efficient economy. This includes reducing carbon emissions, minimizing waste, and conserving natural resources. Digital transformation, on the other hand, refers to the integration of digital technologies into all aspects of society, including business, government, and daily life. This includes the use of technologies such as artificial intelligence, the Internet of Things (IoT), and blockchain. The combination of these two trends, known as the green and digital transformation, can help accelerate progress towards a more sustainable future. For example, digital technologies can be used to optimize energy use, reduce waste, and increase the efficiency of transportation systems. They can also enable the development of new sustainable business models and help improve the transparency and accountability of supply chains.

The green and digital transformations are widely perceived as having the potential to make a substantial contribution to a sustainable future. Nonetheless, it is crucial to ensure that these transformations are characterized by inclusivity and equity, and that they do not compound extant social and economic inequalities. The green and digital transformations are ideally complementary, with blockchains enabling material tracing for sustainability and digital twins optimizing traffic flow and reducing emissions. These transformations have a significant impact on various areas, including the energy sector. As such, the European energy sector, particularly the electricity sector, which is currently transitioning towards green and digital initiatives, requires thorough research into data protection and privacy challenges posed by the use of new communication technologies. It is an integral component of the green and digital transition process, and its digitization should align with public policy objectives for energy and environmental protection. It is essential to recognize that digitization within the electricity sector is part of the wider process of establishing a single digital marketFootnote15 and building a resilient and sustainable European energy union.Footnote16 Prior to considering the European Green Deal,Footnote17 it is appropriate to outline the digitalization process due to practical reasons. The starting point is the Digital Compass 2030,Footnote18 which consists of four key public policy directions. Two of these are related to the digital capabilities of infrastructure and education, while the other two are related to the digital transformation of public and private services. These refer to transnational public policies that are being transferred to national public policies in accordance with the EU’s primary legal framework. This approach is mostly top-down, referred to as Europeanization, but in some places, this approach is also vice versa. It is necessary to fully consider the European Green Deal at the present point of development, which can be described as the agenda of the current EC that specifically addresses the green transition.

The European Green Deal is a strategic response to the challenging climate, environmental, energy, and economic conditions of today and the future. It consists of a time plan with known measures for more efficient use of resources in the transition to a clean, circular economy, creating conditions to stop or reduce the dynamics of adverse climate changes and loss of biodiversity, reduce pollution and trading from European Climate Pact.Footnote19 The EU legally required common goal from July 2021 onwards is to accelerate environmental transition to reduce greenhouse gas emissions by at least 55% by 2030 and achieve carbon neutrality and climate-neutral status by 2050. It covers all sectors but also gives special emphasis to the energy sector.

As part of the EC’s strategy, the European Green Deal directly and indirectly interferes with the concept of the EU’s primary goals, which include a high level of protection and improvement of the quality of the environment, the well-being of the EU nations, and sustainable development in the broader sense. It emphasizes respect for human rights and freedoms, as well as the development of international law. Given the importance of the energy field for normal society functioning today, it is possible to achieve other goals, particularly in environmental protection, through the chain of causes. The EU values human dignity, human rights and freedoms, and respect for the law itself. The EU Green Deal represents a holistic and integrated approach to addressing the challenges of climate change and environmental sustainability while fostering economic growth and social inclusivity within the EU itself with climate neutrality, decarbonization, circular economy, biodiversity strategy, farm to fork strategy, renovation wave, just transition fund, investment plan and digitalization.

It is clear, however, that the green and digital transition within the above given context must be carried out within the framework of democratic pluralism, the rule of law, and effective protection of personal data and privacy. In December 2020, the conclusions ‘Digitalisation for the benefit of the environment’Footnote20 were adopted by the Council. In 2021, on Digital Day 2021 event,Footnote21 member states signed commitments on data, startups, and a green and digital transformation of the EU. These commitments aim to strengthen Europe’s role in the digital world through international partnerships, boost the digital economy, and find green solutions.

Existing funding programmes, such as Digital EuropeFootnote22 and Horizon Europe, also Secure Connectivity initiative,Footnote23 and proposed European Chips Act.Footnote24 which help bridge the gap between digital technology research and market deployment, will play a key role in helping the development of use-cases. Even more importantly, the promotion of a strong economy based on data and the data economy itself is a prerequisite for the development and implementation of new digital technologies that can help achieve a sustainable green economy and carbon neutrality by 2050. Personal data shared across different platforms and sectors show potential in applying different digital technologies, such as artificial intelligence, which can be efficiently used to recycle used and reused resources. In this way, data sharing must be done with security taken into account to use digital technologies and support twin transition.

EU legal framework for the protection of personal data and privacy in the context of energy law

Personal data right and right to privacy in EU

Prior to the acceptance of the EU Charter, the distinction between personal data and the right to privacy was completely outdated. The Court of Justice of the European Union (CJEU) considered the protection of the right to privacy as one of the general principles, rather than a special right like the protection of personal data. However, according to the CJEU, these two rights are closely linked, even though they differ from each other, by offering simultaneous protection for privacy under Article 7 and personal data protection under Article 8(1) of the Charter, with a cross-reference to Article 16(1) of the TFEU. These separate rights are stated as fundamental pillars of the EU’s existence and can differ from each other, such as the protection of the right to privacy under Article 8 of the Charter and the addition of data protection under Convention No. 108.Footnote25 But how do the evolving legal frameworks and technological advancements within the EU address and balance the core issues of personal data rights and the right to privacy?

Although incorporated into the TEU, TFEU, and Charter, it can be contended that named two rights are not absolute and are therefore subject to limitations as outlined in Article 52(1). This article necessitates that any restrictions on these rights must be in accordance with the law and respect their essence. The CJEU often faces the arduous task of conducting a proportionality assessment, and as such, the rule of law, enshrined in Article 8 of the TEU, is regarded as a fundamental value on which the EU is founded. When public or private interests conflict with fundamental rights, EU legislation is frequently required to strike a fair balance through a necessity, legality, proportionality, and result test, while also considering the level of interference caused. It should be emphasised that the second condition necessitates a careful consideration of the conflicting rights and interests involved. This necessitates a case-by-case balancing, taking into account the specific circumstances of the situation, and recognizing the importance of the data subject’s rights under Articles 7 and 8 of the Charter.

From a legal perspective, it is important to acknowledge that Article 8(1) of the Charter explicitly states that ‘everyone has the right to the protection of personal data concerning him or her’. This fundamental right is intricately linked to the right to respect for private life, which is expressed in Article 7 of the Charter.Footnote26 Regarding this matter on the judgement ‘Schecke’ (para. 47), it should be highlighted that Article 8(1) of the Charter stipulates that ‘Everyone has the right to the protection of personal data concerning him or her’. This fundamental right is closely linked with the right to respect for private life, as stated in Article 7 of the Charter. As per the jurisprudence of the Court, the entitlement to have one’s private life protected in relation to the handling of personal data, acknowledged by Articles 7 and 8 of the Charter, encompasses any data that pertains to a person who is either identified or identifiable.

The Charter’s Articles 7 and 8 enshrine rights that are crucial for evaluating the legitimacy of personal data transfers to non-European Economic Area (nEEA) third countries and the level of protection afforded to such data which also includes provisions for regulating smart contracts. The legislation aims to modernize and unify EU data regulations and give individuals greater control over their personal data. Under the Data Act, smart contracts will be treated as legally binding agreements, and businesses will be required to provide clear and understandable explanations of their data processing activities to customers. The act also includes provisions for the portability of data between different service providers and increased transparency around data breaches. The proposed legislation sets out clear rules for data intermediaries and promotes the creation of trustworthy and secure data spaces. Furthermore, the proposed Regulation introduces a European Data Innovation Board and provisions for data altruism. The proposed Regulation underscores the importance of safeguarding personal data and adhering to the EU’s data protection regulations, including the GDPR. Ultimately, the Regulation strives to establish a harmonious framework for data governance and facilitate digital economy innovation, all while ensuring that fundamental rights, such as privacy, are preserved. The Data Act will apply to all businesses operating within the EU and is expected to come into effect by mid-2023. EU calls it adequate response. This concept of ‘adequacy’ requires that the level of protection for fundamental rights and freedoms in the relevant third country is essentially equivalent to that guaranteed within the EU by GDPR regulation (regulation 2016/679), read together with the Charter, rather than being identical. Without this interpretation, the EU legal order’s protection level could be easily evaded when personal data is transmitted to third countries (Liss et al., Citation2021). If we analyse GDPR it can be seen that articles 44 to 50 of the GDPR discuss the regulations related to transferring personal data to third countries, which are countries outside the EU or EEA. These articles provide guidelines on when such transfers are permissible and what measures should be taken to safeguard individuals’ personal data when it is transferred outside the EU or EEA. Article 44 outlines the general principles for transfers to third countries, while Articles 45 to 50 offer more specific information and requirements for various types of transfers, such as those based on adequacy decisions, appropriate safeguards, and exemptions for specific circumstances. It can be called as ‘adequacy decision’. Prior to GDPR in the ‘Schrems’ case, the CJEU interpreted Article 25(6) of Directive 95/46 as a means of implementing the right to protection of personal data. The term ‘adequate’ used in the provision requires that the level of protection for fundamental rights and freedoms in the third country in question is ‘essentially equivalent’ to that guaranteed within the EU by Directive 95/46 (Data protection directive) read together with the Charter, as opposed to being identical. Without this interpretation, the protection level provided by the EU legal order could be easily evaded when personal data is transferred to third countries. The CJEU affirmed this in paragraph 73 of the ‘Schrems’ judgment.Footnote27 What is also important to highlight is right to erasure. The right to erasure, also known as the right to be forgotten, is a fundamental right granted to individuals under the Article 17 of GDPR. It gives individuals the right to request that their personal data be deleted by data controllers or processors. Under the GDPR, individuals have the right to request erasure of their personal data for various reasons, including when the data is no longer necessary for the purposes for which it was collected, when the individual withdraws their consent, when the data was unlawfully processed, or when the data is no longer accurate.Footnote28 If an individual makes a request for erasure, the data controller or processor is obliged to erase the personal data without undue delay, subject to certain exemptions, such as when the data is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims. It is important to note that the right to erasure is not an absolute right, and data controllers or processors may refuse to comply with a request for erasure in certain circumstances. However, they must provide a clear justification for their decision and inform the individual of their right to lodge a complaint with the relevant data protection authority. The right to erasure, also referred to as the right to be forgotten, represents a clear example of a balancing exercise whereby the right to respect for private life or protection of personal data is pitted against other competing rights or interests. To this end, the GDPR has included this balancing text in Article 17(3) by excluding the application of the right to erasure in certain circumstances. This requires controllers to carry out a case-by-case balancing exercise to weigh the individual’s right to erasure against competing rights or interests, such as freedom of expression or legal obligations. The outcome of the balancing exercise will determine whether the right to erasure can be restricted or denied, and must be clearly and transparently explained to the individual.

Nature and history of legal framework to privacy and personal data protection

Nature and historical development of the legal framework governing privacy and personal data protection which follows would enlighten how those two rights evolved in time to address contemporary challenges, specifically in the energy field.

The legal framework for privacy and personal data protection in the EU has a long history dating back to the 1970s, when concerns emerged about the use of personal data by both private and public organisations. Germany was the first country to introduce comprehensive data protection legislation in 1970,Footnote29 after a database containing personal information about citizens was discovered. This legislation served as a model for other European countries, including Sweden, Denmark, and France, who subsequently introduced their own data protection laws. In 1995, the EU adopted the Data Protection Directive, which established a common set of rules for the processing of personal data by EU member states. This directive provided a minimum standard of data protection across the EU and required member states to implement national data protection laws that were consistent with its provisions. In 2012, the EC proposed a new data protection regulation to replace the Directive 95/46. The aim was to modernise and harmonise data protection rules across the EU in response to technological developments and the growth of the digital economy. The proposed regulation underwent extensive debate and revision, leading to the adoption of the GDPR in 2016. The GDPR became enforceable in May 2018 and introduced significant changes to the data protection landscape in the EU. The GDPR replaced the Data Protection Directive and established a more comprehensive and harmonised framework for data protection. It strengthened the rights of data subjects, imposed new obligations on data controllers and processors, and introduced substantial fines for non-compliance. In addition to the GDPR, the EU has introduced other data protection laws and guidelines, such as the e-Privacy Directive, which regulates the processing of personal data in electronic communications, and the Charter, which sets out the fundamental rights of individuals, including the right to privacy and data protection.

Overall, the legal framework for privacy and personal data protection in the EU has been shaped by concerns over the use and misuse of personal data and the need to balance privacy rights with the growth of the digital economy (Quach et al., Citation2022). The GDPR represents the latest and most comprehensive attempt to address these challenges and provides a strong foundation for data protection in the EU. The GDPR is built on the foundation of the EU’s Charter of Fundamental Rights, which recognizes the right to privacy as a fundamental human right. The GDPR reinforces the protection of personal data as a fundamental right and strengthens the individual’s control over their personal data. The GDPR is designed to harmonize data protection laws across the EU and ensure a high level of data protection for individuals throughout the Union. The regulation reflects the EU’s commitment to promoting and protecting privacy and personal data, while also enabling the free flow of data within the EU’s single market (Custers et al., Citation2022). Article 7 of the Charter protects the rights to respect for private and family life, which is closely related to the right to privacy. However, the protection of personal data is also a fundamental right, as stated in Article 8 of the Charter and Article 16 of the TFEU, which affirms that everyone has the right to the protection of personal data concerning them. The protection of human rights began with the Universal Declaration of Human Rights (UDHR),Footnote30 a milestone document in the history of human rights that sets out fundamental human rights to be protected. The UN subsequently adopted the International Covenant on Civil and Political Rights (IDHR),Footnote31 which establishes that everyone is entitled to enjoy civil and political rights as well as economic, social, and cultural rights. The Declaration is not based on a specific religious or philosophical foundation, but rather on a ‘common understanding’ of human rights, including civil and political rights such as the right to life, liberty, free speech, and privacy, as well as economic, social, and cultural rights such as the right to social security, health, and education.

However, the GDPR does not cover the processing of personal data related to legal persons or undertakings established as legal persons, including their name, form, and contact details (Bennett, Citation2018). The protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of preventing, investigating, detecting, or prosecuting criminal offenses or executing criminal penalties, including safeguarding against and preventing threats to public security and the free movement of such data, is subject to a specific Union legal act. The GDPR applies to all sectors and situations, except those explicitly excluded in its scope, as stated in Recital 9 in the GDPR preamble. It is important to note the definition of ‘personal data’ in the GDPR, which includes any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Bornschein et al., Citation2020).

The second regulation of significant importance to information privacy and security policy is the Convention for the Protection of Individuals with regard to automatic processing of Personal data.Footnote32 Its definition of ‘personal data’ is shorter than that in the GDPR, and Article 1 of Chapter I states that personal data means any information relating to an identified or identifiable individual. The convention directly regulates not only the field of automatic processing of personal data but also allows member states some exceptions. It applies to both the public and private sectors. It should be noted that while data protection policies (such as the GDPR) specify how organizations will collect, use, and share personal and confidential information, security policies (such as cyber security and artificial intelligence) specify how that collected data will be protected against threats of any kind. However, this exceeds the scope of this research. The foundations of EU energy law are found in Article 194(1) of the TFEU, while Article 192(1) governs the environment. Both enable EU legislation on energy transition through the ordinary legislative procedure. Overall, based on above given, the GDPR is consistent with the EU’s core values of respect for fundamental rights and freedoms, democracy, and the rule of law.

Other relevant EU framework on twin transition, data and privacy protection and achieving EU public policies

The internal market is defined as an area without internal borders in which, in accordance with the provisions of the Treaties, the free movement of goods, persons, services and capital is ensured.Footnote33 The concept of the internal market also includes a system that ensures that competition is not distorted.Footnote34 The internal market is a primary instrument for the conduct of economic activities in the system of the social market economy, formalized by the third paragraph of Article 3 of the TFEU. Shortly, the concept of the internal market, often referred to as the single market, is a core element of the EU and it represents the free movement of goods, services, capital, and people across the EU member states, creating a unified and open economic space. The internal market aims to eliminate barriers to trade and promote a seamless flow of goods and services within the EU within free movement of goods, services, capital, persons within concepts of harmonization of regulations, competition policies, consumer protection and digital single market. The concept of the internal market reflects the EU’s commitment to economic integration, competitiveness, and the well-being of its citizens. It aims to create a unified economic space that allows businesses to thrive, encourages innovation, and provides consumers with a diverse range of choices. The internal market is a cornerstone of the EU’s broader objectives of economic prosperity, social cohesion, and political integration. Therefore, the energy sector and activities related to the green and digital transitions are usually conducted within the framework of the internal market and are subject to its rules. However, since the internal market is a typical economic category, the question arises as to whether it is capable of achieving public policy objectives (Marsden, Citation2018), particularly those with non-economic characteristics. The EU is a multifaceted political and economic alliance consisting of 27 member states with diverse political, cultural, and economic backgrounds. As a result, the attainment of public policy objectives, particularly those with non-economic characteristics, can be a challenging task. However, the EU has a successful track record in achieving numerous public policy objectives over the years, including those with non-economic characteristics. For example, the EU has implemented robust environmental policies, such as the Paris Climate Agreement, which seeks to address climate change and reduce greenhouse gas emissions. The EU has also implemented policies aimed at fostering social and cultural integration, such as the free movement of people within the EU and initiatives to promote cultural diversity (Gornitzka, Citation2015). The EU’s decision-making process is intricate, with various institutions involved in policy-making, including the EC, the European Parliament, and the Council of the European Union (Diamantini & Pasotti, Citation2021). While this process can make it difficult to reach a consensus on certain policy objectives, it guarantees that policies are formulated through a democratic and transparent process. Additionally, the EU has a legal framework that guides policymaking, which includes the Charter. This ensures that policies are developed while respecting fundamental rights such as freedom of expression, religion, and privacy. To summarise, although the EU faces challenges in attaining public policy objectives, particularly those with non-economic characteristics, it has achieved success in implementing policies in these areas in the past. The EU’s decision-making process, legal framework, and commitment to democratic principles all contribute to its ability to accomplish policy objectives.

Furthermore, taking into account the Lisbon Treaty,Footnote35 the EC has adopted the ‘Europe 2020’ strategy (European Commission, Citation2010), which identifies digitalization (or the European Digital Agenda) as one of the seven leading priorities for achieving the EU’s objectives. In order to better exploit the potential of new technologies, the EC proposed the Strategy for a Single Digital Market for Europe,Footnote36 which aims to establish a single digital market with harmonized rules for each area, enabling and strengthening the competitiveness of the European economy (Hugenholtz, Citation2015). With the adoption of the Lisbon Treaty, the EC has also implemented a Framework Strategy for the European ‘Energy Union’. Since the mid-1990s, various measures have been taken to regulate (mainly through harmonization) and liberalize the internal energy market (especially in terms of electricity and natural gas). Among the more important of these measures are the regulation of physical and price access to essential facilities, vertical disintegration, transparency of the internal market, market regulation, consumer protection regulation, internal connectivity between individual energy players, and the provision of a relatively reliable level of electricity supply. With the establishment of such a market and the implementation of these measures, the rights of individual parties have been strengthened and expanded, energy poverty is being eliminated, the roles and responsibilities of individual market participants have been clearly regulated. The EU has also set an important goal and aims to achieve climate neutrality by 2050, that is, an economy with net-zero greenhouse gas emissions. As part of this climate neutrality, three key climate and energy targets have been set by the European Council for 2030: Footnote37 a 40% reduction in greenhouse gas emissions, a 32% increase in the use of renewable energy sources, and a 32.5% increase in energy efficiency. The EU is trying to establish a so-called European Energy Union in this field (Lavrijssen, Citation2016).

This development dynamic is intended to follow the green and digital transition as a strategy for smart, sustainable, and inclusive growth in the field of smart grids, which as such can promote energy efficiency.Footnote38 In the Commission’s communication on the plan for the transition to a competitive low-carbon economy by 2050,Footnote39 smart grids are long-term identified as key to enabling the future low-carbon electricity supply system. They promote demand efficiency, increase the share of renewable energy sources, and distributed energy production, thereby enabling the electrification of transport. All these energy services are supported by digital services and information technology, which encompasses more than 70% of standards, including interoperability and related standards, horizontal data protection legislation, the free movement of technical data, e-privacy, and cyber security. The actual implementation of unified principles increases consumer legal security and provides a more transparent and competitive market. It is worth noting that the EU is based, among other things, on the value of respect for human rights within a democratic pluralism and the rule of law. These (and other) values are common to all member states in accordance with Article 2 of the TEU. When assessing the legitimacy of current public policy, we rely on EU values as defined in Article 2 of the TEU, as well as in Article 3, which states, among other things, that the Union strives for sustainable development in Europe, based on balanced economic growth and price stability, high-level competitive social market economy, aimed at full employment and social progress, as well as for a high level of protection and improvement of the quality of the environment (Weatherill, Citation2016). Pursuant to the values and objectives of the EU set out in Articles 2 and 3 of the EU, the Union also pursues a green and digital transition on the basis of the powers assigned to it under the TEU and the TFEU. In this regard, it is worth noting that the aforementioned processes directly or indirectly fall within several areas of EU competence (energy, pan-European networks, transport, internal market and competition, as well as consumers) (Ricci & Chiarolla, Citation2021). With the exception of the area of competition, where the EU enjoys exclusive competence, it shares competence with Member StatesFootnote40 in the aforementioned areas. Based on the above, the current public policy in the field of green and digital transition pursues EU objectives, to the extent that they are in line with its values. To add to that in order to further strengthen the digital strategy, the EC adopted the first industrial initiative in the form of a strategic package for the single digital market DSMFootnote41 in April 2016. This initiative aims to create a harmonized regulatory framework (Shen et al., Citation2018) across the EU that promotes the free flow of data, digital services, and goods, while also addressing issues such as intellectual property rights (Lemley, Citation2017), cybersecurity (Davis, Citation2019; Oh et al., Citation2019), and consumer protection. The DSM is a significant step towards a more unified and competitive European digital market, promoting innovation, growth, and economic efficiency (Renda, Citation2017).

The DSM is a policy initiative of the EU aimed at creating a unified digital market across EU member states (Harmening et al., Citation2016). The DSM strategy was proposed in May 2015 and comprises a set of measures aimed at breaking down regulatory barriers, promoting the growth of the digital economy, and increasing access to digital goods and services for both consumers and businesses across Europe. The DSM is based on three main pillars: improving access to digital goods and services, creating an environment (Gao et al., Citation2023) conducive to digital innovation and investment, and promoting the growth of the digital economy across Europe. The strategy encompasses a wide range of policy areas, including data protection and privacy, e-commerce, copyright law, and telecommunications regulation. The DSM aims to create a single market for digital goods and services across the EU, enabling businesses to sell their products and services to customers in any EU member state without being impeded by regulatory barriers. The DSM also aims to improve access to digital goods and services for consumers across Europe, promoting competition and driving down prices. To achieve its objectives, the DSM relies on a number of policy instruments, including the Digital Services Act (European Commission, Citation2020b), the Digital Markets Act,Footnote42 and the e-Privacy Regulation.Footnote43 These instruments are designed to address a range of issues, including online platform liability, unfair competition, and the protection of personal data.

In conclusion, the Digital Single Market initiative is a comprehensive policy framework designed to create a unified and competitive digital market across the EU. By promoting innovation, increasing access to digital goods and services, and breaking down regulatory barriers, the DSM aims to unlock the full potential of the digital economy, driving growth and prosperity across Europe.

Limitation of EU competence on twin transition

Basic principles

The twin green and digital transformations are key integration processes that currently rank at the top of EU priorities. As a result of their nature, significant changes can be expected in various areas, including the energy sector. Considering that fact, observation of fundamental principles governing the limitation of EU competence in the context of twin transition, encompassing both the green and digital transformation, and its analysis, would address also other specific field like energy field. Given that the European energy sector is, and will continue to be, directed towards a green and digital transition in the foreseeable future (Nazari et al., Citation2023), further research activities are required to address the numerous challenges associated with protecting personal data and privacy that come with the use of new technologies. These challenges are closely intertwined in the energy sector, as information and communication technologies represent a crucial integral part of the green and digital transition, or in some cases, serve as its prerequisite (Bouteligier & Patterson, Citation2020).

However, the question remains as to whether the EU possesses the competence to adopt the legal acts necessary for an effective green and digital transition. This question raises a number of concerns, particularly regarding the protection of personal data and privacy. As such, there is a need to explore the limits of EU competence in this area. It is important to note that the EU’s competence is governed by certain basic principles, including subsidiarity, proportionality, coherence, democracy, and respect for fundamental rights and values. Subsidiarity requires the EU to act only where it can achieve its objectives more effectively than member states individually, while proportionality mandates that any EU action must not exceed what is necessary to achieve its objectives. Coherence demands that EU actions are consistent with other EU policies and objectives, while democracy requires the EU to respect the democratic principles and values of its member states and citizens. Finally, respect for fundamental rights and values requires the EU to uphold the principles of human dignity, freedom, democracy, equality, the rule of law, and human rights in all its actions, including those related to the green and digital transformation of the energy sector.

In conclusion, the twin green and digital transformations represent a significant shift in European priorities that will have an impact on various areas, including the energy sector. As the EU moves towards a greener and more digital future, there is a need to explore the limits of its competence in this area and ensure that its actions are in line with the basic principles governing its competence, including the protection of personal data and privacy, and the promotion of EU values (Tvaronavičienė & Gudynas, Citation2021).

The twin transformation denotes the green and digital transformation of the EU, and the extent of EU competence in this area is regulated by fundamental principles (Wurzel & Connelly, Citation2021). One such principle is subsidiarity, which necessitates that the EU must only intervene where it can attain its objectives more effectively than member states individually. This principle requires the EU to respect the competences of member states and to prevent unnecessary centralisation (Komorowska & Szyszka, Citation2021).

Another principle is proportionality, which entails that any EU action must not surpass what is required to achieve its objectives. This principle mandates the EU to balance the benefits of its actions against the costs and potential negative consequences, and to abstain from excessive regulation or unjustifiable constraints on economic freedom. A third principle is coherence, which necessitates that EU action must align with other EU policies and objectives. This principle compels the EU to ensure that its actions in the green and digital transformation are consistent with other policies such as energy, climate, environment, and innovation, and to avoid conflicting or contradictory measures. A fourth principle is democracy, which requires the EU to respect the democratic principles and values of its member states and citizens. This principle compels the EU to guarantee that its actions in the green and digital transformation are transparent, accountable, and subject to democratic oversight, and to involve stakeholders such as civil society, industry, and academia in the decision-making process. Finally, a fifth principle is respect for fundamental rights and values, which mandates that the EU must uphold the principles of human dignity, freedom, democracy, equality, the rule of law, and human rights in all its actions. This principle necessitates the EU to ensure that its actions in the green and digital transformation do not undermine these values and rights, and to safeguard personal data, privacy, and cybersecurity.

While the energy sector is a significant jurisdiction, especially considering the liberalization process under the influence of EU law, these regulations alone are not enough for the effective implementation of the green and digital transition. Though they will undoubtedly make a significant contribution, more is required (Egenhofer et al., Citation2018b). It is important to note the shared competences from Article 4 of the TEU, which apply to areas such as the environment, the internal market, consumer protection, energy, trans-European networks, and research and technological development. These areas highlight the significance of shared responsibilities in creating an effective green and digital transition. This, in turn, requires the application of the principle of subsidiarity, which poses many challenges, particularly after the Treaty of Lisbon, which significantly strengthened the protection of this principle. As a result, the EU cannot independently decide on the goals and methods of regulating the green and digital transition.

In conclusion, the fundamental principles of limitation of EU competence on the twin transformation include subsidiarity (Hristova & Stancheva, Citation2021), proportionality, coherence, democracy, and respect for fundamental rights and values. These principles ensure that the EU acts effectively, efficiently, and in line with its objectives and values, while respecting the competences and diversity of its member states and citizens. Moreover, these principles reflect the EU’s commitment to promoting sustainable development, economic growth, and social progress, while upholding the principles (Egenhofer et al., Citation2018a) and values enshrined in the EU’s legal framework.

EU competence on green and digital transition

The EU’s competence on the twin green and digital transformations is complex and multifaceted. As the EU has exclusive competence over the energy sector, it plays a key role in the development and implementation of policies that promote sustainable and efficient energy use. Additionally, shared competences from Article 4 of the TEU apply to a range of areas, including the environment, internal market, consumer protection, energy, trans-European networks, and research and technological development (European Court of Auditors, Citation2020). This leads us to the question, how can the EU effectively balance and coordinate its regulatory competencies in overseeing the dual challenges of green and digital transitions, ensuring a harmonized and sustainable approach on the energy field across member states?

Namely, the effective implementation of the green and digital transition is not solely the responsibility of the EU, but also of its member states. The principle of subsidiarity, which requires decision-making to be taken at the most appropriate level, is crucial in ensuring that the EU acts effectively and efficiently, while respecting the competences and diversity of its member states and citizens. Furthermore, the principles of proportionality, coherence, democracy, and respect for fundamental rights and values are fundamental in guiding the EU’s actions in the green and digital transition. These principles ensure that the EU acts in line with its objectives and values, while promoting sustainable development, economic growth, and social progress. They also reflect the EU’s commitment to upholding the principles and values enshrined in its legal framework. Overall, the assessment of EU competence on the twin green and digital transformations requires a holistic approach that considers the EU’s exclusive and shared competences, as well as its principles and values. By taking into account these factors, the EU can effectively contribute to the transition towards a more sustainable and digital future, while respecting the competences and diversity of its member states and citizens.

Legitimacy of actual public policy on twin transition

Assessing the legitimacy of current public policy on the twin transition of green and digital transformation in the EU is a complex issue that requires balancing the need for immediate action with the need for long-term planning and coordination (Egenhofer et al., Citation2018a). Those, among other, have to consider factors such as public participation, transparency, and responsiveness to the needs and concerns of diverse stakeholders in the context of both green and digital transformations. On one hand, advocates argue that the EU’s commitment to sustainability and innovation through the twin transition is a crucial step towards a more sustainable and technologically advanced future that benefits the environment, the economy, and society as a whole. They also contend that the EU’s legal framework, including shared competences and the principles of subsidiarity and proportionality, offers a solid foundation for the development and implementation of effective policies that respect the diversity of member states while promoting common objectives and values (Botta et al., Citation2021). On the other hand, some critics argue that the current public policy on the twin transition is not sufficient to address the scale and urgency of the challenges facing the EU, particularly in relation to data and privacy protection (Dreher & Ploeger, Citation2021). They assert that the EU must do more to safeguard the rights and freedoms of its citizens in the digital age, while also ensuring that the green transition is socially just and inclusive. Additionally, they argue that the EU must take a more coordinated and long-term approach to policy development and implementation, in order to maximise the effectiveness and efficiency of its actions.

In evaluating the legitimacy of current public policy on the twin transition, it is important to consider both the short-term and long-term implications of policy decisions, as well as their potential impact on different groups and sectors of society. By taking a balanced and holistic approach to policy assessment, the EU can work towards developing and implementing policies that are effective, efficient, and respectful of the diversity of its member states and citizens, while also promoting sustainable development and digital innovation (Lepuschitz & Krumay, Citation2020) in line with its values and objectives. On the other hand, critics question the legitimacy of EU policy on the twin transition, arguing that it lacks democratic legitimacy, is too top-down and bureaucratic, and fails to adequately address the needs and concerns of citizens and member states. Some also argue that the EU’s focus on economic growth and competitiveness may come at the expense of social and environmental protections, and that the twin transition risks exacerbating existing social and economic inequalities. In light of these concerns, it is essential to ensure that the EU’s policy on the twin transition is legitimate and responsive to the needs and values of citizens and member states. This requires a careful balancing of the EU’s commitments to sustainability, innovation, and economic growth with the principles of democracy, participation, and social justice. It also requires the development of effective and inclusive policy-making processes that involve stakeholders at all levels and reflect a wide range of perspectives and interests. Overall, the legitimacy of EU policy on the twin transition depends on its ability to effectively balance these various objectives and principles and to respond to the needs and values of citizens and member states. While the EU has made significant strides towards this goal, there is still much work to be done to ensure that the twin transition is a genuinely transformative (Stasiak, Citation2021) and sustainable process that benefits everyone. The digital transition is anticipated to have a significant impact on privacy and data protection rights. With the increase in personal data collected, processed, and shared through digital technologies, there is a risk that individuals’ privacy and personal data may be compromised, leading to a range of negative consequences, such as identity theft, financial fraud, reputational damage, and discrimination (Papadopouluos & Moustaki, Citation2021). The EU recognizes the importance of safeguarding privacy and personal data in the digital era, and has put forward several measures to tackle these concerns. For instance, the GDPR grants individuals more control over their personal data and outlines clear rules for how companies and organizations must collect, process, and store data. The GDPR also introduces significant fines for non-compliance, which has encouraged companies to take data protection more seriously. Nevertheless, debates persist on how to balance privacy and data protection needs (Quirico & Giacomini, Citation2020) with the advantages of digital technologies. Some contend that excessively stringent data protection rules can inhibit innovation and hinder economic growth, while others argue that the risks of data misuse are too significant to overlook (Trencher et al., Citation2021).

In conclusion, it is evident that the digital transition will continue to raise critical questions about privacy and data protection rights. Therefore, policymakers must keep a close watch on the situation and strive to strike the correct balance between safeguarding fundamental rights and enabling innovation and economic growth.

Principles to twin transition in energy law

Energy law is guided by fundamental principles, such as ensuring sustainable, reliable and affordable energy for all EU citizens. These principles are known as the energy trilemma and are closely linked to the concepts of energy justice and energy democracy. They must be taken into account when creating new energy laws in the EU. Energy justice refers to the fair distribution of energy supply and costs and benefits related to the energy transition among society. It is an interpretation of the rule of law in the energy sector that includes the protection of human rights and the right to privacy and data protection. Core issue to those principles would be defining and establishing the key principles that govern the twin transition in energy law, ensuring a balanced and sustainable approach that addresses the complexities of both green and digital transformations.

Energy democracy is closely related to energy justice and means that citizens have a significant role in the energy sector and become ‘energy citizens’. This involves their participation in procedures regulating the energy transition and taking part in energy projects themselves. This participation can include buying certificates from energy cooperatives or participating in the governance of energy companies. The principles of Good Regulation (Gulluscio et al., Citation2020) also apply to energy law, and they are embedded in EU energy legislation. These principles include accountability, independence, effectiveness, transparency, participation, efficiency, and flexibility. They aim to achieve high-quality regulation of the energy sector and contribute to realizing the values of energy justice and energy democracy, as well as the goals of the CEP. Energy justice also entails safeguarding vulnerable groups of energy consumers, as outlined in articles 28 and 29 recast directive.Footnote44

Overall, energy law is guided by principles that aim to ensure the fair and sustainable provision of energy to EU citizens (Ringholm, Citation2020), while also encouraging their participation in the energy sector and promoting good governance. By adhering to these principles, policymakers can create a legal framework that supports the energy transition while promoting the values of energy justice and energy democracy. But there is also energy trilemma (Sovacool, Citation2017). The concept of the energy trilemma involves balancing three competing priorities in the energy sector: energy security, environmental sustainability, and affordability. These priorities are often in conflict with each other, and addressing one can sometimes come at the expense of the others.

Energy security is the reliable and uninterrupted supply of energy, which includes electricity and fuels like oil and natural gas for transportation and heating. To achieve energy security, countries need access to diverse sources of energy and robust infrastructure to transport and distribute that energy. However, relying on certain sources of energy, such as fossil fuels, can have negative environmental impacts and contribute to climate change. Environmental sustainability aims to reduce greenhouse gas emissions and mitigate the impacts of climate change. This involves increasing the use of renewable energy sources like wind, solar, and hydropower, as well as improving energy efficiency and reducing overall energy consumption. However, transitioning to a more sustainable energy system can be costly and may require significant investments in new technologies and infrastructure.

Affordability refers to providing energy at reasonable prices that are accessible to all consumers, particularly those who are economically disadvantaged. This requires balancing the costs of energy production and distribution with the need to keep prices low. However, reducing costs can sometimes come at the expense of energy security or environmental sustainability. The energy trilemma is a complex challenge that requires policymakers to balance these competing priorities in a sustainable, affordable, and reliable way. One approach is to develop a diverse and flexible energy mix that includes both traditional and renewable sources of energy, and to invest in new technologies and infrastructure to support this mix (International Renewable Energy Agency, Citation2021). Another approach is to promote energy efficiency and conservation measures that can help reduce overall energy consumption and costs. Ultimately, addressing the energy trilemma will require ongoing collaboration between policymakers, industry leaders, and civil society, as well as continued innovation and investment in new technologies and approaches.

The twin transition refers to the simultaneous transition towards a more sustainable and digital economy. The concept acknowledges that these two transitions are inextricably linked, and progress in one area can accelerate the other. The main concept of the twin transition refers to the concurrent and interconnected processes of green transition (environmental sustainability) and digital transition (technological transformation) within an overarching framework. This concept recognizes the need to address environmental challenges and leverage digital technologies to achieve sustainable, inclusive, and resilient socioeconomic development. The twin transition emphasizes the synergies and trade-offs between green and digital initiatives to create a harmonized and balanced approach to societal progress. That means it is a key objective of the EU’s strategy to achieve a climate-neutral economy by 2050.

Energy policy is a critical component of the twin transition. The EU’s energy policy aims to promote a secure, affordable, and sustainable supply of energy (European Commission, Citation2020a). This policy is driven by several key goals, including ensuring the functioning of the energy market, ensuring the security of energy supply in the EU, promoting energy efficiency and energy saving, developing new and renewable forms of energy and promoting the interconnection of energy networks (European Commission, Citation2022). The first goal of energy policy, ensuring the functioning of the energy market, aims to promote competition and innovation in the energy sector. The EU seeks to create a level playing field for energy companies across member states, which should result in better service and affordable prices for consumers. The second goal, ensuring the security of energy supply, aims to reduce Europe’s dependence on imported energy sources, thereby enhancing energy security. This goal is critical to the EU’s economic and strategic interests. The third goal, promoting energy efficiency and energy saving, aims to reduce Europe’s energy consumption and improve its energy efficiency. This goal is key to achieving the EU’s climate targets and reducing greenhouse gas emissions. The fourth goal, developing new and renewable forms of energy, aims to promote the use of clean energy sources, such as wind, solar, and hydropower. The EU has set ambitious targets for the share of renewable energy in its energy mix, and has implemented policies to support the growth of renewable energy sources. Finally, the fifth goal, promoting the interconnection of energy networks, aims to improve the efficiency and reliability of Europe’s energy infrastructure. By connecting energy grids across Europe, the EU can better balance supply and demand, reduce transmission losses, and enhance the security of energy supply. The twin transition requires a significant transformation of Europe’s energy system. To achieve this, the EU has implemented several policy initiatives, including the Clean Energy Package, which aims to promote the growth of renewable energy and improve the functioning of the energy market. Other initiatives include the European Green Deal, which sets out a roadmap for a climate-neutral economy by 2050, and the Horizon Europe program, which funds research and innovation in clean energy technologies.

In summary, energy policy is a critical component of the twin transition towards a more sustainable and digital economy. The EU’s energy policy aims to promote a secure, affordable, and sustainable supply of energy, and is driven by several key goals, including ensuring the functioning of the energy market, ensuring the security of energy supply, promoting energy efficiency and energy saving, developing new and renewable forms of energy, and promoting the interconnection of energy networks. The EU has implemented several policy initiatives to support the twin transition, including the Clean Energy Package, the European Green Deal, and the Horizon Europe program.

Energy law data and privacy protection issues

As the energy sector becomes increasingly digitized and interconnected (Krajewska & Krajewski, Citation2021), the question of how to protect personal data and privacy in this context has become a pressing issue in energy law. Main issue, based on objectives and principles in GDPR, e-Privacy, recast directive and other would be in determination on energy law and how can those effectively address and balance data and privacy protection concern in the collection, storage, and utilization of sensitive information within the energy sector. In many cases, energy companies collect and process large amounts of personal data, including information about customers’ energy consumption, behaviour, and preferences. This data can be used for a range of purposes, from billing and customer service to targeted marketing and energy management (Strachan & Lallement, Citation2020). However, the collection and use of personal data in the energy sector raises a number of legal and ethical questions, particularly in relation to data protection and privacy. In the EU, these issues are governed by the GDPR, which sets out strict rules for the processing and transfer of personal data.

Under the GDPR, energy companies must ensure that they have a lawful basis for collecting and processing personal data, and that they obtain explicit consent from individuals before doing so. Companies must also ensure that they only collect the data that is necessary for the specific purposes for which it will be used, and that they store and process this data securely. In addition, the GDPR grants individuals a number of rights in relation to their personal data, including the right to access, correct, and delete their data. Companies must also ensure that individuals can easily exercise these rights, and that they are not subject to unfair or discriminatory practices based on their data. At the same time, energy companies also have a responsibility to protect the privacy of their customers (Lenoir, Citation2021), particularly in relation to the use of smart meters and other IoT devices. These devices can collect a wealth of data about individuals’ energy consumption and behaviour, which can be used for a range of purposes, from improving energy efficiency to targeted marketing. However, this data also raises a number of privacy concerns, particularly in relation to the potential for tracking and surveillance. To address these concerns, regulators and industry leaders are developing a range of privacy-enhancing technologies and practices, such as data anonymization, differential privacy, and the use of blockchain technology to secure and decentralize data storage. In addition, there is a growing recognition of the need to involve individuals in decisions about the use of their personal data in the energy sector, and to give them greater control over how their data is collected, processed, and shared. This has led to the development of concepts such as ‘data sovereignty’ and ‘energy data cooperatives’, which aim to empower individuals and communities to take control of their energy data and use it for their own benefit (Kouroutzoglou & de Hauteclocque, Citation2021).

Overall, the intersection of energy law and personal data protection and privacy is a complex and rapidly evolving area, as energy companies, regulators, and consumers grapple with the challenges and opportunities of the digital energy transition. As the energy sector continues to evolve, it will be important to ensure that data protection and privacy remain at the forefront of legal and regulatory discussions, in order to ensure that the benefits of the digital energy transition are shared fairly and equitably among all stakeholders.

Objectives to the GDPR

The GDPR is a highly significant piece of legislation in the field of data protection. It establishes a comprehensive framework for the protection of personal data in the EU, with the aim of ensuring that individuals have control over their personal data, and that their privacy is respected. The GDPR applies to all organizations operating within the EU, as well as to organizations outside the EU that process the personal data of EU residents (Graef & van den Boom, Citation2020). This means that companies and organizations across the globe are subject to the GDPR if they process personal data of EU residents. Under the GDPR (Polonetsky, Citation2017), individuals have a number of rights with regard to their personal data. These include the right to access their data, the right to rectify any inaccuracies in their data, the right to have their data erased, and the right to object to the processing of their data (Lavrijssen, Citation2016). The GDPR also places strict requirements on organizations that process personal data, including the requirement to obtain individuals’ consent before processing their data, the requirement to implement appropriate security measures, and the requirement to report data breaches to the relevant authorities. The GDPR has had a significant impact on organizations across the globe, as they have had to invest considerable time and resources in order to ensure compliance with its requirements. However, it has also had a positive impact on individuals, as it has given them greater control over their personal data and has increased transparency with regard to how their data is processed. Overall, the GDPR is a key piece of legislation in the field of data protection, and has played a major role in shaping the way in which personal data is processed and protected across the EU and beyond (Voight & von Dem Busshe, Citation2018).

Some principles can be found in following. Article 5(1)I of the GDPR requires that personal data be ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed’. This means that a company should only collect the minimum amount of personal data necessary to achieve its intended purpose, and not collect any additional data that is not needed (Jin et al., Citation2019). For example, if a company is collecting customer data for the purpose of fulfilling an order, they should only collect information that is relevant to the order, such as the custo’er’s name, shipping address, and payment information (Lavrijssen, Citation2016). Article 5(1)(b) requires that personal data be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’. This principle is closely related to the concept of purpose limitation, which means that a company should only collect personal data for specific purposes that have been communicated to the data subject (i.e. the customer), and should not use the data for any other purposes without obtaining additional consent. The concept of purpose limitation on personal data entails that collected data should be used only for the specific and legitimate purposes for which it was initially gathered, preventing further processing that is incompatible with those purposes. This principle is a fundamental aspect of data protection and privacy, emphasizing transparency and accountability in the handling of personal information. For example, if a company collects customer data for the purpose of processing an order, they should not use that data for marketing purposes without obtaining separate consent from the customer. Article 5(2) of the GDPR requires that personal data be ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed’. This means that a company should not retain customer data for longer than is necessary to fulfil the purpose for which it was collected. For example, if a company collects customer data for the purpose of processing an order, they should not retain that data indefinitely, but should instead delete it once the order has been fulfilled and any necessary follow-up has been completed. Article 25 of the GDPR requires that data protection by design and by default be implemented in the development of products, services, and systems that process personal data. This principle requires that companies take into account the principles of data minimization and purpose limitation, as well as other data protection principles, when designing their systems and processes for collecting and processing personal data. For example, a company could implement data minimization by only collecting the minimum amount of customer data necessary (Cooper, Citation2018) to fulfil an order, and purpose limitation by obtaining separate consent before using that data for marketing purposes.

Overall, the principles of data minimization and purpose limitation are essential for ensuring that companies collect and process customer data in a way that is consistent with the GDPR’s requirements for data protection. By following these principles, companies can ensure that they are collecting and using customer data in a way that is necessary, legitimate, and respectful of individuals’ privacy rights. Additional principles can be found as Principle of Purpose Limitation – Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes (Article 5(1)(b)). Principle of Data Minimization – Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (Article 5(1)(c)). Principle of Accuracy – Personal data must be accurate and kept up to date, with reasonable steps taken to ensure that inaccurate personal data are erased or rectified without delay (Article 5(1)(d)). Principle of Storage Limitation – Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary (Koenig, Citation2018) for the purposes for which the personal data are processed (Article 5(1)(e)). Principle of Integrity and Confidentiality – Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage (Article 5(1)(f)).

Principles in the GDPR

The GDPR contains several key principles that must be adhered to when processing personal data. Article 5 of the GDPR outlines these principles in detail. Firstly, the processing of personal data must be lawful, fair and transparent (Article 5, Section 1 under a, GDPR). This means that individuals should be informed about how their data is being used, and that data should only be processed for legitimate purposes. The principle of purpose limitation requires that personal data must be processed for a specific, explicit and legitimate purpose (Article 5, Section 1 under b, GDPR). Additionally, the principle of data minimisation states that only necessary personal data should be processed, and that it should be kept accurate and up to date (Article 5, Section 1, under c and d, GDPR) (Gentile & Lynskey, Citation2022). Furthermore, personal data should only be stored for as long as necessary, and appropriate measures must be taken to ensure its security (Article 5, Section 1 under e and f, GDPR). Finally, the principle of accountability means that the data controller is responsible for demonstrating compliance with all the other principles (Article 5, Section 2, GDPR). In terms of lawful processing of personal data, there are six grounds for data processing set out in the GDPR (Article 6 GDPR). These include specific, free and informed consent of the data subject (Article 6, Section 1 under a, and Article 7 GDPR), processing necessary for the performance of a contract, compliance with a legal obligation, protection of vital interests, performance of a task in the public interest or for the purposes of legitimate interests of the controller or third parties (Article 6, Section 1 under b to f, GDPR) (Lavrijssen, Citation2016). It is up to the controller to decide on the purpose, means and lawful basis for data processing. However, there are two exceptions where the legislator determines the basis for data processing: when personal data is processed to comply with a legal obligation or to perform a task in the public interest. The GDPR requires that each ground for processing must be interpreted narrowly (Merrick & Ryan, Citation2019), except for consent, where a specific purpose that makes the processing necessary must be demonstrated, in accordance with the principles of purpose limitation and data minimisation (Article 5, Section 1, sub b and c GDPR). Finally, the GDPR distinguishes between ‘normal’ and special categories of personal data. Special personal data, such as race, ethnicity, and religion, may not be processed unless one of the exceptions of Article 9, Section 2 GDPR applies, such as obtaining explicit consent from the data subject (Lavrijssen, Citation2016).

Objectives to e-privacy

The proposed new e-Privacy Directive, which is currently being debated by the EU, includes several principles related to data and privacy protection. Some of these principles include (Gellman, Citation2018) Privacy by default – This principle requires that all privacy settings be set to the highest level by default, and that users must give explicit consent to any changes to these settings. This helps to ensure that users have control over their personal data and how it is used. The new e-Privacy Directive seeks to ensure that all electronic communications are confidential and cannot be intercepted or accessed by third parties without the user’s consent. This includes both the content of the communication as well as metadata, such as who the user communicated with and when. Next it seeks to provide additional protection against unsolicited electronic communications, such as spam emails and unwanted text messages. Users must give their consent before receiving such communications, and must be able to easily opt out of them (De Hert et al., Citation2017). The proposed new e-Privacy Directive seeks to give users more control over the use of cookies and other tracking technologies on their devices. This includes requiring websites and apps to obtain explicit consent from users before placing cookies on their devices, and providing clear information about what data is being collected and how it will be used. The proposed new e-Privacy Directive also includes provisions for enforcing these principles and imposing penalties on organizations that fail to comply with them. This includes fines of up to 4% of an organization’s global revenue for serious violations. Overall, the proposed new e-Privacy Directive aims to strengthen data and privacy protection for electronic communications, and to give users more control over how their personal data is collected, used, and shared.

The proposed new e-Privacy Directive also contains several provisions (Van Eijk & Kosta, Citation2018) that could raise legal issues, including consent: the new directive emphasizes that users must provide their consent before their personal data is processed. However, there may be challenges in defining what constitutes valid consent, especially in situations where users may not be fully aware of the implications of their consent. Also tracking technologies are problematic – the new directive seeks to regulate the use of tracking technologies such as cookies, which are commonly used for online advertising. However, it remains to be seen how effective these regulations will be in practice, as some tracking technologies may be difficult to detect and block. The new directive will require national data protection authorities to enforce its provisions, which could lead to inconsistencies in interpretation and enforcement across different member states. International data transfers: The new directive includes provisions on international data transfers, which could lead to conflicts with the GDPR and other data protection regulations outside of the EU. Finally, there is an issue of scope – the new directive aims to regulate a wide range of online communications services, including instant messaging and voice over IP (VoIP) services. However, it is unclear how these regulations will be applied in practice, and whether they will be able to keep pace with rapidly evolving technology.

Objectives of EU energy policy and the Recast Electricity Directive

Article 194 of the TFEU sets out the legal foundation and main objectives of EU energy policy. The EU and its Member States share responsibility for energy policy, and the article outlines the key objectives of the policy in the context of establishing and operating the internal market while taking into account the need to preserve and enhance the environment, and with a spirit of solidarity. The goals of EU energy policy are to ensure the functioning of the energy market, guarantee the security of energy supply in the EU, promote energy efficiency, energy conservation, and the development of renewable energy sources, and encourage the interconnection of energy networks. These objectives represent the three main values of EU energy policy, which are affordability, security of supply, and sustainability. These values must be constantly balanced and optimized while implementing EU energy policy, which may require trade-offs where one value may gain more weight than the other. The most recent package of legislative measures for the electricity sector in the EU is the ‘Clean Energy for All Europeans package’ (European Commission, Citation2016), or the ‘Clean Energy Package’ (CEP). The CEP introduced the Recast Electricity Directive and the Renewable Energy Directive (RED) II (European Parliament and Council, Citation2009), among other legislation. The measures adopted under the CEP aim to achieve the Paris Agreement and European climate goals, with a focus on climate-proofing the electricity supply (Lavrijssen, Citation2017). The second goal of the CEP, established in the 1990s, is to establish an internal market for electricity within the EU and promote competition and innovation. The Recast Electricity Directive replaces the 2009 Directive, which had already contributed to this goal. The third essential objective of the CEP is to promote consumer welfare and interests, including consumer protection, clear and comprehensible information about their rights in the energy sector, and the protection of personal data (Lavrijssen et al., Citation2022).

Consumer empowerment is also an important goal of the CEP, with a focus on enabling consumers to consume, store and sell self-generated energy and participate actively in the electricity market. This goal encourages prosumerism and peer-to-peer (P2P) trading, as well as the development of citizen energy communities. Article 11 of the Recast Electricity Directive defines a ‘citizen energy community’ (Ybema & Bollinger, Citation2020) as a legal entity based on voluntary and open participation, controlled by its members or shareholders, which may include citizens, local authorities, or small enterprises. The primary purpose of these communities is not profit but providing environmental, economic or social benefits for its members or the areas in which they operate. These communities may engage in generation, distribution, supply, consumption, aggregation, energy storage, energy efficiency services, charging services for electric vehicles, or other energy services.Footnote45

As author (Werner & Finger, Citation2019) stated that the fundamental goals of the EU’s energy policy are to guarantee secure, affordable and sustainable energy for all EU citizens, enterprises, and institutions. The policy aims to achieve a dependable and competitive energy supply that boosts economic growth, job creation, and innovation, while also cutting greenhouse gas emissions and decreasing reliance on imported energy. The Recast Electricity Directive, which is a part of the Clean Energy for All Europeans package, intends to advance these objectives by creating a more competitive, consumer-centred, and sustainable electricity market in the EU. The Recast Electricity Directive has the following primary objectives: First, to increase the share of renewable energy in the EU’s electricity mix to at least 32% by 2030. Second, to encourage the deployment of smart grids and demand response technologies, which can enable the integration of renewable energy sources and empower consumers. Third, to strengthen consumer rights and protection, which includes the right to choose their electricity supplier and access transparent information on energy prices. Fourth, to improve the coordination and cooperation among EU member states in ensuring electricity supply security and preventing market abuses. Fifth, to promote energy efficiency and the use of energy storage solutions, which can support the integration of renewable energy sources and decrease greenhouse gas emissions.

The objectives of EU energy policy are based on a foundation of shared responsibility (Resch et al., Citation2018) between the EU and its Member States, outlined in Article 194 of the TFEU. This legal framework sets out the key objectives of EU energy policy, which seek to ensure secure, affordable, and sustainable energy for all EU citizens, businesses, and institutions. The policy aims to achieve a reliable and competitive energy supply that supports economic growth, job creation, and innovation, while reducing greenhouse gas emissions and dependence on imported energy. The values of the EU’s energy policy are grounded in affordability, security of supply, and sustainability, which must be balanced and optimized to achieve the policy objectives. The Recast Electricity Directive, which is part of the Clean Energy for All Europeans package, seeks to promote these values by establishing a more competitive, consumer-oriented, and sustainable electricity market in the EU (Hancher et al., Citation2017). The directive’s primary objectives include increasing the share of renewable energy in the EU’s electricity mix to at least 32% by 2030, promoting smart grids and demand response technologies to integrate renewable energy and empower consumers, strengthening consumer rights and protection, enhancing coordination and cooperation among EU member states to ensure the security of electricity supply and prevent market abuses, and promoting energy efficiency and energy storage solutions to support the integration of renewable energy sources and reduce greenhouse gas emissions (Yun et al., Citation2019).

In conclusion, the objectives of EU energy policy and the Recast Electricity Directive are driven by the values of affordability, security of supply, and sustainability, which are constantly balanced and optimized to achieve the policy’s goals. The Clean Energy for All Europeans package represents a significant step towards promoting a competitive, consumer-oriented, and sustainable electricity market in the EU, in line with the EU’s values and legal framework.

Guidelines for personal data and privacy protection in the energy field

The twin transition towards a carbon-neutral and digital economy presents significant challenges for policymakers. The rapid digitalisation of various sectors of the economy has led to an explosion of data use, storage and processing. While digitalisation brings many benefits, it also poses risks to individual privacy and personal data protection. Therefore, there is a common understanding among policymakers that sector-specific rules on data and privacy protection are necessary in the twin transition. Sector-specific rules are required because different sectors have different needs, risks and benefits in relation to data use and privacy protection (European Parliament, Citation2019). For example, the energy sector needs to collect and process data from smart grids and smart meters to ensure the efficient use of energy and the integration of renewable energy sources. However, this data must be protected to prevent unauthorised access and ensure the privacy of individuals. Similarly, the transport sector needs to collect data from connected vehicles to improve road safety and reduce congestion. However, this data must be protected to prevent misuse and to ensure the privacy of drivers and passengers.

Sector-specific rules on data and privacy protection are also necessary because data use and privacy risks vary across sectors. For example, the healthcare sector deals with sensitive personal data that requires higher levels of protection than other sectors (European Data Protection Board, Citation2020b). Sector-specific rules on data and privacy protection are necessary in the twin transition to balance the benefits of digitalisation with the protection of individual privacy and personal data. Such rules must take into account the specific needs, risks and benefits of each sector, while ensuring a high level of protection for individuals. In light of the twin transition towards a low-carbon and digital economy, there is a need for sector-specific rules on data and privacy protection. These rules should be designed to balance the benefits of digitalisation with the need to protect personal data and privacy. One key recommendation is to develop sector-specific codes of conduct that provide guidance to businesses on how to collect, process and share data in a manner that respects privacy and data protection rights. These codes of conduct should be developed in consultation with relevant stakeholders, including consumer groups, data protection authorities and industry representatives. They should also be regularly reviewed and updated to ensure they remain relevant and effective.

Another recommendation is to strengthen data protection laws and enforcement mechanisms to ensure that individuals have greater control over their personal data. This could include measures such as requiring businesses to obtain explicit consent from individuals before collecting and processing their data, and giving individuals the right to access and delete their data. Stronger enforcement mechanisms, such as higher fines and sanctions, should also be put in place to deter businesses from violating data protection laws (Zarouali et al., Citation2017).

In addition, there should be greater transparency and accountability in the use of data in both the energy and digital sectors. This could include measures such as requiring businesses to provide clear and accessible information about their data collection and processing activities, as well as allowing individuals to have greater visibility and control over the data that is collected about them.

Finally, there is a need to ensure that individuals have access to effective remedies in cases where their data protection rights have been violated. This could include establishing specialised dispute resolution mechanisms and providing individuals with the right to bring legal action against businesses that have violated their data protection rights.

Overall, sector-specific rules on data and privacy protection are essential (European Data Protection Supervisor, Citation2020) in ensuring a successful transition to a low-carbon and digital economy. These rules should be designed to promote innovation and growth while also protecting personal data and privacy, and should be regularly reviewed and updated to ensure they remain effective in a rapidly changing technological landscape.

Based on the general principles outlined above, there can further recommendations (The European Commission, Citation2018) be found for protecting privacy and personal data in the energy sector like conduct Privacy Impact Assessments (PIAs): PIAs are a systematic process for identifying, assessing, and mitigating privacy risks in projects and initiatives. They can help organizations identify privacy risks and ensure that data protection is considered from the outset of any project. Then implement technical measures: technical measures, such as encryption and access controls, can help protect personal data from unauthorized access or disclosure. Organizations should consider implementing such measures to ensure the security of personal data in the energy sector. Next establish data retention policies: organizations should establish clear policies for how long personal data should be retained and how it should be securely disposed of when it is no longer needed. This can help ensure that personal data is not held for longer than necessary and is properly disposed of to avoid the risk of unauthorized access or disclosure. Fourth recommendation is to train employees: employees should be trained on the importance of data protection and privacy, and how to handle personal data in accordance with relevant laws and regulations. This can help ensure that personal data is handled appropriately and that employees are aware of their responsibilities. Fifth recommendation is to establish a clear process for data subject requests: individuals have the right to access their personal data, request correction or erasure of their personal data, and object to the processing of their personal data. Organizations should establish a clear process for handling these requests in a timely and efficient manner. Sixth is to ensure cross-border data transfers comply with relevant laws and regulations: If personal data is transferred outside the EEA, organizations should ensure that the transfer complies with relevant laws and regulations, such as the GDPR. Final recommendation is to regularly review and update policies and procedures: Organizations should regularly review and update their policies and procedures to ensure they remain up-to-date with changes in laws and regulations and best practices in data protection and privacy. This can help ensure that personal data is protected effectively in the energy sector (European Data Protection Board, Citation2020a).

The sector-specific rules on data and privacy protection in twin transition should be designed to achieve the following objectives as to promote transparency and accountability in the collection, use, and sharing of personal data. This can be achieved by requiring data controllers to provide clear and concise information to data subjects about how their personal data is being processed, and by establishing mechanisms for data subjects to exercise their rights to access, rectify, and erase their data. Then to ensure the confidentiality, integrity, and availability of personal data by requiring data controllers to implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data. Next foster the development and deployment of new data-driven technologies that support the twin transition to a low-carbon and digital economy, while ensuring that these technologies are used in a way that protects individual privacy and data protection rights. Than to address the specific data protection risks and challenges associated with different sectors, such as energy, transport, and healthcare, by establishing tailored rules and requirements that take into account the unique characteristics of each sector. Finally enhance cross-border cooperation and coordination among data protection authorities to ensure consistent and effective enforcement of data protection rules across the EU.

To achieve these objectives, sector-specific rules on data and privacy protection in twin transition should include the following elements clear and specific requirements for data controllers, including the obligation to conduct data protection impact assessments, implement privacy-by-design and privacy-by-default principles, and appoint a data protection officer where necessary, robust safeguards for individual privacy rights, such as the right to access, rectify, and erase personal data, the right to data portability, and the right to object to the processing of personal data, provisions to ensure that individuals are fully informed about how their personal data is being used, including the right to be informed about the purposes of data processing, the categories of personal data being processed, and the recipients of the data. Requirements for data controllers to implement appropriate technical and organizational measures to protect personal data, such as encryption, access controls, and regular security audits. Mechanisms to ensure effective enforcement of data protection rules, including the power to impose sanctions and fines for non-compliance. By incorporating these elements into sector-specific rules on data and privacy protection in twin transition, the EU can promote the responsible use of data and data-driven technologies, while also protecting individual privacy rights and fostering innovation in key sectors of the economy.

Conclusions

Common understanding

The EC consistently refers to the ‘twin green and digital transitions’, but has yet to properly connect these two agendas to fully realize their synergies and manage the risks they pose to one another. An integrated approach is now necessary to address this. Referring to green and digital as ‘twin transitions’ presents two key issues; firstly, it suggests that they are both too similar and too separate at the same time. Secondly, they are more interlinked than the twin analogy implies. Despite the Commission placing these two agendas side by side, they have not managed to properly connect them. Although the Commission’s Digital Strategy emphasizes data and AI as critical enablers for achieving the goals of the European Green Deal, none of the documents go into detail on how to scale these up in a way that accelerates decarbonisation. There is a nod to the environmental impact of the digital sector and the need to address this by ‘greening’ data centres, but this is the extent of the thinking on the relationship between digitalisation and climate. This misses a range of positive and negative interactions that a more integrated approach would capture. It overlooks the potential for digital technologies to change how we implement and monitor climate policies, and to alter behaviours and social norms that could affect climate outcomes. It also misses how a changing climate could both accelerate and disrupt digital trends at different levels. The green and digital transitions are happening in parallel, and both will have significant consequences for the future of work and our political systems. However, they are fundamentally different. We have a different degree of agency and a different sense of urgency in pursuing them. The green transition is a necessary response to a worsening climate crisis, while the digital transition is about the EU not falling further behind its peers on digital technologies and harnessing the benefits that come with a modernized digital economy. Through raised research question and analysis on implications and effectiveness of current data and privacy protection measures in digitized energy sector, we came to the conclusion that general rules on personal data and privacy protection are flexible enough to allow for appropriate interpretation, but sector-specific rules on human rights would enhance legal certainty, particularly given the sensitivity of the electricity field in comparison to natural gas or heat. While privacy is intertwined with broader human rights, recognizing it as a separate and critical component in the energy sector allows for a focused and tailored approach to addressing the unique challenges posed by evolving technologies and data practices. This approach aligns with the principle that effective protection of human rights requires nuanced consideration of specific issues within different domains. Regulations implemented ex ante the commencement of green and digital transformation processes will have an unavoidable impact on personal data and privacy protection within the digitalized energy sector. In other words, the regulatory measures put in place in anticipation of these transformations will influence how personal data is handled and privacy is protected in the context of digital advancements in the energy sector. It underscores the interconnectedness of regulatory frameworks and the evolving landscape of green and digital transformations, with implications for data privacy.

The Digital Markets Act, e-Privacy Act, Digital Services Act, and GDPR are all of purpose and core values to the digital transformation of the EU, as they regulate the use and protection of personal data in the digital realm. The Digital Markets Act is aimed at ensuring fair and open digital markets by preventing large online platforms from engaging in anti-competitive behaviour. It also seeks to protect consumer rights and data privacy.Footnote46 The e-Privacy Act concerns the protection of individuals’ privacy in the electronic communications sector. It establishes rules for the processing of personal data by telecom companies and internet service providers, and also regulates the use of cookies and similar tracking technologies. The Digital Services Act aims to create a safer online environment by setting new rules for online intermediaries, such as social media platforms and online marketplaces. It seeks to increase transparency and accountability, while also ensuring the protection of users’ fundamental rights, including the right to privacy and data protection. The GDPR is a comprehensive data protection regulation that applies to all entities operating in the EU, regardless of their location. It sets strict rules for the processing of personal data, including requirements for obtaining valid consent, ensuring data security, and allowing individuals to exercise their data protection rights. These acts and regulations are closely linked to the Green and digital transformation agenda of the EU. The EU has set ambitious targets to achieve carbon neutrality by 2050, and digital technologies are seen as key enablers in achieving this goal. However, the EU recognizes the need to ensure that the use of digital technologies is sustainable, inclusive, and respects fundamental rights, including the right to privacy and data protection. Therefore, these acts and regulations are designed to promote the development and use of digital technologies in a responsible and sustainable manner, while also ensuring the protection of individual rights and freedoms. While there is no direct link between the Digital Markets Act, e-Privacy Act, Digital Services Act, GDPR, and the energy sector law, all of these laws and regulations have an impact on the digitalization of the energy sector. The Green and Digital Transformation Acts of the EU are specifically aimed at promoting the digitalization of the energy sector as part of the transition to a low-carbon economy. These Acts are complementary to the energy sector law, which provides a regulatory framework for the production, distribution, and consumption of energy. The Digital Markets Act, e-Privacy Act, Digital Services Act, and GDPR all contribute to ensuring that the digitalization of the energy sector is carried out in a way that protects individual rights to privacy, security, and data protection. These laws also promote competition, innovation, and transparency in the digital market, which can help to accelerate the transition to a low-carbon economy. Therefore, while there is no direct link between these laws and the energy sector law, they are all important pieces of legislation that contribute to the overall regulatory framework for the digitalization of the energy sector.

On these in article given issues, some of more targeted protective measures would be of interest. Those can be given as data minimization, privacy by design, user consent and transparency, secure communication protocols, encryption, access controls, secure smart meters, data retention policies and regulatory compliance. One might ask can privacy protection can be discussed separately from general human rights protection; we have to look toward it through specific energy sector. While privacy protection is often considered a subset of broader human rights, it is indeed realistic and common to address privacy as a distinct and essential aspect of human rights, especially in specific sectors like the energy field. Privacy is recognized as a fundamental human right in various international and national legal frameworks, including the UDHR and the ICCPR, but in the context of the energy field, addressing privacy as a separate consideration from general human rights protection is practical for several reasons. First of all, specificity of privacy concerns since in energy sector it can be quite specific and nuanced. Issues related to the collection, storage, and use of personal energy consumption data, for example, may require targeted and specialized protections beyond general human rights considerations. Second, we might observe regulatory and legal frameworks. Namely, many countries have enacted specific privacy and data protection laws that govern the handling of personal information, including in the energy sector. These laws often provide detailed requirements for the collection and processing of personal data, emphasizing the importance of privacy as a distinct right. While privacy is intertwined with broader human rights, recognizing it as a separate and critical component in the energy sector allows for a focused and tailored approach to addressing the unique challenges posed by evolving technologies and data practices. This approach aligns with the principle that effective protection of human rights requires nuanced consideration of specific issues within different domains.

In summary, data protection and privacy protection are fundamental rights that apply across all sectors, including the energy sector. But it is important to have sub-sectoral rules that ensure the protection of personal data and privacy in the energy sector, and the EU’s Green and Digital Transformation strategy recognizes the importance of protecting these rights in achieving its goals.

Recommendations

The research presents compelling evidence, both from a legal analysis and a comparative analysis, that sub-sectoral differentiation of privacy and data protection can provide crucial support for the EU’s progress towards decarbonisation. Hence progress of digital technology changes rapidly general principles can be taken into account and include following recommendations. Ensuring that personal data is processed lawfully, fairly, and transparently; implementing appropriate technical and organizational measures to ensure data security: Given the sensitive nature of energy-related personal data, it is important to implement robust security measures to protect against unauthorized access, accidental loss, or damage to personal data. These measures should include regular risk assessments, access controls, and staff training.

Providing individuals with rights over their personal data: Individuals should be given the right to access, correct, and delete their personal data, as well as the right to object to its processing in certain circumstances. Energy companies should also be transparent about their data processing activities and provide individuals with the necessary tools to exercise their rights.

Developing specific guidance and codes of conduct for each subsector: Depending on the specific subsector, additional guidance and codes of conduct may be necessary to ensure compliance with data protection and privacy regulations. For example, the use of smart meters or other internet-connected devices in the energy sector may require additional security measures and data protection rules.

To go into more specific details on safeguarding data with mitigation protective measures we would have to use different encryption techniques such as Transport Layer Security (TLS)Footnote47/Secure Socket Layer (SSL)Footnote48; end-to-end encryption (E2EE)Footnote49; file, disk, database and e-mail protection such as Pretty Good Privacy (PGD)Footnote50 or GNU Privacy Guard (GPG)Footnote51; Virtual Private Network (VPN)Footnote52 encryption; or as homomorphicFootnote53 encryption would applicable. When implementing encryption, it’s crucial to consider the specific requirements of system, the nature of the data you are protecting, and the potential performance implications. Additionally, keeping encryption algorithms and implementations up to date is essential to address evolving security threats.

To effectively develop sub-sectoral rules for data protection and privacy in the energy sector, a careful balancing of the interests of energy companies, consumers, and regulatory bodies would be necessary. This would also require continuous monitoring and adaptation to ensure the rules remain effective in protecting personal data and privacy in a rapidly evolving technological landscape. While some may argue that pursuing a harmonised understanding and sub-sectoral differentiation for better data and privacy protection may not contribute to better protection, it is important to recognise that relying solely on general principles and horizontal regulation can lead to misunderstandings that go well beyond what is desirable. Given that data protection and privacy are related to core values of the EU in relation to the twin transition, it is crucial to ensure that any sub-sectoral rules developed strike the right balance between protecting personal data and privacy while also supporting the energy sector’s growth and development. In conclusion, the green and digital transformation of the energy sector presents both opportunities and challenges for energy companies. While digital technologies can improve energy efficiency, reduce costs, and enhance customer experience, they also raise concerns about data protection, privacy, and cybersecurity. Compliance with relevant legislation, such as the GDPR, EED, EPBD, and NIS Directive, is essential for energy companies to ensure that they protect personal data, improve energy efficiency, and maintain the security and resilience of energy systems, in line with EU values such as privacy, sustainability, security, and social responsibility. By embracing these challenges and opportunities, energy decision makers can support the green and digital transformation of the energy sector and contribute to a more sustainable, secure, and prosperous future, reflecting EU values such as democracy, human rights, and environmental protection.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Funding

This work was supported by University of Maribor.

Notes

1 EU Charter of Fundamental Rights: Charter of Fundamental Rights of the European Union, OJ 2010 C 83/389.

2 In the context under discussion, the twin transformation processes, at their current stage of development, are regarded as intertwined development processes that cannot be separated; cf. e.g. ref. Ares (2021) 4720847, 22 July 2022.

3 Treaty on the Functioning of the European Union, OJ 2016 C 202/1.

4 Treaty on European Union, OJ 2016 C 202/1.

5 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.

6 Directive (EU) 2019/944 of the European Parliament and of the Council of 5 June 2019 on common rules for the internal market for electricity and amending Directive 2012/27/EU (recast), OJ 2019 L 158/125.

7 Proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), COM (2017) 10, 10 January 2017.

8 For instance, Executive order On Enhancing Safeguards for United States Signals Intelligence Activities No. 14086, 10 January 2017, available at https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/[accessed on 4th March 2023].

9 Council of Europe, European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos. 11 and 14, 4 November 1950, ETS 5, available at: https://www.echr.coe.int/documents/convention_eng.pdf [accessed on 4th December 2022]

10 Package of policy initiatives, which aims to set the EU on the path to a green transition, with the ultimate goal of reaching climate neutrality by 2050. It consists of, among other, Fit for 55 package, European industrial strategy, together with clean, affordable and secure energy strategy. European Council conclusions, EUCO 29/19, 12th December 2019.

11 Communication from the Commission. The European Green deal. COM (2019) 640 final. 11 December 2019.

12 Communication from the Commission. A new Industrial strategy for Europe. COM (2020) 102 final. 10 March 2020.

13 Set of proposals to revise and update EU legislation and to put in place new initiatives with the aim of ensuring that EU policies are in line with the climate goals.

14 However, with regard to the twin transition processes, the untapped potential of interconnection must be highlighted. The green transition is a necessary response to the worsening climate crisis, while the digital transition complements to the existing regime brought by the digital economy. The EC sets both ‘agendas’ in parallel but one may argue that connecting them failed.

15 Despite different nomenclature used by the Commission, it is still meant for the internal market.

16 Indirectly, it also concerns other European priorities, such as a highly competitive internal market and a strong economy, which enables private investment, research and innovation, economic growth and jobs, consumer protection and the general well-being of EU citizens.

17 European Green Deal is a package of political incentives that should steer the EU forwards a green transformation and bring it to climate neutrality by lately 2050. EUCO 29/19.

18 COM (2021) 118 final, 9. 3. 2021.

19 European Climate Pact is an EU-wide initiative that invite people, communities and organizations to participate in climate action thus build the green Europe.

20 Council of the EU, Press release, 17 December 2020, document nr. 13957/2020 on 11 December 2020, ENV 793.

22 Regulation (EU) 2021/694 of the European parliament and of the Council of 29 April 2021 establishing the Digital Europe Programme and repealing Decision (EU) 2015/2240, OJ L 166/1.

24 Strategy started as response to Ukraine’s war, trying to bolster Europe’s competitiveness and resilience in semiconductor technologies and applications, and help achieve both the digital and green transition. EC, Commission staff working document, SWD (2022) 147 final. 11 May 2022.

25 Strategy started as response to Ukraine’s war, trying to bolster Europe’s competitiveness and resilience in semiconductor technologies and applications, and help achieve both the digital and green transition. EC, Commission staff working document, SWD (2022) 147 final. 11 May 2022. para. 71.

26 Judgement C-92/09, C-93/09, Volker und Markus Schecke and Eifert, 2010. ECR I-0000, para. 47. This judgement reaffirms connection between those two rights.

27 Judgement C-362/14, Schrems, ECLI:C:2015:650, para. 73.

29 Bundesdatenschutzgesetz (Federal Data Protection Act), 1970, BGBl. Nr. I S. 411.

30 Universal declaration of Human Rights. General Assembly resolution 217 A. United Nations. Paris, 10 December 1948.

31 International covenant on civil and political rights. United Nations Human Rights. General assembly resolution 2200 A (XXI). 16 December 1966.

32 Convention for the protection of individual with regard to automatic processing of personal data. European Treaty Series – No. 108. 28 January 1981.

33 Article 26(2) of TFEU.

34 See protocol 27 on internal market and competition.

35 The Lisbon Treaty, which amends the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU). OJ C 306. 2007. Entry into force on December 1, 2009.

36 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. COM (2015) 192 final.

37 United Nations. Paris Agreement. 2015.

38 The Council has adopted conclusions on the future of energy systems in the Energy Union. They have established priorities and principles for future policies aimed at ensuring an energy transition to a cost-effective, secure, competitive, reliable, and sustainable energy system.

39 A renewed EU strategy 2011-14 for Corporate Social Responsibility. COM (2011) 112/4. The communication outlines the EU’s strategy for promoting corporate social responsibility and sustainable business practices. It includes a framework for action, key principles, and recommendations for different actors such as businesses, Member States, and civil society.

40 see Article 4(2)(i) of the TEU (on energy). With regard to digitalization, it is also worth mentioning the area of research and technological development from Article 4(3) of the TFEU.

41 Report on the Digitalization of European Industry. Committee on Industry, Research and Energy. 2016/2271(INI).

42 Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act). COM (2020) 842 final. (2020).

43 Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). European Commission. COM (2017) 10 final. (2017).

44 Directive (EU) 2019/944 of the European Parliament and of the Council of 5 June 2019 on common rules for the internal market for electricity and amending Directive 2012/27/EU (recast), OJ 2019 L 158/125.

45 Right there.

46 https://dig.watch/topics/privacy-and-data-protection

47 Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).

48 SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.

49 End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it’s transferred from one end system or device to another. In E2EE, the data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service.

50 Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

51 GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

52 VPN (Virtual Private Network) encryption is extreme math nerd stuff VPN protocols use to encrypt your data. And by ‘encrypt’, I mean turn it into gibberish nobody who intercepts the data can read.

53 Homomorphic encryption is the conversion of data into ciphertext that can be analysed and worked with as if it were still in its original form. Homomorphic encryption enables complex mathematical operations to be performed on encrypted data without compromising the encryption.

References

  • Bennett, C. J. (2018). The European general data protection regulation: An instrument for the globalization of privacy standards? Information Polity, 23(2), 1–31. https://doi.org/10.3233/IP-180002
  • Bornschein, R., Schmidt, L., & Maier, E. (2020). The effect of consumers’ perceived power and risk in digital information privacy: The example of cookie notices. Journal of Public Policy & Marketing, 39(2), 135–154. https://doi.org/10.1177/0743915620902143
  • Botta, M., Cincotti, S., & Porchia, R. (2021). Assessing the impact of the twin transition on employment: An agent-based approach. Ecological Economics, 14(6), 180.
  • Bouteligier, S., & Patterson, J. J. (2020). Digital and green transformations in the European Union: Between modernisation and disruption. Journal of Common Market Studies, 58(6), 1266–1282.
  • Cooper, D. (2018). The GDPR: A practical guide for global organizations. Journal of Data Protection & Privacy, 2(3), 32–52.
  • Custers, B., Louis, L., Spinelli, M., & Terzidou, K. (2022). Quis custodiet ipsos custodes? Data protection in the judiciary in EU and EEA Member States. International Data Privacy Law, 12(2), 93–112. https://doi.org/10.1093/idpl/ipac002
  • Da, G., Li, G., & Yu, J. (2022). Does digitization improve green total factor energy efficiency? Evidence from Chinese 213 cities. Energy, 247(1), 123395. https://doi.org/10.1016/j.energy.2022.123395
  • Da, G., Linfang, T., Xinlin, M., & Ruochan, X. (2023). Blue sky defense for carbon emission trading policies: A perspective on the spatial spillover effects of total factor carbon efficiency. MDPI, Systems, 11(8), 382.
  • Davis, N. J. (2019). Cybersecurity law and regulation. Annual Review of Law and Social Science, 15, 427–445.
  • De Hert, P., Papakonstantinou, V., & Ausloos, J. (2017). The proposed ePrivacy regulation: A missed opportunity for privacy and innovation. Computer Law & Security Review, 33(2), 247–257.
  • Diamantini, D., & Pasotti, E. (2021). The European Union’s public policies: Challenges and opportunities in the post-COVID-19 era. Journal of European Integration, 43(1), 41–53.
  • Dreher, C., & Ploeger, A. (2021). Green and digital transformation in the European Union: A research agenda. Journal of Cleaner Production, 72(2), 278.
  • Egenhofer, C., Lázaro-Touza, L., & Tagliapietra, S. (2018a). Making the most of the energy transition under the European Green Deal. European Policy Centre (EPC) Policy Briefs, (21), 1–8.
  • Egenhofer, C., Lázaro-Touza, L., & Tagliapietra, S. (2018b). The EU’s 2050 long-term strategy: Vision, pathways, and governance. European Policy Centre (EPC) Policy Briefs. Retrieved April 4, 2023, from https://www.epc.eu/pub_details.php?cat_id=3&pub_id=8647
  • European Commission. (2010). Europe 2020: A strategy for smart, sustainable and inclusive growth. COM, (2010) 2020. European Commission.
  • European Commission. (2016). Clean energy for all Europeans package. European Commission.
  • European Commission. (2020a). Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: A clean planet for all – A European strategic long-term vision for a prosperous, modern, competitive and climate neutral economy. European Commission.
  • European Commission. (2020b). Proposal for a regulation of the European Parliament and of the Council on a single market for digital services (digital services act). COM (2020) 825 final. European Commission.
  • European Commission. (2022). Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: A hydrogen strategy for a climate-neutral Europe. European Commission.
  • European Court of Auditors. (2020). The European green deal: Challenges in achieving climate neutrality. Special report 07/2020. European Court of Auditors.
  • European Data Protection Board. (2020a). Guidelines 07/2020 on the concepts of controller and processor in the GDPR. https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_202007_controllerprocessor_en.pdf
  • European Data Protection Board. (2020b). Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility-related applications. European Data Protection Board.
  • European Data Protection Supervisor. (2020). Opinion 6/2020 on the European Commission’s white paper on artificial intelligence. European Data Protection Supervisor.
  • European Parliament. (2019). Resolution of 12 March 2019 on a digital future for Europe: Towards a European data strategy. European Parliament.
  • European Parliament and Council. (2009). Directive 2009/28/EC of the European Parliament and of the Council of 23 April 2009 on the promotion of the use of energy from renewable sources and amending and subsequently repealing directives 2001/77/EC and 2003/30/EC. Official Journal of the European Union, OJ L 140, 5.6.2009, pp. 16–62.
  • Gao, D., Li, Y., & Tan, L. (2023). Can environmental regulation break the political resource curse: Evidence from heavy polluting private listed companies in China. Journal of Environmental Planning and Management, 1–27. https://doi.org/10.1080/09640568.2023.2218988
  • Gellman, R. (2018). The e-Privacy regulation: The end of online advertising as we know it? Journal of Data Protection & Privacy, 2(1), 29–41.
  • Gornitzka, Å. (2015). The European Union’s ability to achieve policy objectives. Journal of European Public Policy, 22(7), 927–944.
  • Graef, I., & van den Boom, J. (2020). Spill-overs in data governance: Uncovering the uneasy relationship between the GDPR’s right to data portability and EU sector-specific data access regimes. Journal of European Consumer and Market Law, 9(1), 1–12.
  • Hancher, L., de Hautclocque, A., & Winkelman, J. (2017). The EU’s internal energy market: Towards greater integration and competition. Journal of Energy and Natural Resources Law, 35(3), 325–358.
  • Harmening, L., Schallbruch, M., & Spielkamp, M. (2016). Europe’s digital single market. Economic and societal impact. iRights.Lab Research Paper, 37(4), 1–43.
  • Hristova, S., & Stancheva, M. (2021). Subsidiarity in the common foreign and security policy of the European Union: Perspectives for the Republic of Bulgaria. In Proceedings of the International Conference on European Integration 2020 (pp. 537–549).
  • Hugenholtz, E. C. (2015). The Role of EU competition law in the digital economy: Emerging trends and challenges. European Competition Journal, 11(1), 1–19.
  • International Renewable Energy Agency. (2021). Renewable power generation costs in 2020 (pp. 12–16). International Renewable Energy Agency.
  • Jin, H., Luo, Y., Li, P., & Mathew, J. (2019). A review of secure and privacy-preserving medical data sharing. IEEE Access, 7, 61656–61669. https://doi.org/10.1109/ACCESS.2019.2916503
  • Koenig, J. (2018). The general data protection regulation: Its impact on US companies and their service providers. The Computer & Internet Lawyer, 35(3), 1–16.
  • Komorowska, M., & Szyszka, B. (2021). Twin transformation of the EU economy – Selected legal and organizational aspects. Energies, 14(9), 2675.
  • Kouroutzoglou, J., & de Hauteclocque, A. (2021). Personal data protection in the EU’s energy sector: A critical overview. European Energy and Environmental Law Review, 30(6), 221–236.
  • Krajewska, A., & Krajewski, P. (2021). Legal aspects of personal data protection in the energy sector: Challenges and opportunities of the digital transformation. Energies, 14(4), 901.
  • Lavrijssen, S. (2016). The right to participation for consumers in the energy transition. European Energy and Environmental Law Review, 25(5), 152–171. https://doi.org/10.54648/EELR2016017
  • Lavrijssen, S. (2017). Power to the energy consumers. European Energy and Environmental Law Review, 26(6), 172–187. https://doi.org/10.54648/EELR2017022
  • Lavrijssen, S., Espinosa Apráez, B., & ten Caten, T. (2022). The legal complexities of processing and protecting personal data in the electricity sector. Energies, 15(3), 1088. https://doi.org/10.3390/en15031088
  • Lemley, M. A. (2017). Faith-based intellectual property. North Carolina Law Review, 96(1), 1–28.
  • Lenoir, T. (2021). Energy data governance: A European approach. European Energy Journal, 11(3), 48–57.
  • Lepuschitz, S., & Krumay, B. (2020). Data protection and cybersecurity in the context of the EU’s twin transition. Austrian Journal of South-East Asian Studies, 13(2), 165–186.
  • Liss, J., Peloquin, D., Barnes, M., & Bierer, B. E. (2021). Demystifying Schrems II for the cross-border transfer of clinical research data. Journal of Law and the Biosciences, 8(2), lsab032. https://doi.org/10.1093/jlb/lsab032
  • Gulluscio, C., Puntillo, P., Luciani, V., & Huisingh, D. (2020). Climate change accounting and reporting: A systematic literature review. Sustainability, 12(13), 5455. https://doi.org/10.3390/su12135455
  • Gentile, G., & Lynskey, O. (2022). Deficient by design? The transnational enforcement of the GDPR. International and Comparative Law Quarterly, 71(4), 799–830. https://doi.org/10.1017/S0020589322000355
  • Marsden, C. T. (2018). The EU general data protection regulation: Implications for international data flows and privacy regulation. International Data Privacy Law, 8(2), 93–109.
  • Merrick, R., & Ryan, S. (2019). Data privacy governance in the age of GDPR. Risk Management, 66(3), 38–43.
  • Nazari, Z., & Musilek, P. (2023). Impact of digital transformation on the energy sector: A review. MDPI, 16(4).
  • Oh, W. K., Lee, K., & Park, Y. J. (2019). Cybersecurity law and the internet of things: An overview. Computer Law & Security Review, 35(3), 333–347.
  • Papadopouluos, S., & Moustaki, L. (2021). Data protection in the EU: The impact of GDPR on digital transformation. International Journal of Human-Computer Interaction, 22(3), 7–9.
  • Polonetsky, J. (2017). Understanding the general data protection regulation. International Data Privacy Law, 7(4), 1–9.
  • Quach, S., Thaichon, P., Martin, K. D., Weaven, S., & Palmatier, R. W. (2022). Digital technologies: Tensions in privacy and data. Journal of the Academy of Marketing Science, 50(6), 1299–1323. https://doi.org/10.1007/s11747-022-00845-y
  • Quirico, A., & Giacomini, F. (2020). Digital transformation and data protection: Balancing between innovation and privacy. Computer Law & Security Review, 31(4), 1–14.
  • Renda, A. (2017). The digital single market strategy: A mid-term review. Centre for European Policy Studies, 13(6), 1–32.
  • Resch, G., Kranzl, L., Scheicher, S., Pruggler, M., & Haas, R. (2018). The EU’s new electricity market design: Fit for the future? Energy Policy, 118, 508–513.
  • Ricci, A., & Chiarolla, M. (2021). The role of the European Union in regulating AI and big data: State of the art and prospects. European Journal of Law and Technology, 12(1), 1–24.
  • Ringholm, T. (2022). Energy citizens – Conveyors of changing democratic institutions? Cities, 126, 103678.
  • Shen, L., Zhang, J., & Zhang, Y. (2018). Toward a unified and competitive European digital market: The single digital market initiative. Telecommunications Policy, 42(8), 615–619.
  • Sovacool, B. K. (2017). The energy trilemma. Asia & the Pacific Policy Studies, 4(1), 74–90.
  • Stasiak, A. (2021). EU climate and energy policy: A normative assessment. European Journal of Political Theory, 20(3), 298–318.
  • Strachan, N., & Lallement, J. (2020). Digitalisation and the energy sector: Data protection and privacy. In J. Jans & E. W. H. van der Ville (Eds.), Research handbook on EU energy law and policy (pp. 295–313). Edward Elgar Publishing.
  • The European Commission. (2018). Guidelines on personal data breach notification under Regulation 2016/679. The European Commission.
  • Trencher, G., Capova, K. A., & Sharma, B. (2021). Digital and green transition in the European Union: Balancing priorities and addressing equity. Journal of Cleaner Production, 294(6).
  • Tvaronavičienė, M., & Gudynas, V. (2021). Green and digital transformation: Energy sector and EU competence. Sustainability, 13(3), 1263.
  • Van Eijk, N., & Kosta, E. (2018). The proposed ePrivacy regulation: A critical analysis. Journal of Intellectual Property, Information Technology and Electronic Commerce Law, 9(2), 138–155.
  • Voight, P., & von Dem Busshe, A. (2018). The general data protection regulation: Analysis and guidance. Bloomberg Law, 71(3), 1–6.
  • Weatherill, S. (2016). The digital single market strategy: A paradigm shift for the regulation of the EU’s digital economy. Journal of European Consumer and Market Law, 5(6), 183–191.
  • Werner, J., & Finger, M. (2019). A new regulatory framework for the electricity sector in the European Union: The clean energy package. Energy Policy, 132, 564–572.
  • Wurzel, R. K. W., & Connelly, J. (2021). Green and digital transformation: The role of the European Union in the twin transition. European Journal of Sustainable Development, 10(2), 243–254.
  • Ybema, J. R., & Bollinger, L. A. (2020). A review of citizen energy communities in the European Union. Energies, 13(5), 1105.
  • Yun, H., Lee, G., & Kim, D. J. (2019). A chronological review of empirical research on personal information privacy concerns: An analysis of contexts and research constructs. Information & Management, 56(4), 570–601. https://doi.org/10.1016/j.im.2018.10.001
  • Zarouali, B., Ponnet, K., Walrave, M., & Poels, K. (2017). “Do you like cookies?” Adolescents’ skeptical processing of retargeted Facebook-ads and the moderating role of privacy concern and a textual debriefing. Computers in Human Behavior, 69, 157–165. https://doi.org/10.1016/j.chb.2016.11.050
Download PDF

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.