The EC’s Recommendation for the preparation of the smart meter rollout lacks specific and practical guides on data protection, according to European Data Protection Supervisor.
Some guidance however can still be given in the data protection impact assessment Template, which is currently under preparation by the Expert Group 2 of the EC Task Force on Smart Grids.
The EDPS evaluates the Recommendation in an 18 page Opinion, which provides guidance on inter alia, the measures that need to be taken to ensure that smart grid systems are designed to operate subject to adequate data protection safeguards.
The EDPS says he particularly appreciates the efforts of the Commission to make use of newly proposed concepts such as data protection by design and practical tools such as data protection impact assessments and security breach notifications. The references to data minimization, data protection by default, privacy enhancing technologies (PETSs), transparency, and consumer are also welcomed.
Stakeholders must be aware that personal data processing in this context needs to be fully compliant with the safeguards established in applicable data protection law, which includes the e-Privacy Directive. The EDPS also advises that member states should integrate their data protection concerns into the cost-benefit analysis.
There are also several factors that suggest that specific legislative or regulatory action at national or at the EU-level could be beneficial and/or necessary, which the Commission should assess. Among these the supply of electricity and gas are regulated industries currently undergoing very significant changes, which call for adjustments of the regulatory framework.
The EDPS also recommends that there needs to be more guidance on a number of issues such as the retention periods of meter data and the direct access to consumers energy usage data. The information needs to be available to consumers in a user friendly way, independent of any third-parties.
There is a recommendation that meter readings should not be done more frequently than every half-hour to an hour, except if there is a specific reason for more frequent readings and consent for this to be done.
There is an opt-out for individuals who don’t wish to take advantage of time-of-use tariffs or other services based on smart meter functionalities, possibly for health reasons, privacy reasons or otherwise) which recommends that they should not be required to switch to a smart meter. They can alternatively be given a choice where they can have a smart meter installed on which “smart functionalities “including granular data and remote on/off control are disabled.