CER National Smart Metering Programme Information Paper on … · 2019. 1. 24. · The CER is not a...

CER National Smart Metering Programme Information Paper on Data Access & Privacy

DOCUMENT TYPE:

Information Paper

REFERENCE:

CER/15/139

DATE PUBLISHED:

29 July 2015

The Commission for Energy Regulation, The Exchange, Belgard Square North, Tallaght, Dublin 24. www.cer.ie

http://www.cer.ie/

1. Executive Summary

The National Smart Metering Programme (NSMP) is a plan for upgrading how electricity and gas retail markets operate, in order to improve levels of service for all energy customers. It is similar in nature to the move from analogue to digital in the markets for communications services. This upgrade in services will involve a step change in the amount of energy consumption data that will be available to customers, energy network companies and suppliers. Currently, suppliers are provided with an actual (usually 4 actual reads a year) or estimated meter reading(s) every two months and bill their customer on that basis. The introduction of new technology will allow for the collection of actual energy consumption data on a daily basis. This will allow for the provision of new services such as Time of Use Tariffs and Smart Pay As You Go. Consumers will also have access to their detailed energy consumption information. This information as well as new services will provide consumers with the ability to better understand and manage their energy use, which in turn could lead to them reducing their overall energy consumption and thereby saving money on bills, and reducing carbon emissions. As this upgrade in services will produce more consumption information the CER is considering the best way to ensure this information is processed lawfully in accordance the Data Protection Act 1988 and in a manner which both protect energy consumers and enables them to benefit from this upgrade. Concerns about data access & privacy have been raised in other countries rolling out smart meters. In order to address these concerns, the European Union Article 29 Data Protection Working Party has provided guidance, supplemented with regulatory recommendations from the Smart Grid Task Force for data protection impact assessments. Most recently the Commission has adopted the document "Benchmarking smart metering deployment in the EU-27 with a focus on electricity" [COM (2014) 356] which, in a section on data access and security, recommends “consent” as the most appropriate mechanism to increase consumer confidence, consumption and to facilitate the sharing of data. The CER’s assessment regarding data access & privacy commenced in July 2013. Since then we have worked closely with the Data Protection Commissioner in developing an interim Privacy Impact Assessment and a review of EU and international best practice. We gathered evidence to assess the case for providing this data automatically to industry stakeholders. Using the evidence adduced, and recognising international best practice CER has concluded that allowing customer choice on the principle that obtaining the

CER/15/139 - Information Paper on Data Access & Privacy

3

customers’ “consent” is the preferred grounds on which granular consumption data is processed. The CER considers this allows flexibility and choice for consumers if they want to share their data or not. It is also in keeping with the Data Protection Commissioner’s recommendations and best practice in Europe.


4

Table of Contents

Executive Summary .............................................................................................. 2 1. Introduction ....................................................................................................... 5

1.1 Purpose of this paper ................................................................................... 5 1.2 Structure of this paper ................................................................................. 5

2. Background to Data Privacy within a Smart Metering Context ........................ 6 2.1 Context: Smart Meters – Raising Privacy Concerns .................................... 6 2.2 Background ................................................................................................. 7

2.2.1 Legal Context ........................................................................................ 7 2.2.2 Role of the CER .................................................................................... 7 2.2.3 CER Papers relevant to Addressing Data Privacy under the NSMP ..... 8 2.3 NSMP Core Design .................................................................................. 8

3. Data Protection & the High Level Design ....................................................... 10 3.1 Working with the Data Protection Commissioner ................................... 10 3.2 Interim Data Privacy Impact Assessment ............................................... 11 3.3 Call for Evidence .................................................................................... 12 3.4 International Practice .............................................................................. 14

4. Designing for Consent .................................................................................... 16 4.1 Approach taken ...................................................................................... 16 4.2 Networks Model ...................................................................................... 17

5. Next Steps ................................................................................................... 19


5

1. Introduction

1.1 Purpose of this paper

The purpose of this paper is to set out the CER’s position in the context of data privacy on the appropriate design basis for Networks and Suppliers to gain access to customers’ half hourly consumption data. The Paper does not cover the processing of granular consumption data once collected by the network companies and suppliers – this is the responsibility of each relevant Data Controller, in accordance with data protection legislation1.

1.2 Structure of this paper

Section 2 discusses the background to data privacy, the role of the CER and the NSMP high level design;

Section 3 discusses the approach taken to examine the basis for access to granular consumption data;

Section 4 discusses designing for consent; and

Section 5 discusses the way forward and next steps.

1 https://www.dataprotection.ie/viewdoc.asp?DocID=796


6

2. Background to Data Privacy within a Smart Metering Context

2.1 Context: Smart Meters – Raising Privacy Concerns

Smart meters will lead to a step change in the amount of data that will be available to consumers, networks companies and suppliers about consumers’ energy consumption. This increase in consumption data will provide for the introduction of new services such as Time of Use Tariffs and Pay As You Go. Consumers will be able to access much more detailed information which they can use to understand and manage their energy use, which in turn could lead to them reducing their overall energy consumption and saving money on bills, and reduce carbon emissions. The increase in energy consumption data will also enable the industry to operate more efficiently2 and support the provision of new energy services to help consumers manage their energy use. Currently, the network companies and suppliers are provided with actual meter reading(s) (usually 4 actual reads a year) or estimated meter reading(s) every two months and bill their customer on that basis. This level of collection is readily accepted by society as both necessary and legitimate. Smart metering will involve the processing of more detailed consumption information. The data collected, either alone or when combined with other information such as an address or meter point reference number, for instance, falls within the meaning of personal data3, as defined by the Data Protection Acts. It is therefore important to give consumers clarity and reassurance about the ways in which their energy consumption data can be accessed, by whom and for what purposes. Concerns about privacy4 have been raised in a number of other countries. It is essential that the interests of consumers are protected in order to maintain their confidence. Market arrangements are required which will provide appropriate protections for consumers while delivering the benefits of a smart metering rollout and promoting competition in the energy supply and services markets.

2 i.e. no need for site visits for to take meter readings etc. More accurate data will allow for accurate billing 3 "personal data" means data relating to a living individual who is or can be identified either from the data or

from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller; 4 particularly in the Netherlands, US, and Canada. Austria, Portugal, Norway and Spain. These concerns

appeared to arise because energy utilities had failed to develop appropriate engagement strategies with consumers.


7

2.2 Background

2.2.1 Legal Context

From a data protection perspective, it is the role of the Data Protection Commission’s Office to ensure that the processing of data complies with the provisions of the Data Protection Acts 1988 and 2003. Data controllers and processors must:

Obtain and process information fairly;

Keep it only for one or more specified, explicit, and lawful purposes;

Use and disclose it only in ways compatible with these purposes;

Keep it safe and secure;

Keep it accurate, complete and up-to-date;

Ensure that it is adequate, relevant and not excessive;

Retain it for no longer than is necessary for the purpose or purposes; and

Give a copy of his/her personal data to an individual, on request. For the avoidance of doubt, with respect to the NSMP:

Networks and Suppliers5 are Data Controllers;

The CER is not a Data Controller.

2.2.2 Role of the CER

The CER has been designated as the Competent Authority6 for the rollout and

specification of the NSMP. Member states are also obliged, under Article 9 2(b)

of the Energy Efficiency Directive 2012/27 EU, to “ensure the security of the

smart meters and data communication, and the privacy of final customers, in

compliance with relevant Union data protection and privacy legislation”. As the

designated Competent Authority for the NSMP, it is essential that the design and

specification rolled out by the CER is lawful from a data privacy perspective, for

the present and for the future.

5 This does not represent the full list of data controllers in the energy market. 6 Under Annex 1 of EU Directive 2009/72/EC, CER has been designated as the competent authority by the

Department of Communications, Energy & Natural Resources with responsibility for progressing the roll out and specification of smart meters (and associated technologies) in the electricity and natural gas retail markets in Ireland.


8

2.2.3 CER Papers relevant to Addressing Data Privacy under the NSMP

In July 2012 the CER issued its Decision on the National Rollout of Electricity and Gas Smart Metering7. Of particular relevance to this Paper, the CER outlined its opinion that consumption data derived from smart meters belonged to the customer. The CER formed this opinion having taken into account progress of the continuing discussions to revise European legislation relating to data protection and the opinions of the Article 29 Working Group and of the Data Protection Commission on how the current legislation should be interpreted. This has important implications for data privacy, such as:

Individuals need to be properly informed as to how their energy consumption data will be used;

Consumption data must be adequate, relevant and not excessive in relation to the purposes for which it is being used;

Consumption data must be accurate and up to date;

Consumption data must not be kept for longer than is necessary; and

Individuals have rights to require (some of) their consumption data to be deleted.

In December 2012, the CER published an Information Paper8 giving a commitment to work with the Data Protection Commissioner’s (DPC’s) Office and to consider how existing legislation, including the Data Protection Act, will apply to the NSMP, and what, if any, additional measures might be needed to supplement the existing protections and access rights. The aim was to provide a clear policy framework for all stakeholders.

2.3 NSMP Core Design

In October 2014, the CER published the High Level Design9 which supports the flow of granular10 consumption data from smart meters through to industry participants and onto customers, as illustrated in the figure below, as follows:

The smart meters capture and return half hourly interval data to Networks.

Networks then forward the data to Suppliers on a daily basis.

Suppliers process the half hourly interval data for consumer facing services such as for Time of Use (TOU) billing and Pay as You Go (PAYG) balance calculation purposes.

7 CER12008 8 http://www.cer.ie/docs/000023/cer12213(e).pdf

9 http://www.cer.ie/document-detail/SmartMeteringProject-Phase2/699

10 Granular for the purposes of the high level design is meant data captured at half hourly intervals.


9

Essentially, the design is based upon a smart meter which could communicate

data out of the home at half hourly granularity each day. The CER acknowledged

a design principle of Privacy by Design in the High Level Design Decision paper

(core design).


10

3. Data Protection & the High Level Design A Data Protection group was established in July 2013 to address data privacy concerns within the design and roll out of smart meters. A number of key activities have been undertaken by the group during the High Level Design which included:

Working closely with the Data Protection Commissioner;

Carrying out an Interim Privacy Impact Assessment (PIA);

Engaging with Industry Stakeholders in a Call for Evidence process; and

Reviewing International Practice. These outputs, together with data from the CER Customer Behaviour Trials and other programme outputs have influenced the high level design. There was an underlying assumption from industry that half hourly consumption data would be freely available to (and within) the industry for processing. This assumption was formed on the basis that smart meters would be capable of recording consumption readings at half hourly granularity. Accordingly, there was a need to raise the level of understanding and awareness of data protection and privacy issues in the programme – but in a way that recognised the legitimate interests of all stakeholders and respected the principles of the NSMP.

3.1 Working with the Data Protection Commissioner

The Data Protection Commissioner (DPC) considers that it would be disproportionate for industry stakeholders to expect to be able to use half hourly consumption data to meet the NSMP objectives on an automatic basis (i.e. regardless of the wishes of consumers). In a letter to the CER in 2011, the DPC commented that: “a strong justification is required for the making available of detailed data on an ongoing basis and … at this stage, we are not aware of the basis for acceptance of this [half hourly] interval.” A constructive working relationship with the DPC was formed by the CER to respond to the DPC’s concerns. Some of the suggestions that were made by DPC officials during these discussions (particularly in relation to the need to carry out a Privacy Impact Assessment at an early stage in the programme) have already been implemented by the CER. Other issues raised by the DPC are currently being addressed.


11

The DPC commented on the NSMP in his 24th Annual Report, published in May 2014.11 The report:

Outlined the Commissioner’s concerns (these are all issues that the CER had been aware of and is addressing); and

Welcomed the inclusion of a data protection team into the CER's organisation.

3.2 Interim Data Privacy Impact Assessment

Programmes that involve the collection of personal information could give rise to

privacy concerns. A Privacy Impact Assessment is a process for evaluating a

project to identify its potential impacts on individual privacy and data protection

compliance, to examine how any detrimental effects might be overcome, and to

ensure that the project complies with data protection principles.

An interim Privacy Impact Assessment was completed in October 201312. It

considered how existing legislation, including the Data Protection Acts 1988 and

2003, applies to smart meters’ data, and what if any additional protections might

be needed to supplement the existing protections and access rights to provide a

clear privacy policy framework.

It was initially conducted by means of desktop review of technical documents

published by the CER, and a review of the research that had been sponsored by

the Sustainable Energy Authority of Ireland into public attitudes on smart

metering. Workshops and interviews were then carried out with selected groups

of stakeholders. These stakeholders were Energy Company and CER officials

who were closely associated with the programme.

The DPC’s views were reflected in the interim assessment. It explained that:

“the programme needs to ensure that the default setting for data extracted from smart meters, and used within the industry, is at an appropriate level that gives individuals the greatest degree of privacy.”

In terms of risks to individuals, the assessment explained that:

“An inappropriately fine level of granularity will result in individuals

being required to disclose more information than is necessary to meet the

purposes of the programme.”

11

http://www.dataprotection.ie/docimages/documents/Annual%20Report%202013.pdf, p 33. 12

A revised interim PIA was also completed in October 2014. CER plans to carry out a further updated PIA in October 2015.

http://www.dataprotection.ie/docimages/documents/Annual%20Report%202013.pdf


12

In terms of compliance risks, the assessment referred to the risk of:

“Failure of the CER and Data Controllers to ensure that personal

information is adequate and not excessive in relation to the purposes for

which it is processed; and the potential failure of the Data Controllers to

adopt appropriate aggregation and anonymisation techniques and to adopt

privacy by default strategy.”

In terms of associated organisation/ corporate risk, the assessment

commented:

“The CER runs the risk of reputational damage if it fails to gather sufficient

evidence to satisfy itself that it is acting in a proportionate manner when

mandating the granularity with which consumption data should be

processed. Data Controllers run the risk of reputational damage should

they process inappropriate amounts of information. The potential failure of

the data controllers to adopt appropriate aggregation and anonymisation

techniques and to adopt privacy by default strategy.”

In terms of experience from other countries, the assessment pointed out that:

“Consumers may make international comparisons and consider that their

privacy interests have not been sufficiently protected by regulators, Vis a

Vis citizens in other countries who can exercise a wider range of choices

as to the granularity of consumption data that is disclosed to Networks,

Suppliers and third parties for a range of purposes.”

Annex A contains a table summarising the privacy risks. The assessment was

revised in November 2014, following publication of the CER’s Smart Metering

High Level Design Decision Paper.13 It drew attention to the CER’s plans to

address the privacy risks. Annex B contains a table setting out these plans.

3.3 Call for Evidence

The CER considers that if consumers are to be able to take full advantage of the

economic benefits that are available to electricity networks in terms of the cost of

producing electricity, pricing practices in the wholesale and retail electricity

markets should be mirrored. Currently, the wholesale price of electricity (i.e. the

price that is charged by producers to suppliers) can change every half hour. If at

a stage in the future customers are to be offered individual tariffs that are based

on an electricity market that can change its price every half hour, then their

electricity meters will need to be capable of measuring electricity consumption in

intervals of 30 minutes.

13

CER Decision Paper on Smart Metering High Level Design, CER/14/046, 14 October 2014.


13

In examining the case for the CER to mandate the provision of half hourly data

from the customer’s meter to industry stakeholders on an automatic basis (i.e.

regardless of the wishes of customers), the CER sought evidence from industry

stakeholders to justify such a requirement.

The consultation process involved an initial period of stakeholder engagement and industry workshops, prior to a formal Call for Evidence to industry stakeholders in October 2013. In specific terms, it was designed:

To seek views and evidence from interested parties on the levels of data access and retention requirements that are required by Networks and Supplier companies;

To seek views on third party access to data and the role that consumer consent might play in such access;

To enable the CER to strike the right balance between protecting consumers privacy and achieving the NSMP objectives;

In respect of “mandates”, to seek evidence that would support the compulsory provision of half hourly data. This evidence was sought from trials, pilots and any case studies available; and

For data purposes that the CER would not be minded to mandate, the Call for Evidence asked for evidence, examples, pilot and trial information to aid justifications for the processing of half hourly data.

Fifteen data use cases were examined to assess the extent to which they support a compulsory requirement for half hourly data. Annex C contains a summary of the findings in respect of each use case. Responses were returned to CER in November 2013. Some key outcomes from the process were that:

Insufficient evidence emerged to support the processing of data more granular than day/night/peak for Time of Use billing and Energy Use Statements.

There was a lack of justification / evidence of benefit, at this stage, for granular consumption data to be considered necessary for other processing purposes, such as settlement, marketing, energy efficiency, theft, product development, debt management etc.).

A further series of bilateral meetings was carried out between March and May 2014 to:

Give stakeholders the opportunity to revise and extend their previous remarks; and


14

Enable the CER to ask some more specific and probing questions in light of comments received.

However, no further evidence was forthcoming that robustly challenged the key outcomes from the earlier consultation exercise.

3.4 International Practice

In developing its approach to data protection and the smart metering solution design, the CER has continued to monitor developments in other countries in smart metering, in particular in the US and European rollouts. These developments include:

Opinions of the Article 29 Data Protection Working Party, including opinions on smart metering14 and the definition of consent15, which are precursors to the European Commission’s Recommendation to prepare for the rollout of smart metering systems;

Proposed reform of the 1995 European Data Protection Directive16;

Proposed regulatory recommendations prepared by the Smart Grid Task Force for data protection impact assessments for smart grid and smart metering systems

In February 2014, a review of smart meter programmes that are currently underway in Europe and beyond was carried out to ascertain whether a common approach was being adopted with regard to the granularity of consumption data which was being captured by smart meters and used by market participants. The review demonstrated that a range of solutions have been, and are being, adopted, but no clear pattern has emerged. While some programmes do involve the mandatory use of half hourly consumption data, others do not. The roll-out programmes within each country appear to have been planned quite independently of each other, and consequently there are few common strands or standards that apply. This probably reflects different cultural and privacy expectations in each country. Consumers in different countries face:

Different levels of compulsion about whether smart meters are to be installed;

14

http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp183_en.pdf 15

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf 16

http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm


15

Different default granularities of interval data “pushed” or “pulled” from the smart meter; and

Different requirements on how frequently the meter readings can be sent from the meter to the collection agency.

In 2014 the European Commission adopted the document "Benchmarking smart metering deployment in the EU-27 with a focus on electricity"17 that builds upon a body of work and literature. On data access and security it comments that:

“In the internal energy market, data should flow freely, but the fundamental right of protection of personal data as provided for in Article 8 of the Charter of Fundamental Rights of the European Union, Article 16 of the TFEU and Directive 95/46/EC100 on protection of personal data and the national laws implementing it, must always be guaranteed. To increase consumer confidence, consumption and also own production data should be protected and only shared, with consumer consent, at the appropriate level of detail between Network operators and retail market actors for running novel businesses, energy services and new choices for consumers.”

The CER will continue to learn from the experience of other programmes while recognising the specific needs of the Irish energy markets and the benefits of the smart metering rollout as outlined in the trial.

17

COM /2014/0356

http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1403084595595&uri=COM:2014:356:FIN















16

4. Designing for Consent

4.1 Approach taken

Using the evidence adduced, and recognising international best practice CER has concluded that obtaining the customers’ “consent” is the preferred grounds on which granular data from smart meters is processed. The CER considers this allows flexibility and choice for consumers if they want to share their data or not. It is also in keeping with DPC recommendations and best practice in Europe. In order to develop a practical working model to incorporate customer choice a solution needed to be developed. In terms of privacy and data protection, the following guiding principles were adopted:

There should be a persistent and enduring right for customers to change their minds.

The choices made available to customers need to be transparent, simple and straightforward.

Text or conditions in customer contracts need to be clear and transparent about who data is to be shared with.

Although customers can give consent (or not) to half hourly consumption data leaving the home, this does not extend to give the customer the right to determine the method of data collection for the minimum level of granularity/frequency of data determined to be necessary to fulfil regulated duties18. In exploring the options for a model based on obtaining consumer consent for the processing of half hourly consumption data by Networks and Suppliers, the following guiding principles have been developed:

Any solution should aim to maximise the number of smart meters installed19.

When considering solutions we should look to maximise programme benefits while at the same time keeping costs at a minimum.

All customers with smart meters will be migrated onto a Time of Use tariff20 (where feasible).

18

i.e. billing 19 while respecting the privacy of individuals and balanced with their rights and freedoms 20 Customers will be given the choice as to when to move on to a Time of Use Tariff. CER/15/136 discusses this in more detail.


17

We want to minimise the number of people who object from a data privacy perspective. This places an emphasis on a successful customer engagement strategy.

To achieve the highest level of engagement, we are working on the basis of a consent model based on opt-out. The half hourly data flows as per the Core Design as default, unless the customer opts out of sharing interval data.

As is the case at present a certain level of granularity and frequency of data is required to leave the home regardless of customer consent in order to fulfill regulated duties

It is accepted that there are follow-on implications for the smart metering benefits possible for those customers who have opted out of half hourly consumption data leaving their home21.

Any solution must not frustrate market processes and market roles.

Any solution must also not frustrate Change of Supplier and Change of Legal Entity events.

Customer consent should be independent for electricity and gas.

4.2 Networks Model

These guiding principles were subsequently used by the Networks companies to develop and propose appropriate technical solutions. The customer will have a right to object to access by the industry on privacy grounds to their interval data. This is a right that is persistent, enduring and the customer can change their mind. This right is based on the opt out model.

The Core design is based on daily interval data collected by ESBN and provided to the market participants:

● Data access opt outs will not be covered by core design22

● Number of data opt outs assumed small23

● Data opt out customers will still get a smart meter

● Leverage the existing market processes for data opt out customers to ensure minimising cost while maximising benefits

21 while respecting the privacy of individuals and balanced with their rights and freedoms 22 The core design captures 30 minute interval data on a daily basis. Data opt out customers will have their tariff register data collected on a bi monthly basis as is the current practice. 23 In light of recent of recent roll out experience in the UK and other smart metering programmes.


18

● Following the existing process for data collection for these opt outs will mean ESBN will provide:24

– Set of bi-monthly values25 to enable supplier to bill Time of Use tarrifs

– Profile Data for settlement for customers on Time of Use tarrifs.

This technical model sets the basis for maximising participation in the smart metering programme. A more detailed discussion on maximising participation can be seen in the accompanying policy paper CER/15/137.

24 GNI will also leverage existing market processes and provide bi monthly reads to data opt out customers

for the purpose of billing. 25 Meter register consumption data as per the time of use tariff bands.


19

5. Next Steps

The CER will continue to engage with suppliers, network operators, stakeholders, the Data Protection Commissioner and the European Commission and European Working Groups to fully explore and address data protection issues, legal requirements and best practice in relation to data privacy, processing, retention, maintenance, use and security. It is possible that, at a European level, an overall agreement on a new legal data protection framework, cast in the form of a Regulation that replaces the existing Data Protection Directive, might be reached during the first half of 2016. Although it would not be fully in force until 2018, the CER has endeavoured to ensure that the NSMP’s design will meet any new privacy standards that may be introduced. Accordingly, the NSMP will ensure that:

Data protection by design and default is embedded into the programme;

Data minimization principles are respected;

Consumers are aware of the choices (in terms of the granularity of data collection) that will be available, what benefits these choices will offer, and how these choices can be made (and changed);

Consumers will have the right to obtain their personal data in a commonly used structured format; and

Consumers will have the right not to be subject to a measure based on profiling where it legally or significantly affects them.


20

Annex A Summary of significant privacy risks

A table setting out the significant privacy risks that were identified by the interim Privacy Impact Assessment (PIA) in October 2013 is set out below. In the following Annex B, CERs plans to address these risks are outlined.

Significant privacy risks

Risk Observation

Potential effect on

individuals and the

programme

1 Information

integrity and

security

Detailed plans, over and above the

December 2012 ESBN Paper on

security, outlining the technical

controls that specify how smart

metering information will be protected

have not yet been developed.

Security breaches will

cause bill payers to

lose confidence in the

programme and in the

ability of

suppliers/networks to

protect their personal

data. The DPC may

take appropriate

enforcement action.

2 Inappropriate

access to

consumption

data following a

change of

ownership

Detailed plans setting out how data

held on a meter or Mandated In-Home

Device that relates to a previous user

can be secured have not yet been

developed.

Bill payers are highly

unlikely to permit

historical consumption

data held on smart

meters or In-Home

devices being made

available by default to

other individuals

following a change in

legal ownership of the

meter.

3 Transparency

of the

programme

Detailed customer engagement

strategies have not yet been

developed.

Bill payers who are not

fully engaged with the

programme’s objectives

may not take sufficient

account of the granular

data that will become

available to positively

change their energy

consumption


21

behaviours. This results

in the increased risk of

invalid consent (where

bill payers are not

informed for one reason

or another).

4 Disclosure of

consumption

data within

Data

Controllers and

to other data

controllers

Detailed plans specifying the

mandated purposes for which granular

consumption data must be used, and

other purposes that bill payers may be

offered choices about, have not yet

been developed.

Bill payers may not be

offered as wide a range

of choices about the

purposes for which their

consumption data may

be used, compared with

bill payers in other

countries. This may

cause them to lose

confidence in the

programme. This also

results in a risk of

secondary or unlawful

usage by other data

controllers.

5 Granularity of

consumption

data

Detailed plans specifying the

granularity with which consumption

data may be used for specific

purposes have not yet been

developed.

Bill payers may not be

offered as wide a range

of choices about the

granularity of

consumption data that

will be used for specific

purposes, compared

with bill payers in other

countries. This may

cause them to lose

confidence in the

programme.

6 Retention of

consumption

data

Detailed plans specifying the periods

for which granular consumption data

should be retained have not yet been

developed. Retention schedules

should be detailed and justified.

Bill payers may find that

their consumption data

is being retained for

longer periods than is

the case in other

countries. This may

cause them to lose

confidence in the


22

programme.


23

Annex B Addressing the privacy risks

The interim assessment was revised in November 2014, following publication of the CER’s Smart Metering High Level Design Decision Paper.26 It drew attention to the CER’s plans to address the privacy risks. A table setting out these plans is set out below. Risk

Addressing the privacy risks

Risk Recommendations CER Response

1 Information integrity and Security

Develop a governance

structure for the security

aspects of the

programme.

Information integrity

and security matters

will feed into the

project governance

structure.

Ensure audits and

compliance with

standards for industry

stakeholders, such as

the information security

standard ISO27001.

The CER will appoint a Subject Matter Expert to progress these issues.

2 Inappropriate access to consumption data following a change of ownership

Adopt similar

specifications to those

published by the Smart

Metering Equipment

Technical Specifications

in Great Britain,

including the concept of

a PIN code.

Technical

specifications will be

developed following

a series of market

process workshops,

taking account of

advice from relevant

Subject Matter

Experts, and

monitored by the

Information Integrity

and Security work

stream.

Mandated In-Home

Device to show

instantaneous energy

usage with limited

storage capability.

26

CER Decision Paper on Smart Metering High Level Design, CER/14/046, 14 October 2014.


24


Provide the consumer

with a simple and easy

means to remove (all)

data from the Mandated

In-Home Device via a

button – in effect

returning the device to

its factory settings.

3 Transparency of the programme

Review a wide selection

of available evidence to

better understand what

constitutes effective

consumer engagement

in the context of smart

metering.

The CER will appoint a communications lead to facilitate greater public engagement.

Having established what

needs to be done to

engage consumers,

determine who is best

placed to deliver

consumer engagement.

The engagement with

consumers would need

to consider the main

interface with the

consumer pre-, during,

and post-installation of

smart meters.

Relevant work will be carried out through the Consumer Engagement Advisory Group.

Develop a Privacy

Charter to describe the

programme and provide

clear reassurance to

consumers about the

ways in which their

personal data will be

used, and the choices

they have about this.

Data controllers should

review their existing

privacy policies in

anticipation of the rollout

The communications lead, with the support of the Data Protection work stream, will develop appropriate material and encourage stakeholders to adopt a Privacy Charter.

Networks and Suppliers will be expected to review


25


of smart meters. They

will need to change if

meter data will be used

for new purposes.

their own privacy policies.

4 Disclosure of consumption data to data controllers

Assess EU and

international

developments to learn

lessons from

experience in other

countries and how they

are managing data

access from smart

meters.

Gemserv provided a report to the CER in February 2014, and will continue to provide data protection advice and support to the CER.

Consult further with the

Irish public,

stakeholders, consumer

bodies and Energy

Supply Companies to

understand their

viewpoints regarding

smart metering data.


5 Granularity of consumption data

Following an analysis of

the Call for Evidence,

the CER should consult

with the wider public

regarding what

granularity would be

considered acceptable.

The Call for Evidence gathered sufficient evidence for the CER to decide that customers ought to be presented with choices about whether their half hourly consumption data should be aggregated.


Consider how and by

whom any aggregation

or anonymisation of

consumption data is

achieved, and the role

of ESBN in its function

Aggregation will be carried out at the meter, before interval data leaves the home.


26


of data collection on

behalf of the

programme.

Assess solutions developed in other EU countries and elsewhere.

Gemserv provided a brief report to the CER in February 2014, and will continue to provide relevant advice and support to the CER.

6 Retention of consumption data

Data controllers should

publicise their retention

strategies in a Privacy

Charter.

The Data Protection work stream will encourage stakeholders to develop appropriate material in a Privacy Charter.

Review the existing

standards and policies

that apply in the energy

sector for retention of

register reads and

consumption data, given

that the data will be

available at a more

granular level.

The CER will examine this issue in due course.

Develop a specification

of requirements for data

retention across the

NSMP Smart Meter

Architecture, applying

principles of data

minimisation.

The CER will examine this issue in due course.


27

Annex C Summary of findings from the Call for Evidence.

In examining the case for the CER to mandate the provision of half hourly data from the customer’s meter to industry stakeholders on an automatic basis (i.e. regardless of the wishes of customers), the CER sought evidence from industry stakeholders to justify such a requirement. The necessity for the use of half hourly data for the following purposes were considered: 1. Electricity Time of Use Billing 1.1 Background There are three broad uses of electricity consumption data in the context of TOU tariffs, for both customers and suppliers:

To calculate an accurate bill (or to check the accuracy of the bill);

To understand the potential cost implications of a particular tariff choice;

To identify alternative tariffs that would be attractive, if available. Suppliers need to access sufficient energy consumption data to ensure that they are able to bill their customers accurately. The CER will require Suppliers to develop a single standard domestic TOU tariff structure, which domestic customers of that supplier will migrate to by default at an appropriate time following the installation of their smart meter. 1.2 Outcome The receipt of consumption data is a legitimate processing condition and the TOU mandate will require Suppliers to have a certain amount of information, but the evidence adduced from the consultation exercise was not sufficient for Data Protection work stream to support the processing of half hourly data for this purpose on automatic grounds without the customer’s consent. Applying the principle of data minimisation, the Data Protection work stream considered that a monthly feed of data, broken down by Day/Night/Peak as the default position could provide Suppliers with sufficient data to calculate a bill, delivering the programme objectives whilst also protecting the privacy of consumers. Naturally there would be some exceptions, e.g. to facilitate accurate readings required for Change of Supplier and Change of Legal Entity events. 2. Gas Billing 2.1 Background As with electricity billing, Suppliers need to access sufficient energy consumption data to ensure that they are able to bill their customers accurately, and the three broad uses of gas consumption are the same as the use cases of electricity


28

consumption data (see section 1.1 above). Unlike the electricity market, the CER decided in July 2012 not to mandate gas Time of Use tariffs. 2.2 Outcome Suppliers were not able to provide sufficient justification or evidence that supports the provision of half hourly data on automatic grounds, based on the core design. While the arguments are strong about consistency across both fuels, the evidence adduced from the consultation exercise was not sufficient for the Data Protection work stream to support the processing of half hourly data for this purpose based upon the core design, without the customer’s consent. Applying the principle of data minimisation, the Data Protection work stream considered that less granularity is sufficient, giving Suppliers adequate data to calculate a bill, and delivering the programme objectives whilst also protecting the privacy of consumers. Naturally there would be some exceptions might need to be considered, e.g. to facilitate accurate readings required for Change of Supplier and Change of Legal Entity events. 3. Presentation of Energy Usage Information 3.1 Background Smart metering trials conducted in Ireland demonstrated that the richness of data provided in the smart bill contributed to achieving energy reductions, both in peak and overall demand. Customers participating in the trials were found to reduce peak usage, with a peak shift of up to 11.3% when receiving bi-monthly and monthly statements. The Call for Evidence acknowledged that the presentation of timely and relevant information from smart meters would help realise the potential economic and environmental benefits. 3.2 Outcome The Data Protection work stream acknowledged the role that tailored energy efficiency advice/data can have on energy savings. Suppliers were provided with half hourly data as part of the customer behaviour trials, which was then aggregated-up into bands for presentation on the customer’s bill / statement. However, the data protection work stream was not persuaded that sufficient evidence exists to support the case that half hourly interval data is necessary to reduce peak usage, as this data was not made available to domestic customers during the trials. From a data minimisation perspective, the receipt of less granular at day/night/peak granularity, to reflect the default Time of Use tariff, could well accomplish the same outcomes.


29

4. In-home Displays (IHD) 4.1 Background It is proposed that an IHD is to be provided to domestic customers, which will display real time energy usage information. Instantaneous data can be displayed on the IHD without it being needed to be collected by industry participants. Some privacy issues exist due to non-bill payers seeing balance information in the home. 4.2 Outcome There was consensus in the responses to the Call for Evidence that neither Suppliers nor Networks required access to data for this purpose. 5. Harmonised Downloadable File (HDF) 5.1 Background Data protection legislation already provides that consumers should be able to access their own smart metering energy consumption data, if it is stored by a data controller. The Call for Evidence considered access to data by consumers via a Customer Web Interface that would be provided by Suppliers and network businesses. 5.2 Outcome Stakeholders were not able to provide any evidence that supports the likely take-up and utilisation of the HDF, and the Data Protection work stream queried whether consumers will readily understand why both Networks and Suppliers will be obliged to support an HDF. Given that the main customer relationship is with their Supplier, it seemed illogical for Networks to face a similar obligation. The Data Protection work stream considered that customers should be able to see what they had previously agreed to share with their supplier. So, if the customer only wanted to share daily consumption data readings with the supplier, the HDF ought to be expected to be only able to present daily readings. If the customer wanted to share half hourly data with the supplier, then the HDF ought to be expected to present half hourly records. 6. Electricity Settlement 6.1 Background Wholesale market settlement is the process that reconciles the amount of energy that an electricity supplier has arranged to be put on to a distribution network,


30

and the amount that has (or is estimated to have) been used by customers. Electricity is currently settled on a half hourly basis.27 The Call for Evidence tested the proposition that interval data from smart meters could be used to estimate the amount bought by each supplier in each half hour much more accurately, and without the need to use standard load profiles. Settlement based on more accurate data could lead to a closer relationship between the amount of wholesale bought each half hour, and the actual consumption of that Supplier’s customers. However, these benefits could also arise without the disclosure of personal data to suppliers if “Privacy by Design” principles were observed. Was there a case for half hourly data to be made available to ESBN prior to it being aggregated (i.e. de-personalised) for submission to the market operator? 6.2 Outcome Some level of energy consumption data was obviously required by Suppliers in order to meet existing licence conditions, through the Single Electricity Market Trading and Settlement Code. However, the Data Protection work stream was not persuaded that aggregated half hourly data was necessary for settlement on automatic grounds, especially in the context of Time of Use products with set time bands. 7. Marketing 7.1 Background Suppliers will already have arrangements in place that determine whether customers are willing to receive direct marketing communications, in line with data protection legislation. 7.2 Outcome The requirement for suppliers, and indeed any data controller, to obtain customer consent for marketing purposes is the preferred mechanism for using data for marketing purposes. It was not considered necessary for Suppliers to have access to a customer’s half hourly data in order to carry out targeted marketing campaigns. 8. Energy Efficiency 8.1 Background

27

About 8,000 large industrial and commercial customers have half hourly (or quarter hourly) meter readings. For domestic and smaller commercial customers, half hourly figures are currently estimated using typical consumer profiles.


31

Energy efficiency targets can be achieved by customers reacting to price signals and by using more energy efficient appliances in the home. Energy efficiency targets can also be met by encouraging third parties to provide appropriate advice. Energy Suppliers considered that, with access to more granular data, the energy savings delivered to date could be significantly increased. However, would they be able to persuade consumers to take-up advice on energy efficiency without first being able to demonstrate the value to them, which arguably requires that they receive half hourly data by default? 8.2 Outcome The evidence adduced from the consultation exercise supported the case that tailored energy efficiency advice/data can have a significant impact on energy savings. However, the customer behaviour trials did not test the impact that the provision of half hourly data to customers would have on customer behaviour. The supplier involved in the trial was provided with HH granular data, but it was then aggregated-up into time bands for presentation on the customer’s bill / statement, together with various energy efficiency hints and tips. Accordingly, there is insufficient evidence for the Data Protection work stream to assert, with confidence, that half hourly data is unequivocally necessary for this purpose. 9. Detection & Prevention of Theft 9.1 Background Suppliers are required by License conditions to take all reasonable steps to detect and prevent theft of electricity and gas.28 Currently, theft of energy is detected through a combination of triggers, meter inspections and suspicious consumer behaviour. The costs of theft are currently added to all customer bills, so reducing theft would benefit all consumers. 9.2 Outcome The Data Protection work stream noted that are merits in the industry receiving daily or weekly data, which is a significant improvement on today’s arrangements, but considered that the privacy of all customers also needs to be respected. There is a case, however, for the industry receiving half hourly or hourly consumption data daily where Suppliers have reasonable grounds of suspicion that theft is being committed. 10. Product Development, Tariff Design and Innovation 10.1 Background

28

SLC8.


32

Was access to half hourly data necessary to enable Suppliers to develop new retail offerings, design new tariffs and to innovate? 10.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that half hourly data was always needed for this purpose. It may well be possible to develop new retail offerings, design new tariffs and innovate based on sample data from smart meters, or aggregated or anonymised data. 11. Pricing 11.1 Background Pricing is the process of providing customers with a future price for their electricity or gas. The process is normally undertaken when Suppliers offer new terms of supply to new or existing customers at Change of Supplier or Change or Legal Entity. Currently, Suppliers ascertain historic consumption by asking domestic customers for their meter readings or annual usage, accompanied with information about their premises. A major benefit of smart metering is that the potential availability of actual consumption will enable Suppliers to offer a product much more closely aligned to the customer’s usage. 11.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that HH interval data was always needed for this purpose. 12. Wholesale Hedging 12.1 Background Wholesale hedging is a commercial activity. The better the information Suppliers have on their consumer’s usage, the better they will be able to forecast their future energy demands and buy ahead. 12.2 Position Some stakeholders considered that aggregated or anonymised data is sufficient for this purpose. Accordingly, the Data Protection work stream did not conclude that half hourly data was necessary to satisfy this requirement. 13. Debt Management


33

13.1 Background Will access to granular data enable Suppliers to better identify consumers in payment difficulty? The provision of accurate meter readings and the ability for consumers to track their own usage through the Mandated In-Home Device may help reduce the debt build up. 13.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that half hourly data was always needed for this purpose. 14. Network Management 14.1 Background Distribution businesses have obligations in their licenses to operate and ensure the maintenance of a safe, secure, reliable, economical and efficient distribution system. Smart metering data may help network operators fulfil these obligations. Was half hourly data necessary to assist network operators to discharge their obligations? 14.2 Outcome The evidence adduced from the consultation exercise did not enable the Data Protection work stream to support the view considered that HH interval data was always needed for this purpose. One of the network operators considered that access to anonymised consumption data would be adequate to realise the benefits. 15. Network Charges 15.1 Background The roll-out of smart meters will increase the amount of information available on what electricity and gas customers consume, and importantly when consumption occurs at any given point in a day. This makes it technically possible for Network and Transmission operators to introduce new charging methodologies or structures, which could allow for more accurate Distribution Use Of system and Transmission Use of System pricing. Was half hourly data always necessary for this purpose? 15.2 Outcome Stakeholders did not provide any evidence that supports changing the ways in which distribution and transmission companies charge. Therefore, the Data Protection work stream did not consider that it was necessary to allow network or


34

transmission operators access to half hourly data without the consumer’s consent.

CER National Smart Metering Programme Information Paper on … · 2019. 1. 24. · The CER is not a...

Documents

Transcript of CER National Smart Metering Programme Information Paper on … · 2019. 1. 24. · The CER is not a...