Brian Craig, Ellen Browne, data protection lawyers, TLT LLP Electricity retail, Energy networks, Energy retail, Gas retail, Smart metering, Technology, Opinion

The manipulation of data will be the cornerstone of a plethora of innovative energy services, but innovators must take care to guarantee privacy and security, say Brian Craig and Ellen Browne.

Accelerating changes in the energy landscape promise consumers more options, efficiency and control over their energy usage. Connected households will be swiftly switching energy suppliers, setting the thermostat from mobile phones or selling solar energy to their neighbours. The conductor for this highly flexible, integrated and tailored smart energy system is personal data. To deliver on the energy vision consumers are clamouring for, energy companies need personal data fluidity – and lots of it.

Data privacy rules are often seen as a barrier to innovation in the energy sector, and the introduction of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 has increased the complexity around how utilities can use consumers’ personal data. As smart energy charges deeper into homes and new ways of using personal data emerge, ensuring that data protection and privacy are designed into business plans will be imperative to keeping regulators and customers on side.

Consider the following initiatives, each driven by personal data fluidity.

Smart metering

As of January 2019, 250,000 homes and small business premises have been connected in the government’s national smart meter rollout.

Currently, suppliers have the right to access this high level data for things like precision billing. But the potential of smart-meters goes far beyond not having to take a meter reading each month, provided companies use personal data properly and receive authorisation from the Smart DCC (Data Communications Company), which manages the communications infrastructure.

For example, time of use optimisation would use data about energy consumption levels at different times of the day to shift energy demand patterns to help balance the grid and give consumers more choice. Flexible pricing options could also incentivise consumers to use cheaper energy at night – storing it for daytime use in batteries. Greater certainty of supply and demand for suppliers means better prices for consumers – so everyone’s a winner.

Connected devices

Connected devices like smart thermostats and lighting allow consumers to interact with their energy systems remotely via their smartphones. The same technology could allow for intuitive “zoning” of heating and lighting, based on where people typically spend time in the house at different times of the day – or where they actually are, through tracking or sensors.

Disengaged customers

Proposals are circulating to implement a database containing details of customers who have been on the same energy tariff for a long time. The idea is that these customers could be contacted by competing providers to offer better deals. A legal basis to use personal data here would save consumers money and spark competition.

The Data Protection Act 2018 and GDPR apply to personal data – that is, any information that allows utilities to identify an individual. Any use of personal data is required to be lawful, fair and transparent and protecting individuals’ information is considered so important that a data breach could result in fines of up to €20 million (£17 million) or 4 per cent of global turnover, whichever is higher. In addition, groups of individuals whose data is leaked, deleted or misused could bring group claims – causing even greater financial and reputational damage.

Determining what is “personal data” in the energy sector is not always straightforward. In isolation, data like energy consumption data or time-of-use figures are relatively low risk. But combined with identifiers like names and addresses, or financial or location data, this information becomes personal data and those handling it become subject to data protection regulation.

Some personal data also provides an insight into the private lives of consumers – imposing a greater level of responsibility on those using it. For example, individuals could remotely learn of the daily activities of others from energy usage tracking apps. A hack of remote heating control apps could see households frozen out, and even seemingly innocuous smart meter energy data could be used by unauthorised or criminal viewers to know when a home is unoccupied.

Data protection cannot be an afterthought for any innovation in technology or service provision in the smart energy sector. Whether it’s future-proofing consent mechanisms or investing in technical and security measures to protect against data breaches, consumer privacy should be considered at every stage of the project design process.

Navigating the GDPR as an innovator can be challenging, but with the investment required to obtain insight and expertise at the earliest stage of a project, consumer data could be a smart energy system’s most valuable asset. After all, personal data fluidity is what makes these smart services possible.


What to read next