Abstract
Smart grids are slowly becoming the future of worldwide energy generation and distribution and they promise, among other things, numerous environmental, and energy efficiency benefits to society. At the same time, however, they are capable of severely invading the inviolability of the most privacy-sensitive placeāthe home. Therefore, these concerns must be duly taken into consideration while deploying smart grids. This chapter provides an overview, from the European legal perspective, smart grids challenges to the fundamental rights to privacy, personal data protection, and the way Europe has addressed them. It pays special attention to the relevant regulatory requirements and to the means available to properly address these challenges, especially the data protection impact assessment (DPIA). It concludes by a few observations on the efficiency of the European approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See, for instance, the European Commissionās Smart Grids Task Force. Cf. infra, at Sect. 2.4.2.
- 2.
Cf. infra, at 2.10.
- 3.
Cf. Treaty establishing the European Coal and Steel Community (Paris 1951).
- 4.
Cf. Treaty establishing the European Atomic Energy Community (Rome 1957).
- 5.
Cf. Treaty establishing the European Economic Community (Rome 1957).
- 6.
Cf. Treaty on European Union (Maastricht 1992).
- 7.
Currently, the EU is based on two basic international agreements defining the constitutional order of the Union: the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU). These Treaties undergo a numerous amendments since their first inception as the Treaties of Rome (1957) and the Treaty of Maastricht (1992). The Treaty of Lisbon (2007) constitutes the most recent amendment to the EU Treaties.
- 8.
Art 26(1) TFEU.
- 9.
- 10.
Art 2(4) TFEU.
- 11.
Art 5(3) TEU.
- 12.
Art 5(4) TEU.
- 13.
For the sake of clarity, the EU has a power to enact binding legislative instruments of two main types. A directive binds the Member States as to the goals but leaves the means of implementation to them. Thus, a directive is always implemented into a national legal system, usually by an act of parliament. A regulation is a directly binding instrument and requires no implementation in a national legal system. These two types of legal instruments are supplemented by non-binding ones such as recommendations and opinions. Various instruments will often be used in conjunction with each other. For more information on the EU legislative toolbox, cf. [5, 111ā117].
- 14.
Cf. infra, at 2.3.1.2.
- 15.
Cf. infra, at 2.3.1.3.
- 16.
Directive 2004/22/EC of the European Parliament and of the Council of 31 March 2004 on measuring instruments, OJ L 135, 30.4.2004, pp. 1ā80. All EU legislation can be accessed via http://eur-lex.europa.eu.
- 17.
Annex MI-003, paragraph 5(3).
- 18.
European Commission, Questions and Answers on the third legislative package for an internal EU gas and electricity market, MEMO 11/125, Brussels, 2 March 2011. http://europa.eu/rapid/press-release_MEMO-11-125_en.htm.
- 19.
Directive 2009/72/EC of the European Parliament and of the Council of 13 July 2009 concerning common rules for the internal market in electricity and repealing Directive 2003/54/EC, OJ L 211, 14.8.2009, pp. 55ā93.
- 20.
Directive 2009/73/EC of the European Parliament and of the Council of 13 July 2009 concerning common rules for the internal market in natural gas and repealing Directive 2003/55/EC, OJ L 211, 14.8.2009, pp. 94ā136.
- 21.
Regulation (EC) No 714/2009 of the European Parliament and of the Council of 13 July 2009 on conditions for access to the network for cross-border exchanges in electricity and repealing Regulation (EC) No 1228/2003, OJ L 211, 14.8.2009, pp. 15ā35.
- 22.
Regulation (EC) No 715/2009 of the European Parliament and of the Council of 13 July 2009 on conditions for access to the natural gas transmission networks and repealing Regulation (EC) No 1775/2005, OJ L 211, 14.8.2009, pp. 36ā54.
- 23.
Regulation (EC) No 713/2009 of the European Parliament and of the Council of 13 July 2009 establishing an Agency for the Cooperation of Energy Regulators, OJ L 211, 14.8.2009, pp. 1ā14.
- 24.
Recital 27.
- 25.
Art 3(11).
- 26.
Recital 55 and Annex 1, paragraph 2.
- 27.
Annex 1, paragraph 2.
- 28.
Art 37(1)(p).
- 29.
AnnexĀ I, paragraph 1(h).
- 30.
AnnexĀ I, paragraph 1(i).
- 31.
AnnexĀ I, paragraph 1(a).
- 32.
AnnexĀ I, paragraphs 1(h)ā1(j).
- 33.
Directive 2012/27/EU of the European Parliament and of the Council of 25 October 2012 on energy efficiency, amending Directives 2009/125/EC and 2010/30/EU and repealing Directives 2004/8/EC and 2006/32/EC, OJ L 315, 14.11.2012, pp. 1ā56.
- 34.
Recital 33.
- 35.
Electricity Internal Market Directive and Gas Internal Market Directive, respectively. cf. supra, at 2.3.1.2 [VP & DK].
- 36.
Directive 2010/31/EU of the European Parliament and of the Council of 19 May 2010 on the energy performance of buildings, OJ L 153, 18.6.2010, pp. 13ā35 [VP & DK].
- 37.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Digital Agenda for Europe, Brussels, 26 August 2010, COM (2010) 245 final/2.
- 38.
Cf. supra, note 37.
- 39.
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Smart Grids: from innovation to deployment, Brussels, 12 April 2011, COM(2011) 202 final.
- 40.
- 41.
Commission Recommendation of 9 March 2012 on preparations for the roll-out of smart metering, COM(2012) 1342 final, 2012/148/EU, OJ L 73, 13.3.2012, pp. 9ā22; hereinafter: the 2012 Recommendation.
- 42.
European Commission, Joint Research Centre, Institute for Energy and Transport, Guidelines for conducting a cost-benefit analysis of Smart Grid projects, Report EUR 25246 EN, Petten 2012. http://ses.jrc.ec.europa.eu/sites/ses.jrc.ec.europa.eu/files/publications/guidelines_for_conducting_a_cost-benefit_analysis_of_smart_grid_projects.pdf.
- 43.
- 44.
Cf. http://ec.europa.eu/energy/strategies/2010/2020_en.htm [VP & DK].
- 45.
Now: Executive Agency for Small and Medium-sized Enterprises (EASME), http://ec.europa.eu/easme [VP & DK].
- 46.
Cf. http://ec.europa.eu/euratom [VP & DK].
- 47.
Cf. infra, at 2.4.3 [VP & DK].
- 48.
- 49.
Cf. supra, at 2.3.1.2.
- 50.
- 51.
Cf. supra, note 23 [VP & DK].
- 52.
Regulation (EU) No 1227/2011 of the European Parliament and of the Council of 25 October 2011 on wholesale energy market integrity and transparency, OJ L 326, 8.12.2011, pp. 1ā16 [VP & DK].
- 53.
Regulation (EU) No 347/2013 of the European Parliament and of the Council of 17 April 2013 on guidelines for trans-European energy infrastructure and repealing Decision No 1364/2006/EC and amending Regulations (EC) No 713/2009, (EC) No 714/2009 and (EC) No 715/2009, OJ L 115, 25.4.2013, pp. 39ā75 [VP & DK].
- 54.
- 55.
- 56.
- 57.
Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols No. 11 and No. 14, Rome, 4 November 1950, ETS No. 5. http://conventions.coe.int/treaty/en/treaties/html/005.htm.
- 58.
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981, ETS 181. http://www.conventions.coe.int/Treaty/en/Treaties/Html/108.htm.
- 59.
Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, Strasbourg, 8 November 2001, ETS 181. http://www.conventions.coe.int/Treaty/en/Treaties/Html/181.htm.
- 60.
- 61.
Cf. supra, note 7.
- 62.
Charter of Fundamental Rights of the European Union, OJ C 326, 26.10.2012, pp. 391ā407.
- 63.
- 64.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, pp. 31ā50.
- 65.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.7.2002, pp. 37ā47.
- 66.
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communication services or of public communications networks and amending Directive 2002/58/EC, OJ L 105, 13.4.2006, pp. 54ā63. The Data Retention Directive has been recently invalidated by the Court of Justice of the European Union, in joint cases C-293/12 and C-594/12, as entailing a āwide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessaryā [11].
- 67.
Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, pp. 60ā71.
- 68.
Regulation 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8, 12.1.2001, pp. 1ā22.
- 69.
Due to a relatively complex nature of European integration, the European Economic Area (EEA) consists of the European Union (i.e. 28 Member States) as well as Norway, Iceland, and Liechtenstein and provides for a free movement of goods, persons, services, and capital between the contracting parties. Switzerland, on the contrary, maintains a bilateral relationship with the EU/EEA.
- 70.
The current list can be found at http://ec.europa.eu/justice/policies/privacy/thridcountries/index_en.htm.
- 71.
Cf. supra, note 68.
- 72.
Despite invalidation in April 2014 (cf. supra, note 68), the Data Retention Directive is still mentioned here as national laws enacted in implementation of that Directive would for the time being remain in force, unless retracted or invalidated by national higher courts.
- 73.
European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25 January 2012, COM (2012)11 final; hereinafter: the GDPR or the EU General Data Protection Regulation.
- 74.
European Commission, Commission proposes a comprehensive reform of data protection rules to increase usersā control of their data and to cut costs for businesses, press release, IP/12/46, Brussels, 25 January 2012. http://europa.eu/rapid/press-release_IP-12-46_en.htm.
- 75.
See Article 2 of the EU Data Protection Directive, Article 29 Data Protection Working Party, Opinion 12/2011 on smart metering (4 April 2011), p. 7, cf. further [13].
- 76.
Art 6.2.
- 77.
This was, for instance, the case with search engines, whereby, although relevant operators apparently considered themselves as processors for data protection purposes, it was only in early 2014 that the Court of Justice of the European Union clarified that they too need to be considered data controllers (cf. Court of Justice of the European Union, Google Spain SL and Google Inc. v Agencia EspaƱola de ProtecciĆ³n de Datos (AEPD) and Mario Costeja GonzĆ”lez, C-131/12).
- 78.
Cf. supra, note 41, par. 21.
- 79.
- 80.
Art 6(1)(b).
- 81.
However, on the anonymization of personal data in the smart grid context, cf. [14].
- 82.
Art (6)(1)(a).
- 83.
Art 2.
- 84.
Arts 11ā12, preamble 38 as well as infra, at 2.6.9.
- 85.
Art (6)(1)(c).
- 86.
Art (6)(1)(d).
- 87.
Cf. infra, note 103.
- 88.
Art 11.
- 89.
Art 11(1).
- 90.
Art 12.
- 91.
Art 15.
- 92.
As is evidently the case in the UK, see āEnergy companies agree to develop new data sharing systemsā, http://www.privacylaws.com/UK_enews_June14_1.
- 93.
Art 12.
- 94.
Art 2.
- 95.
Cf. infra, note 103, pp. 11ā12.
- 96.
Art 6.
- 97.
Art 17(2)ā(4).
- 98.
Cf. Arts 31ā32 of the EU General Data Protection Regulation.
- 99.
- 100.
- 101.
Cf. supra, note 41.
- 102.
Cf. supra, note 41.
- 103.
- 104.
Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_en.pdf. Cf. also [15].
- 105.
The two previous drafts of the DPIA template were never officially made public. The final version is published online, cf. http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2014_dpia_smart_grids_forces.pdf.
- 106.
ibid, pp. 14ā35.
- 107.
- 108.
European Commission, Recommendation of 10 October 2014 on the Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems, 2014/724/EU, OJ L 300, 18.10.2014, pp. 63ā68.
- 109.
Cf. supra, note 111.
- 110.
The Information and Privacy Commissioner of Ontario has issued a guidebook for applying the PbD concept into smart grids applications developers. Cf. [18] [VP & DK].
- 111.
- 112.
32nd International Conference of Data Protection and Privacy Commissioners, Privacy by Design Resolution, Jerusalem, 27ā29 October 2010. http://www.ipc.on.ca/site_documents/pbd-resolution.pdf.
- 113.
- 114.
European Commission, Joint Research Centre, EU privacy seals project, Inventory and analysis of privacy certification schemes, 2013.
- 115.
European Commission, A comprehensive approach on personal data protection in the European Union, COM (2010) 609 final, p. 12.
- 116.
Cf. supra, note 75.
- 117.
European Parliament, Committee on Civil Liberties, Justice and Home Affairs, Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), 21 November 2013. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A7-2013-0402+0+DOC+PDF+V0//EN.
- 118.
We thank Michael John for pointing this to our attention.
- 119.
- 120.
- 121.
Department of Energy and Climate Change [VP & DK].
- 122.
Cf. supra, at 2.8.8.1 [VP & DK].
References
Lisovich MA, Wicker SB (2008) Privacy concerns in upcoming residential and commercial demand-response systems. In: 2008 Clemson University Power Systems Conference, vol 1, pp 1ā10, https://www.truststc.org/pubs/332.html
Anderson R, Fuloria S (2010) Who controls the off switch? In: Proceedings of the IEEE SmartGridComm, pp 170ā190 http://www.cl.cam.ac.uk/*rja14/Papers/meters-offswitch.pdf
Department of Energy and Climate Change (2012) Smart metering implementation programme: data access and privacy: government response to consultation. London, December 2012, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/43046/7225-gov-resp-sm-data-access-privacy.pdf
Smart Grid Interoperability PanelāCyber Security Working Group (2010) Guidelines for smart grid cyber security: privacy and the smart grid. NIST, vol. 2, August 2010. http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf
Craig PP, de BĆŗrca G (2008) EU law: text cases and materials. OUP, Oxford
Nugent N (2010) The government and politics of the European Union, 7th edn. Palgrave Macmillan, Basingstoke
Cini M, Borragan NPS (2010) European union politics. OUP, Oxford
Wacks R (2010) Privacy: a very short introduction. OUP, Oxford, pp 30ā31
Brandeis LD, Warren S (1890) The right to privacy. Harvard L Rev 4:193
European Union Agency for Fundamental Rights (2013) Handbook on European data protection law. Vienna, Strasbourg. doi: 10.2811/53711
Court of Justice of the European (2014) The court of justice declares the data retention directive to be invalid. Press Release (54/14):2, http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf
Murrill BJ, Liu EC, Thompson II RM (2012) Smart meter data: privacy and security. Congressional Research Service, 3 Feb 2012, https://fas.org/sgp/crs/misc/R42338.pdf
Knapp E, Samani R (2013) Applied cyber security and the smart grid. Elsevier, London, pp 88ff
Bleicher A (2010) Privacy on the Smart Grid. Are smart meters spies? They donāt have to be. IEEE Spectrum, http://spectrum.ieee.org/energy/the-smarter-grid/privacy-on-the-smart-grid
Spiekermann S (2012) The RFID PIAādeveloped by industry, endorsed by regulators. In: Wright D, De Hert P (eds) Privacy impact assessment, pp 323ā346. doi: 10.1007/978-94-007-2543-0_15
Cavoukian A (2012) Operationalizing privacy by design: a guide to implementing strong privacy practices, pp 21ā25
Cavoukian A (2013a) Privacy by design. Toronto, pp 1ā6
Cavoukian A (2013b) Privacy by design: fundamentals for smart grid app developers. Toronto
Van Blarkom GW, Borking J, Olk J (2003) Handbook of privacy and privacy-enhancing technologies. The case of intelligent software agents. College Bescherming Persoonsgegevens, The Hague, p 33, http://www.andrewpatrick.ca/pisa/handbook/Handbook_Privacy_and_PET_final.pdf
Janic M, Wijbenga JP, Veugen T (2013) Transparency enhancing tools (TETs): an overview. In: 2013 third workshop on socio-technical aspects in security and trust, June, pp 18ā25. doi: 10.1109/STAST.2013.11
Hildebrandt M (2009) Behavioural biometric profiling and transparency enhancing tools. Deliverable D7.12 of the āFuture of identity in the information societyā project [FIDIS], p 20, http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp7-del7.12_behavioural-biometric_profiling_and_transparency_enhancing_tools.pdf
Kloza D (2014) Privacy impact assessments as a means to achieve the objectives of procedural justice. In: Schweighofer E, Kummer F, Hƶtzendorfer W (eds) Transparenz. Tagungsband Des 17. Internationeln Rechtsinformatik Symposions IRIS 2014. Osterreichische Computer Gesellschaft, Vienna, pp 449ā458
De Hert P, Kloza D, Wright D (2012) Recommendations for a privacy impact assessment framework for the European Union. Brussels, London, pp 12ā13, http://piafproject.eu/ref/PIAF_D3_final.pdf
Hildebrandt M (2013) Legal protection by design in the smart grid. Privacy, data protection and profile transparency. Smart Energy Collective, Arnhem, http://pilab.nl/wp-content/uploads/2013/05/KEM-64P707-BRO-LPbD-in-SmartGrid_A4_FC_v4.pdf
Danezis G, Rial A (2010) Privacy-preserving metering for smart-grids. Executive summary, p 1, http://research.microsoft.com/en-us/projects/privacy_in_metering/
Rial A, Danezis G (2011) Privacy-preserving smart metering. In: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, ACM, pp 49ā60. doi: 10.1145/2046556.2046564
Kursawe K, Danezis G, Kohlweiss M (2011) Privacy-friendly aggregation for the smart-grid. In: PETSā11 proceedings of the 11th international conference on privacy enhancing technologies. Springer, Berlin, Heidelberg, pp 175ā191. doi: 10.1007/978-3-642-22263-4_10
Danezis G, Kohlweiss M, Rial A (2011) Differentially private billing with rebates. In: Information hiding. Springer, Berlin, pp 148ā162. doi: 10.1007/978-3-642-24178-9_11
Garcia FD, Jacobs B (2011) Privacy-friendly energy-metering via homomorphic encryption. In: Security and trust management. Springer, Berlin, pp 226ā238. doi: 10.1007/978-3-642-22444-7_15
Acs G, Castelluccia C (2011) I have a DREAM! (DiffeRentially privatE smArt Metering). In: Information hiding. Springer, Berlin, pp 118ā132. doi: 10.1007/978-3-642-24178-9_9
Elster (2012) Privacy enhancing technologies for the smart grid. Elsterās proposal for privacy enhancing technology implementation, pp 1ā8, http://www.elster.com/assets/downloads/PETwhitePaperA4-Web.pdf
Kursawe K (2012) How to have the cake and eat it, too: protecting privacy and energy efficiency in the smart grid. In: Pohlmann N, Reimer H, Schneider W (eds) Securing electronic business processes: highlights of the information security solutions Europe 2011 conference. ViewegĀ +Ā Teubner, Wiesbaden, pp 164ā173
Est RV, Brom F (2012) Technology assessment, analytic and democratic practice. In: Encyclopedia of applied ethics, 2nd edn, pp 306ā320. doi: 10.1016/B978-0-12-373932-2.00010-7
Bureau EuropĆ©en des Unions de Consommateurs (2013) Protecting and empowering consumers in future smart energy markets. Brussels, pp 3ā4, http://www.beuc.org/publications/2013-00083-01-e.pdf
Klopfert F, Wallenborn G (2011) Empowering consumers through smart metering. Bureau EuropƩen des Unions de Consommateurs, Bruxelles, http://www.beuc.org/publications/2012-00369-01-e.pdf
Hoenkamp R, Huitema GB, de Moor-van Vugt AJC (2011) The neglected consumer: the case of the smart meter rollout in the Netherlands. Renew Energy Law Policy (RELP) 4:269ā282
Cuijpers C, Koops B-J (2013) Smart metering and privacy in Europe: lessons from the Dutch case. In: Gutwirth S, Leenes R, De Hert P, Poullet Y (eds) European data protection: coming of age, pp 269ā293. doi: 10.1007/978-94-007-5170-5_12
Brown I (2013) Britainās smart meter programme: a case study in privacy by design. Int Rev Law Comput Technol 28(2):172ā184. doi: 10.1080/13600869.2013.801580
De Hert P, Kloza D (2011) The challenges to privacy and data protection posed by smart grids. In: Schweighofer E, Kummer F (eds) EuropƤische Projektkultur Als Beitrag Zur Rationalisierung Des Rechts. Tagungsband Des 14. Internationalen Rechtsinformatik Symposions IRIS 2011. Osterreichische Computer Gesellschaft, pp 191ā196
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
Ā© 2015 The Author(s)
About this chapter
Cite this chapter
Papakonstantinou, V., Kloza, D. (2015). Legal Protection of Personal Data in Smart Grid and Smart Metering Systems from the European Perspective. In: Smart Grid Security. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-6663-4_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-6663-4_2
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-6662-7
Online ISBN: 978-1-4471-6663-4
eBook Packages: Computer ScienceComputer Science (R0)