Smart Energy Data Privacy

UPDATED: July 29, 2011

The disruptive new technology opportunities unleashed by smart meters and the data they produce has provoked a debate over who will gain access to that smart meter data and what can they do with it. Recently, the California Public Utilities Commission opened R.08.12.009, a rulemaking proceeding on smart meter data privacy.  I first wrote about this on May 9, 2011 describing how the proposed rule was intended to work. On July 28, 2011, the Commission issued its final decision in the meter data privacy proceeding becoming the first state in the US to issue such rules.

In opening this proposed rulemaking, the CPUC was just following instructions from the Legislature as outlined in SB1476 to protect the meter data privacy of individual consumers over their individual energy use. California is at the bleeding edge of this issue and the rulemaking has brought plenty of attention to the issue of who gets access to our smart meter data.  But it turns out the issue is more complicated than just our meter readings.

The utilities are obligated to protect our privacy and not disclose our personal energy use information to third parties without our permission.  But if we give the utility permission to share our information with a prospective vendor what happens to our privacy protections?

The rulemaking proceeding participants debated what types of data will be “locked” and thus protected from data that is “unlocked” and thus publicly available.  The parties also debated how far the rules of data privacy protection should extend.  If the utility turns over data to a third party vendor about our personal energy use to give us a proposal for new solar panels on our roof, for example, what can that vendor do with our data?  Can they use it to sell us an alternative energy system?  Can they sell it to an energy efficiency contractor who then uses it to pitch us insulation, new lighting or a replacement HVAC system?  Can Zillow or another real estate site slurp it up to display online along with my assessed valuation or other property statistics?  Will I even have to disclose my energy use history in a real estate listing or transaction?  Can Google organize the world energy use information—including mine?

Do you see where this is going?

Just like our credit card information, once we give out the number we never are quite sure again who might have it.  With our credit card we some unauthorized charge is going to show up on our credit card statement, but we can easily see that when the bill arrives to pay up.  With our energy bill, it is more complicated since the bill could be accurate but the underlying data to calculate it could be used to sell us more stuff.  Or it could be resold to others to gather intelligence on patterns of energy use by size of house, location or other analytics methods, and so forth.  Is this just market research?

With data privacy is it difficult to tell our friends from our enemies.

That is what is being debated in this CPUC data privacy rulemaking.  There are balances being struck about what is a friendly use of smart meter data to inform us and help us make better use of energy in our homes and businesses.  For that we often need expert help from third-party vendors who use our energy use data to recommend energy efficiency and other actions, evaluate our current HVAC, lighting and other equipment or look at our patterns of energy use in search for wasted phantom power.  These are all friendly uses of our data.  But what if those third party vendors share our data or sell it to others?  Most of us would consider that decidedly unfriendly, so the CPUC in its proposed rules is trying to determine how far down the data food chain its rules should apply to those who gain access to our data.

But this only covers data from our smart meter readings right?

Not necessarily, on the customer side of the meter there is a looming set of business opportunities for sensors, gadgets, dashboards and other devices that might, in the future, be integrated into home area networks (HAN) or home energy management systems (HEM) so our smart appliances can send data to our HAN or HEM where software will enable us to program our lives, protect our home security, and take the inconvenience out of our daily routines.  Who can have access to that data?

Under the CPUC rules data from the customer side of the meter would be’ locked’ and thus considered private all the time.  But does that mean that smart meter data on the aggregate patterns of our energy use is ‘unlocked’ and thus accessible?  Here the proposed rule requires utilities to make it available to customers and enables customers to authorize third-party access to it.  But the rules go further and seek to impose on those third-party vendors the same data privacy protection obligations that are imposed on the utility from which they got the data.

Wait a minute say third party vendors!

We’re just small business people trying to sell our services.  We are not subject to the regulation of the CPUC and we do not want to sign up for that obligation.  But are they?  Without this ‘chain of data privacy responsibility’ as the proposed rule describes it, a company like Google could suction up both unlocked and locked data and use it for targeted advertising or sell it for business prospecting.

The question the CPUC is asking is should we have the smart meter and customer energy data equivalent of the “DO NOT CALL” list?  Or should the rule go farther, as is now proposed to say that any third party vendor has a duty to protect the privacy of customer energy data and not use it for any purpose other than the one the customer intended in authorizing access to it.

And that is where we stand today.  How far will the reach of government extend in protecting our energy data privacy?  And when we disclose that data what can the third parties we give it to do with that data?

I Want Your Data

Image via Wikipedia

There is one more thing to worry about. . .

If data on our energy use patterns become available whether locked or unlocked does that give the government the ability to send us a letter informing us that we are wasteful in our energy use habits and thus a public nuisance so the government, in its infinite wisdom, is going to come audit us formally and provide a list of retrofits and lifestyle changes we will be expected to comply with or face fines and other penalties?

Think about that for a moment!

It sounds far-fetched, I know, but that is EXACTLY what the US EPA is seeking to do to electric utilities with its proposed rules on emissions reduction and other operating requirements.  On July 1, a new law went into effect in California that mandated that EVERY home must, as of that date, have a working carbon monoxide detector.  OK that makes sense, but how will the state enforce this? But where does regulation cross the line from making sense to invading our privacy and impeding our rights?  California’s energy efficiency code is the most progressive in the nation and smart meter data and energy consumption pattern data will, for the first time, enable the government to evaluate which of us is a friend of the environment and which of us is not!  And which of us has a working CO detector and which of us is a slacker!

OK!  OK!   I bought a $50 CO detector at the hardware store this weekend and plugged it in, but I refuse to give up my old beer refrigerator in my garage!  Do I sound paranoid?

Getting the rules right about energy data privacy is important

We want and need disruptive new technologies to empower us, inform us, and protect us.  And because it can also be used against us unless we assert our rights and mastery over it—-Big Brother is watching!