The European Data Protection Supervisor (EDPS) has expressed privacy concerns about smart metering systems, which are due to be rolled out across the European Union by 2020.
The EDPS acknowledged there were numerous benefits to smart meters, but said that more must be done to improve security and how the data collected is stored.
EU member states are currently carrying out an economic assessment of costs and benefits ahead of smart meter rollouts, which is expected to deliver £7.2 billion in net benefits to the UK in the next 20 years.
Security concerns have long persisted, with analysts predicting that they will be hacked due to a lack of protection and their physical location in non-secure areas.
Chief among the EDPS’ concerns is the amount of sensitive personal data the meters could reveal, such as whether users are away on holiday or at work, if they use certain medical devices or a baby monitor and what they do with their free time.
Although he acknowledged this information might be useful for analysing energy use for conservation, he claimed the patterns discovered could be used for marketing, advertising and price discrimination by third parties.
To allay these concerns, the EPDS has issued a number of recommendations, such as offering more information on the legal basis of data processing and the choices available to citizens, such as the frequency of readings.
Privacy-enhancing Technologies (PETs) should be obligatory and there should be more guidance on how long the data is kept, the EPDS said. This information should also be made available to consumers, as should the ways it is used, it added.
“The EDPS calls on the Commission to assess whether further legislative action is necessary at EU level to ensure adequate protection of personal data for the roll-out of smart metering systems an – in his opinion – provides pragmatic recommendations for such legislative action,” said Giovanni Buttarelli, assistant EDPS. “Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament.
“These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches.”
What do you know about Green IT? Find out with our quiz!
The cyber risk facing UK “widely underestimated”, warns head of GCHQ’s NCSC Richard Horne in…
Lawsuit filed in London against Microsoft alleges customers using rival cloud services, have to pay…
Judge in Delaware for the second time rules against the record-breaking $56 billion pay package…
Beijing bans exports to US of key materials after Biden administration imposes more restrictions on…
New round of US semiconductor export restrictions designed to hamper Beijing's capacity to produce high-end…
Lender KfW is to be reimbursed by the German government more than €600 million ($629…