Upload
ronan-kennedy
View
259
Download
3
Embed Size (px)
Citation preview
Smart Grids, Smart Meters, Privacy
and Data ProtectionRónán Kennedy, School of Law, NUI Galway
Image from https://www.flickr.com/photos/traftery/
Overview
1. Privacy issues in Smart Grids2. Legal responses3. Questions for discussion
Legal Problems with Smart GridsEnergy usage patterns reveal lifestyle patterns – for example:
Health issues, particularly sleep, diet, exercise, alcohol use
Relationship issues and child care arrangements
Religion
Enables discrimination and bias
Smart grids and meters may not be secure
Consumers may not be able to make informed decisions about privacy
Design ResponsesPrivacy by Design:
“Data Protection Impact Assessment”Security by Design:
end-to-end encryptionseparate streams for core and value-added services
Data Protection by Design and by DefaultOptions:
Include metadata on consent (default is off), processing, sharing
Keep data in a personal data store with intelligent agent as safeguard
Provide consumers with open source software
Right for consumers to access, move and erase data
Prohibition on automated profiling without knowledge or consent
Technical OptionsSecure, distinct data streams with authenticationPersonal data storagePrivacy-preserving data mining and aggregationDiscrimination-aware data miningConsumer control of granular data accessSemantic metadata in interactive systems
Article 29 Working PartyOpinion 04/2013
criticised DPIA for lack of clarity, confusing risks and threats, and not linking risks and controls
Opinion 07/2013:DPIA improved but needs improvement and testing
EU CommissionRecommendation 724/2014:
use of the “Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems”
Data Protection by Design and Data Protection by Default solutions
test phase “with deployment of real cases”
Review within two years (before October 2016)
EU Data Protection Regulation - 2015?Expected early 2015Likely changes:
need for explicit and freely given consentmore significant fines
EU Data Protection Regulation - 2015?
Requirements:appropriate technical measuresdata portabilityinterconnection between competitorsData Protection Impact Assessments
Concluding QuestionsIs it possible to introduce privacy concerns into technologies that are designed to share data?
Do consumers have the motivation, time and patience to learn to manage their privacy in such detail?
How to ensure a uniform approach without stifling innovation?
How to manage law enforcement requests for energy use data?
How to manage the exporting of data from the EEA?
Further InformationIra S. Rubinstein, “Regulating Privacy by Design” 26(3) Berkeley Technology Law Journal (2011), http://scholarship.law.berkeley.edu/btlj/vol26/iss3/6/
Mireille Hildebrandt, “Legal Protection by Design in the Smart Grid”, http://works.bepress.com/mireille_hildebrandt/42
Ian Brown, “Britain’s smart meter programme: A case study in privacy by design” 28(2) International Review of Law, Computers & Technology 172 (2014)