Privacy Issues in Smart Electrical Grids: Another Internet of Things Problem by Jeremy Meisinger
Smart grids – electrical grids that allow two-way communication between utilities and consumers – represent an exciting frontier in the Internet of Things, with ramifications for energy efficiency, weather resiliency and climate change, among others. As the Department of Energy writes, “[t]he Smart Grid represents an unprecedented opportunity to move the energy industry into a new era of reliability, availability, and efficiency that will contribute to our economic and environmental health.”
But like many aspects of the Internet of Things, smart grids also present privacy concerns. Few people fret about the privacy of their monthly electric bill, but smart meters could change that. Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, has noted that smart meter data can tell much more about an individual than you might initially think: “how many people are in the house, what they do, whether they’re upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data.” If sufficiently detailed, this data can be used to infer such characteristics as “sleeping habits, vacation, health, affluence, or other lifestyle details.”
For this reason, the Department of Energy and the Federal Smart Grid Task Force have collaborated to release a new Voluntary Code of Conduct “intended to apply as high level principles of conduct for both utilities and third parties.” These principles are:
- Customer Notice and Awareness;
- Customer Choice and Consent;
- Customer Data Access and Participation;
- Integrity and Security; and
- Self Enforcement Management and Redress.
Boiled down, the Code of Conduct focuses on disclosing to consumers how data is collected and the purposes for which it will be used, as well as providing to consumers some level of control over access to their data. Indeed, the Code requires affirmative customer consent for disclosure of data for “secondary purposes,” meaning purposes outside of utility and closely-related services, but such consent is not required where data is aggregated or anonymized. The Code also makes recommendations regarding aggregation and anonymization to limit the chance of identification of individual consumers.
Utilities and firms doing business with utilities should be aware of the Code and consider its recommendations whether they seek to adopt it or not. As Colin has noted, the FTC is keenly attuned to the privacy concerns presented by new technology, as evidenced by its reports proposing best practices for such contexts as data brokering,connected car technology, online behavioral advertising, facial recognition, and mobile privacy, as well as by its comments on the Code. As such, firms would be wise to take a pro-active approach in developing policies to deal with smart meter data in a secure, responsible way.