EU watchdog flags up smart meter privacy risk


Tighter controls over smart meter data collection are needed to prevent snooping on the public, an EU watchdog has warned.

The European Data Protection Supervisor (EDPS) said, while the devices would help reduce the carbon footprint in people's homes, the data collected and sent back to companies could also be used to "infer information about domestic activities".

The watchdog brought up the matter in response to the European Commission's plans to rollout smart meters across the continent by the end of the decade.

If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks.

It said the move would "enable massive collection of personal data which can track what members of a household do within the privacy of their own homes...if someone uses a specific medical device or a baby monitor, how they like to spend their free time and so on."

These patterns and profiles could be used for many other purposes, including marketing, advertising and price discrimination by third parties, it claimed.

Giovanni Buttarelli, assistant EDP supervisor, said legislation was necessary at EU level to ensure adequate protection of personal data for the rollout of smart metering systems.

"Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament," he said.

"These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches."

The watchdog also called for more guidance on the legal basis of the processing and the choices available to data subjects.

It also said there should be "direct access to consumers to their energy usage data, as well as disclosure to them of their individual profiles and the logic of any algorithms used for data mining and information on remote on/off functionality."

David Mahdi, global product marketing manager at identity management firm Entrust, said the watchdog's warning highlighted the need for the transfer of sensitive data to be protected at all times.

"If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks," he said.

"In the hands of a professional criminal, this could be used to find out the movements of the occupant, when they are in or out of the house, and even when they are asleep, therefore posing a real risk to their personal safety."

Mahdi added that, while smart meters offered real advantages, they are, in essence, a critical infrastructure and need to be built with the most robust security and data protection in mind.

"Effective authentication and authorisation must be at the heart of smart meter rollouts," he added.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.