EU watchdog flags up smart meter privacy risk
European Data Protection Supervisor claims UK's in danger of becoming a state of mass surveillance with smart meter rollout.
Tighter controls over smart meter data collection are needed to prevent snooping on the public, an EU watchdog has warned.
The European Data Protection Supervisor (EDPS) said, while the devices would help reduce the carbon footprint in people's homes, the data collected and sent back to companies could also be used to "infer information about domestic activities".
The watchdog brought up the matter in response to the European Commission's plans to rollout smart meters across the continent by the end of the decade.
If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks.
It said the move would "enable massive collection of personal data which can track what members of a household do within the privacy of their own homes...if someone uses a specific medical device or a baby monitor, how they like to spend their free time and so on."
These patterns and profiles could be used for many other purposes, including marketing, advertising and price discrimination by third parties, it claimed.
Giovanni Buttarelli, assistant EDP supervisor, said legislation was necessary at EU level to ensure adequate protection of personal data for the rollout of smart metering systems.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
"Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament," he said.
"These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches."
The watchdog also called for more guidance on the legal basis of the processing and the choices available to data subjects.
It also said there should be "direct access to consumers to their energy usage data, as well as disclosure to them of their individual profiles and the logic of any algorithms used for data mining and information on remote on/off functionality."
David Mahdi, global product marketing manager at identity management firm Entrust, said the watchdog's warning highlighted the need for the transfer of sensitive data to be protected at all times.
"If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks," he said.
"In the hands of a professional criminal, this could be used to find out the movements of the occupant, when they are in or out of the house, and even when they are asleep, therefore posing a real risk to their personal safety."
Mahdi added that, while smart meters offered real advantages, they are, in essence, a critical infrastructure and need to be built with the most robust security and data protection in mind.
"Effective authentication and authorisation must be at the heart of smart meter rollouts," he added.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
ITPro is 20!We take a look back on the past two decades since ITPro launched...
-
Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaignNews The tie-up includes a new model of industrialized ransomware deployment that significantly lowers the barrier to entry for cyber crime
-
Startup founders lament 'regulatory friction' despite EU simplification effortsNews Entrepreneurs are spending a fortune on compliance, and it’s forcing some to consider relocating
-
AWS says cloud market gatekeeper designation risks ‘deterring European investment and innovation’ as EU regulators plot competition crackdownNews Gatekeeper designation under the legislation would force AWS and Microsoft to make concessions
-
‘This closes a gap that has caused real uncertainty in the market’: Changes to EU AI Act implementation deadlines welcomed by industryNews New implementation deadlines for the EU AI Act could help remove “genuine friction” for European companies
-
European Commission approves data flows with UK for another six yearsNews The European Commission says the UK can have seamless data flows for another six years despite recent rule changes
-
Three things you need to know about the EU Data Act ahead of this week's big compliance deadlineNews A host of key provisions in the EU Data Act will come into effect on 12 September, and there’s a lot for businesses to unpack.
-
The second enforcement deadline for the EU AI Act is approaching – here’s what businesses need to know about the General-Purpose AI Code of PracticeNews General-purpose AI model providers will face heightened scrutiny
-
Meta isn’t playing ball with the EU on the AI ActNews Europe is 'heading down the wrong path on AI', according to Meta, with the company accusing the EU of overreach
-
‘Confusing for developers and bad for users’: Apple launches appeal over ‘unprecedented’ EU fineNews Apple is pushing back against new app store rules imposed by the European Commission, suggesting a €500m fine is a step too far.