Skip to main content
SpringerLink
Log in
Book cover

European Data Protection: Coming of Age pp 313–345Cite as

Beyond Gut Level – Some Critical Remarks on the German Privacy Approach to Smart Metering

  • Chapter
  • First Online:

Abstract

The European Directive on common rules for the internal market in electricity (2009/72/EC) requires all member states to “ensure the implementation of intelligent metering systems” in order to foster a more active involvement of customers in the electricity market. Such intelligent metering systems are able to collect and transmit consumption data in a significantly increased resolution and therefore raise privacy concerns. On the other hand, high-resolution measurement data are an essential basis for achieving the aims of higher overall energy efficiency and a significantly increased proportion of electricity originating from fluctuating renewable sources.

While European activities are still in an early stage, Germany has recently amended the national energy law and established specific and comprehensive regulations directed at security and privacy in smart metering environments. The underlying German approach to the regulation of smart grid privacy is examined and critically discussed in the light of the necessary functional provisions within an electricity grid under the regulatory regime of a liberalized market. Alternative approaches from the Netherlands and the UK are presented and compared to the German one. Finally, some implications are derived that might prove valuable for ongoing activities addressing smart grid privacy on the European level.

The author is indebted to Oliver Raabe, Eva Weis and Mieke Lorenz for intensive and fruitful discussions on the subjects examined herein and for helpful comments on earlier drafts of this document.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Directive 2009/72/EC, Appendix I, Number 2. Both requirements can be subject to a national “economic assessment of all the long-term costs and benefits”. We will, however, abstract from this restriction herein.

  2. 2.

    See, for instance, Article 29 Data Protection Working Party, “Opinion 12/2011 on Smart Metering,” http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp183_en.pdf, accessed Nov. 28, 2011; Trans Atlantic Consumer Dialogue, “TACD Recommendations for Governments and Utility Service Providers: Smart Meters Need Customer-Centered Standards,” http://tacd.org/index.php?option=com_content&task=view&id=175&Itemid=43, accessed Nov. 28, 2011.

  3. 3.

    There are some restrictions to this obligation, but these can be assumed to become nearly irrelevant in the medium term. See Sect. 14.5.3 below.

  4. 4.

    The delineation used herein generalizes from the accurate definitions given in article 2 of the directive to a certain extent for reasons of lucidity. The actual regulations are even more complex than depicted here due to different exceptional rules. To understand the general preconditions for reflecting on the energy market, however, the generalized model used herein should be sufficient.

  5. 5.

    For respective overviews see, for example, European Commission, “European SmartGrids Technology Platform – Vision and Strategy for Europe’s Electricity Networks of the Future,” (EUR 22040, 2006) http://ec.europa.eu/research/energy/pdf/smartgrids_en.pdf, accessed Nov. 28, 2011; European Commission, “ICT for a Low Carbon Economy – Smart Electricity Distribution Networks,” (2009) http://ec.europa.eu/information_society/activities/sustainable_growth/docs/sb_publications/pub_smart_edn_web.pdf, accessed Nov. 28, 2011; International Energy Agency, “Technology Roadmap Smart Grids,” (2011), http://www.iea.org/papers/2011/smartgrids_roadmap.pdf, accessed Nov. 28, 2011.

  6. 6.

    For vivid examples of what can, depending on the actual resolution, be deduced from household load graphs, see, for instance, Elias L. Quinn, “Privacy and the New Energy Infrastructure” (SSRN working paper, 2009), http://ssrn.com/abstract=1370731, accessed Nov. 28, 2011.

  7. 7.

    See Ulrich Greveler, Benjamin Justus and Dennis Löhr, “Hintergrund und experimentelle Ergebnisse zum Thema ‘Smart Meter und Datenschutz’,” (technical report – V. 0.6 of Sept. 2011), http://www.its.fh-muenster.de/greveler/pubs/smartmeter_sep11_v06.pdf, accessed Nov. 28, 2011.

  8. 8.

    See, for example, Gerald Bauer, Karl Stockinger and Paul Lukowicz, “Recognizing the Use-Mode of Kitchen Appliances from Their Current Consumption,” Smart Sensing and Context, Lecture Notes in Computer Science, 2009, vol. 5741/2009, pp. 163–176, doi: 10.1007/978-3-642-04471-7_13.

  9. 9.

    See, for instance, Layla AlAbdulkarim and Zofia Lukszo, “Impact of Privacy Concerns on Consumers’ Acceptance of Smart Metering in The Netherlands,” Proc. of the 2011 IEEE International Conference on Networking, Sensing and Control, Delft, pp. 287–292.

  10. 10.

    As we will concentrate on the European perspective herein, we will use the term “data protection” in the following, referring to the nomenclature established by, for instance, the European data protection directive 95/46/EC and avoid the use of “privacy” which would possibly suggest a US-American perspective. Due to the significant differences with regard to the treatment of the respective aspects as well as in matters of market structure and regulation, a simple adoption of US-American models and approaches to smart metering and smart grids would hardly prove expedient within the scope of European regulations – an often overlooked fact that is unquestionably not restricted to data protection/privacy aspects alone.

  11. 11.

    Article 29 Data Protection Working Party, “Opinion 12/2011 on Smart Metering.”

  12. 12.

    Article 29 Data Protection Working Party, “Opinion 12/2011 on Smart Metering,” p. 4.

  13. 13.

    A systematic analysis on the basis of the data protection directive was for example given by Rainer Knyrim and Gerald Trieb, “Smart metering under EU Data Protection Law,” International Data Privacy Law 1(2, 2011), pp. 121–128, doi:10.1093/idpl/ipr004.

  14. 14.

    Task Force Smart Grids – Expert Group 2, “Essential Regulatory Requirements and Recommendations for Data Handling, Data Safety, and Consumer Protection – Recommendation to the European Commission” (final draft of June 2011, p. 47), http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/expert_group2_draft.pdf, accessed Nov 28, 2011.

  15. 15.

    Task Force Smart Grids – Expert Group 2, “Essential Regulatory Requirements,” p. 57.

  16. 16.

    BGBl. I 2011, S. 1554, “Gesetz zur Neuregelung energiewirtschaftsrechtlicher Vorschriften.”

  17. 17.

    For a detailed description, see especially the documents BK6-09-034 – Wechselprozesse im Messwesen (change processes in measurement), BK6-06-009 – Geschäftsprozesse zur Kundenbelieferung mit Elektrizität (business processes for customer supply with electricity) and BK6-07-002 – Marktregeln für die Durchführung der Bilanzkreisabrechnung Strom (market rules for balancing electricity) given by the Federal Network Agency. All documents are available via http://www.bundesnetzagentur.de/

  18. 18.

    In fact, the customer has four different graded options between “refuse” and “full use”. See Stephan Renner et al., “European Smart Metering Landscape Report,” pp. 53 ff., 59 f.

  19. 19.

    See Netbeheer, “Dutch Smart Meter Requirements,” (V. 4.0 of April 2011), http://www.energiened.nl/_upload/bestellingen/publicaties/284_313185a%20-%20DSMR%20v4.0%20final%20Main.pdf, accessed Nov. 28, 2011, p. 51: “Only the grid operator shall have direct access to the metering installation via the [external interface … He] is also responsible for the correct data communication from the metering installation to the central system and vice versa.”

  20. 20.

    See Energie-Nederland, “Energie in Nederland 2011 – Energy in the Netherlands 2011” (2011, pp. 16, 80), http://www.energie-nederland.nl/wp-content/uploads/2011/08/Energie-in-Nederland-2011.pdf, accessed Nov. 28, 2011. For the general communication structure, see also the figure in Netbeheer, “Dutch Smart Meter Requirements,” p. 10 or Layla Al Abdulkarim and Zofia Lukszo, “Smart Metering for the Future Energy Systems in the Netherlands” (paper presented at the Fourth International Conference on Critical Infrastructures, Linkoping, 2009).

  21. 21.

    See Netbeheer, “Dutch Smart Meter Requirements,” p. 17.

  22. 22.

    See Stephan Renner et al., “European Smart Metering Landscape Report,” p. 53.

  23. 23.

    See Netbeheer, “Dutch Smart Meter Requirements,” pp. 61 f., 68 f.

  24. 24.

    See Stephan Renner et al., “European Smart Metering Landscape Report,” p. 88.

  25. 25.

    See DECC, “Smart Metering Implementation Programme: Response to Prospectus Consultation – Supporting Document 1 of 5 – Data Access and Privacy,” (2011, p. 22), available via http://www.decc.gov.uk/, accessed Nov. 28, 2011.

  26. 26.

    DECC, “Smart Metering Implementation Programme: Response to Prospectus Consultation – Overview Document,” (2011, p. 3), available via http://www.decc.gov.uk/, accessed Nov. 28, 2011.

  27. 27.

    See, in particular, DECC, “Smart Metering Implementation Programme: Response to Prospectus Consultation – Supporting Document 1 of 5 – Data Access and Privacy,” p. 10.

  28. 28.

    This question is also subject to a recent call for evidence to broaden the basis for the DECC’s rulemaking. See DECC, “Smart Metering Implementation Programme: A call for evidence on data access and privacy,” (2011), available via http://www.decc.gov.uk/, accessed Nov. 28, 2011. The underlying vagueness was also objected by Ross Anderson, Shailendra Fuloria and Éireann Leverett, “Data Privacy and Security for Smart Meters – Response to Ofgem’s Consultation,” (2011, p. 2 f), http://www.cl.cam.ac.uk/∼rja14/Papers/DECC-sm-final.pdf, accessed Nov. 28, 2011.

  29. 29.

    See DECC, “Smart Metering Implementation Programme: Response to Prospectus Consultation – Overview Document,” p. 25.

  30. 30.

    See, for instance, 2009/72/EC, Annex II, Nr. 2: “Member States shall ensure the implementation of intelligent metering systems that shall assist the active participation of consumers in the electricity supply market. The implementation of those metering systems may be subject to an economic assessment of all the long-term costs and benefits to the market […]. Where roll-out of smart meters is assessed positively, at least 80% of consumers shall be equipped with intelligent metering systems by 2020.”

  31. 31.

    See § 21d EnWG: “Ein Messsystem im Sinne dieses Gesetzes ist eine in ein Kommunikationsnetz eingebundene Messeinrichtung zur Erfassung elektrischer Energie, das den tatsächlichen Energieverbrauch und die tatsächliche Nutzungszeit widerspiegelt.”

  32. 32.

    The latter condition depends on a multitude of factors, including the price of the device itself, the costs of its operation or even the business model of the MPO. It is therefore hard to provide well-founded estimations about the implications of this legally set precondition at the moment.

  33. 33.

    Freely translated from Bundestag, “Entwurf eines Gesetzes zur Neuregelung energiewirtschaftsrechtlicher Vorschriften” (BT-Drucks. 17/6248), p. 4. In original: „[Der Gesetzentwurf] weist ihm alleine die Bestimmung über die Verwendung von Verbrauchsdaten seines intelligenten Zählers zu […].”

  34. 34.

    See Ann Cavoukian, Jules Polonetsky and Christopher Wolf, “SmartPrivacy for the Smart Grid: embedding privacy into the design of electricity conservation,” Identity in the Information Society 3 (2010), pp. 275–294, doi: 10.1007/s12394-010-0046-y.

  35. 35.

    Similar implications were also derived from deliberations on overall system security within the electricity grid and the need for an appropriate protection against malicious attacks possibly involving those entities installed at the customers’ side. In this respect, see, for example, Himanshu Khurana, Mark Hadley, Ning Lu, and Deborah A. Frincke, “Smart-Grid Security Issues,” IEEE Security & Privacy 8 (1, 2010), pp. 81–85; Patrick McDaniel and Stephen McLaughlin, “Security and Privacy Challenges in the Smart Grid,” IEEE Security & Privacy 7 (3, 2009), pp. 75–77; Ivan L.G. Pearson, “Smart grid cyber security for Europe,” Energy Policy 39 (9, 2011), pp. 5211–5218; Claudia Eckert, “Sicherheit im Smart Grid” (Alcatel-Lucent-Stiftung, 2011) http://www.stiftungaktuell.de/files/sr90_sicherheit_im_energieinformationsnetz_gesamt.pdf, accessed Nov. 28, 2011. We will, however, mainly concentrate on those aspects related to data protection in the following.

  36. 36.

    On the European level, technical requirements for meters – or rather “measurement devices” – are harmonized through the “Measurement Instruments Directive (MID)” 2004/22/EC. With regard to “smart meters”, harmonizing European regulations are currently developed under Mandate 441. See European Commission, “Standardisation mandate to CEN, CENELEC and ETSI in the field of measurement instruments for the development of an open architecture for utility meters involving communication protocols enabling interoperability,” (M/441, 2009), http://ec.europa.eu/energy/gas_electricity/smartgrids/doc/2009_03_12_mandate_m441_en.pdf, accessed Nov 28, 2011.

  37. 37.

    See §§ 21e, 21i EnWG.

  38. 38.

    See BSI, “Protection Profile for the Gateway of a Smart Metering System” (V 1.1.1 final draft, 2011, in the following: BSI-PP), available via https://www.bsi.bund.de/DE/Themen/SmartMeter/Schutzprofil/schutzprofil_node.html, accessed Nov. 28, 2011.

  39. 39.

    See BSI, “TR-03109: Anforderungen an die Interoperabilität der Kommunikationseinheit eines intelligenten Messsystems für Stoff und Energiemengen” (V 0.2.0 draft, 2011, in the following: BSI-TR), available via https://www.bsi.bund.de/DE/Themen/SmartMeter/TechnRichtlinie/TR_node.html, accessed Nov 28, 2011.

  40. 40.

    See BSI-PP, line 317 ff. In this respect, see also BSI-PP, line 478 ff (“the data can only be read by the intended recipient and only contains an association with the identity of the Meter if this is necessary.”) as well as the cardinality of “1…n” authorized external entities in BSI-PP, line 196, figure 2.

  41. 41.

    BSI-PP, line 545 f.

  42. 42.

    This use case is, for example, explicitly discussed in BSI-TR, line 411 ff.

  43. 43.

    For a more detailed but still not exhaustive depiction of the different “data needs”, see, for instance, Frank Pallas, “Data Protection and Smart Grid Communication – The European Perspective,” Proc. of the 2012 IEEE PES Innovative Smart Grid Technologies Conference, doi: 10.1109/ISGT.2012.6175695.

  44. 44.

    See BSI-PP, line 321f.: “An access profile defines how meter data must be processed […].”

  45. 45.

    Such postulations have, amongst many others, been made by Dennis Laupichler, Stefan Vollmer, Holger Bast and Matthias Intemann, “Das BSI-Schutzprofil,” Datenschutz und Datensicherheit – DuD 8/2011, p. 544 (speaking for the BSI); Klaus J. Müller, “Verordnete Sicherheit – Das Schutzprofil für das Smart Metering Gateway” Datenschutz und Datensicherheit – DuD 8/2011, p. 551; or Eckert, “Sicherheit im Smart Grid,” p. 31.

  46. 46.

    Pfändler, “Smart Meter und Smart Grid”, p. 5 (speaking for the federal data protection authority). In original: “die Kommunikationseinheit [soll] in der Lage sein, die notwendige Tarifierung selbst vorzunehmen.”

  47. 47.

    See Sect. 14.3 above.

  48. 48.

    See Sect. 14.4 above.

  49. 49.

    This notion is also supported by the German government which explicitly stated that the catalogue of legitimate purposes shall be deemed exhaustive and that the collection, processing and use of data from the measurement system shall solely be legitimate for the cases explicitly mentioned in the catalogue. See Bundesrat, “Entwurf eines Gesetzes zur Neuregelung energiewirtschaftsrechtlicher Vorschriften,” (BR-Drucks. 343/11), p. 202: “§ 21g legt in Absatz 1 einen abschließenden Katalog von Fällen fest, in denen die Erhebung, Verarbeitung und Nutzung personenbezogener Daten zulässig ist.”; p. 196: “Erhebung, Verarbeitung und Nutzung personenbezogener Daten sind ausschließlich in den in § 21g beschriebenen Fällen zulässig […].”

  50. 50.

    For a slightly more exhaustive discussion on this issue, see Oliver Raabe, Mieke Lorenz, Frank Pallas and Eva Weis, “Harmonisierung konträrer Kommunikationsmodelle im Datenschutzkonzept des EnWG,” Computer und Recht, 12/2011, pp. 831–840.

  51. 51.

    See BVerfGE 65, 1.

  52. 52.

    See, for instance, BDI, “Internet of Energy – ICT for Energy Markets of the Future – The Energy Industry on the Way to the Internet Age,” (BDI publication No. 439, 2010) http://www.bdi.eu/bdi_english/download_content/ForschungTechnikUndInnovation/BDI_initiative_IoE_us-IdE-Broschure.pdf, accessed Nov 28, 2011. See also Sean Davies, “Internet of Energy,” Engineering & Technology 5 (16, 2010), pp. 42–45.

  53. 53.

    See Bundesrat, “Entwurf eines Gesetzes zur Neuregelung energiewirtschaftsrechtlicher Vorschriften,” p. 202: “[Die] Vorschriften dienen in zentraler Weise dem Schutz des Grundrechts auf informationelle Selbstbestimmung […].”

  54. 54.

    See, for example, Andreas Kamper and Anke Eßer, “Strategies for Decentralised Balancing Power,” in Andrew Lewis, Sanaz Mostaghim and Marcus Randall (ed.), Biologically-Inspired Optimisation Methods, Studies in Computational Intelligence, 2009, Volume 210/2009, pp. 261–289, doi: 10.1007/978-3-642-01262-4_10.

  55. 55.

    See Independent Center for Data Protection Schleswig-Holstein, “ULD-Stellungnahme zur Smart-Meter-Regelung im Rahmen der Energiewende,” (2011, p. 3) https://www.datenschutzzentrum.de/smartmeter/20110615-smartmeterregelung.pdf, accessed Nov. 28, 2011.

  56. 56.

    On a European level, a comparable notion was also made by the Task Force Smart Grids – Expert Group 2, “Essential Regulatory Requirements and Recommendations for Data Handling, Data Safety, and Consumer Protection,” p. 42, stating that the purpose of billing and payment only requires “summed up usage”.

  57. 57.

    In fact, the calculation model for the network fee does in Germany depend on the measurement method being employed. The mentioned calculation that is also based on the maximum load applies to customers measured by “load profile measurement”. The amended energy law, in turn, authorizes the federal network agency to specify a specific measurement method for smart meters “as a special form of load profile measurement” (§21i, 1, no. 7 EnWG). In this case, the calculation of network fees would consequently have to be realized under the model that incorporates the maximum load.

  58. 58.

    See § 21e, 3 EnWG: “Die an der Datenübermittlung beteiligten Stellen haben dem jeweiligen Stand der Technik entsprechende Maßnahmen zur Sicherstellung von Datenschutz und Datensicherheit zu treffen […].”

  59. 59.

    The expectable argument that an exhaustive identification of all relevant use cases would be impossible as a matter of principle might again be justified with regard to internet communication. Within the highly regulated energy sector, this is not the case. The relevant market processes are, again as a matter of principle, necessarily well-defined because this is an essential precondition for a competitively functioning, liberalized and unbundled market characterized by natural network monopolies. Use-cases beyond the core energy market, in turn, can very well be generalized to a controlled provision of different data views to external parties.

  60. 60.

    The concept of “hippocratic databases” could prove highly valuable here. See Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu, “Hippocratic Databases,” Proc. of the 28th VLDB Conference, Hong Kong, China, 2002, pp. 143–154.

  61. 61.

    See Oliver Raabe et al., “Harmonisierung konträrer Kommunikationsmodelle im Datenschutzkonzept des EnWG.” Furthermore, the approach outlined here would also allow to reduce the necessary complexity of the devices being installed at the consumers’ sites as compared to the highly complex smart meter gateways now prescribed in Germany – in the light of the massive number of relevant households, this aspect should not be underestimated.

  62. 62.

    See, for instance, Miriam Pfändler, “Smart Meter und Smart Grid”(paper presented at the Summer Academy of the Independent Center for Data Protection Schleswig Holstein, 2011, p. 5) http://www.datenschutzzentrum.de/sommerakademie/2011/sak2011-ib8-Smart-Meter-und-Smart-Grid-skript.pdf, accessed Nov 28, 2011.

References

Download references

Author information

Authors and Affiliations

  1. Center for Applied Legal Studies, Karlsruhe Institute of Technology, Karlsruhe, Germany

    Frank Pallas

  2. Computers and Society, Technical University of Berlin, Berlin, Germany

    Frank Pallas

Authors
  1. Frank Pallas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Frank Pallas .

Editor information

Editors and Affiliations

  1. Pleinlaan 2, Brussel, 1050, Belgium

    Serge Gutwirth

  2. , TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands

    Ronald Leenes

  3. , LSTS, Vrije Universiteit Brussel, Avenue de la Plaine 2, Brussels, 1050, Belgium

    Paul de Hert

  4. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Pallas, F. (2013). Beyond Gut Level – Some Critical Remarks on the German Privacy Approach to Smart Metering. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds) European Data Protection: Coming of Age. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5170-5_14

Download citation

Publish with us

Policies and ethics

Search

Navigation