Innovative home energy management: a compliance package for smart meters
The « smart meters and personal data » working group created by the CNIL and the FIEEC has defined three « invention scenarios » which form part of a compliance package on smart meters.
In October 2012, the CNIL created the “smart meter and personal data” working group in partnership with the the Federation of Electrical, Electronic and Communication Industries (FIEEC). Such working group was created to publish guidelines on the requirements for collecting and processing personal data relating to energy consumption through devices installed by users outside the meter infrastructure, i.e., "downstream electric meters" (e.g. directly on the circuit breaker panel or via an outlet on the meter for collecting accurate energy consumption data).
Elaborated in close cooperation with stakeholders, the purpose of such compliance package is to promote, in an operational, practical and comprehensible way, the principles, rights and obligations set out in the French Data Protection Act, notably in view of promoting privacy by design as an essential component of privacy protection.
To this end, the compliance package on smart meters identifies three case scenarios relating to the processing of energy consumption data collected through devices or software installed outside the meter infrastructure, i.e., "downstream electric meters" (e.g. directly on the circuit breaker panel or via an outlet on the meter for collecting accurate energy consumption data):
- Scenario 1 « IN ==> IN »: management of data collected in the home without communication to the outside;
- Scenario 2 « IN ==> OUT »: management of data collected in the home and transmitted outside;
- Scenario 3 « IN ==> OUT ==> IN »: management of data collected in the home and transmitted outside to allow the remote control of certain appliances within the home.
These guidelines specify for each type of processing: the intended purposes of the processing, the categories of data collected, the retention period of such data, the rights of data subjects, the security measures to be implemented, and the recipients of the information.
They were designed to be promoted at the European level both by the CNIL, through the Article 29 Working Party, and the FIEEC in order to enable stakeholders to position themselves on a European if not global market, making data protection a factor of competitiveness.
These guidelines are representative of the understanding, at this point in time, of the technologies and associated practices. It is therefore important to underline their flexible and progressive nature.