EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52012XX1101(06)
Executive summary of the Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems
Executive summary of the Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems
Executive summary of the Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems
OJ C 335, 1.11.2012, p. 13–15
(BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
1.11.2012 |
EN |
Official Journal of the European Union |
C 335/13 |
Executive summary of the Opinion of the European Data Protection Supervisor on the Commission Recommendation on preparations for the roll-out of smart metering systems
(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)
2012/C 335/08
1. Introduction
1.1. Consultation of the EDPS
1. |
On 9 March 2012, the Commission adopted a Recommendation on preparations for the roll-out of smart metering systems (1) (‘the Recommendation’). The Recommendation was sent to the EDPS for consultation on 19 March 2012. |
2. |
Before the adoption of the Recommendation, the EDPS was given the opportunity to provide informal comments. Some of these comments have been taken into account in the Recommendation. As a result, the data protections safeguards in the Recommendation have been strengthened. |
3. |
The EDPS welcomes the fact that the Commission also consulted him formally and that this Opinion is referred to in the preamble of the Recommendation. |
1.2. Objectives and background of the Recommendation
4. |
The objective of the Recommendation is to give guidance to Member States on preparation for the roll-out of smart metering systems (2) in Europe. The roll-out is foreseen by 2020 for both the electricity and the gas markets and is subject to an economic assessment of costs and benefits. This assessment is to be carried out by each Member State by 3 September 2012 (3). |
5. |
A significant part of the Recommendation (Section I) is dedicated to data protection. Importantly, the Recommendation calls for the preparation of a template for a data protection impact assessment (4) (‘the Template’) and its submission to the Article 29 Data Protection Working Party (‘the WP29’) for advice within 12 months of the publication of the Recommendation (5). |
6. |
The first draft of the Template is currently under preparation by Expert Group 2 of the Commission's Task Force on Smart Grids. The Task Force has been established by the Commission prior to the adoption of the Recommendation, to give advice on smart grid issues. One of the subgroups of the Task Force, Expert Group 2, focuses on security and data protection aspects. The group comprises mainly industry representatives (with some representation of civil society and consumer groups) (6). |
7. |
The Commission pursues a ‘soft law’ approach combining (i) a Commission Recommendation covering data protection among other issues and (ii) further guidance to Member States in the form of a template for a data protection impact assessment, which is to be applied voluntarily by industry participants. The approach is based on the experience gained from the development and revision, following WP29 comments, of the ‘Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications’ (7). However, the Commission has not excluded the need for legislative action at national and/or at the European level (8). |
1.3. Objectives, main messages and structure of the EDPS Opinion
8. |
While this EDPS Opinion is adopted in response to the Commission Recommendation, it is not strictly limited to the content of this Recommendation, as there are important data protection aspects of the roll-out of smart metering which are not fully addressed in the Recommendation itself. The EDPS also recalls in this context his formal comments on the Energy Efficiency Proposal (9). |
9. |
The EDPS Opinion has three main objectives and messages:
|
10. |
In light of these objectives, the Opinion is structured as follows:
|
6. Conclusions
68. |
The Europe-wide roll-out of smart metering systems may bring significant benefits, but also entails considerable risks to the protection of personal data. It enables massive collection of personal data from European households and may lead to tracking what members of a household do within the privacy of their own homes. In light of these risks, the EDPS welcomes the Commission's efforts made in the Recommendation to provide guidance to Member States on the measures that should be taken in order to ensure that smart metering and smart grid systems are designed and operated subject to adequate data protection safeguards. |
69. |
The EDPS appreciates the efforts of the Commission to make use of newly proposed concepts such as data protection by design and practical tools such as data protection impact assessments and security breach notifications. The EDPS, in particular, supports the Commission's plan to prepare a Template for data protection impact assessment and submit it to the WP29 for advice. |
70. |
The EDPS regrets that the Recommendation has not provided more specific and more practical guidance on data protection. However, he considers that some guidance can still be given in Template currently under preparation. Therefore, the Opinion provides recommendations on the Template and emphasizes that the Template must offer specific and practical guidance: a collection of best practice and ‘best available techniques’. It is also crucial for the Template to follow a sound methodology and, among others, clearly match each risk with an adequate control. |
71. |
In addition, the Opinion calls on the Commission to assess whether further legislative action is necessary at the EU level and provides recommendations for such possible legislative action. Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament. These should include at least a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches (Section 4.7). |
72. |
Further, the EDPS also recommends:
|
Done at Brussels, 8 June 2012.
Giovanni BUTTARELLI
Assistant European Data Protection Supervisor
(1) C(2012) 1342 final.
(2) For a brief introduction to smart meters and smart grids, please see Section 2.1 below.
(3) The roll-out and the cost-benefit analysis are required under (i) Directive 2009/72/EC concerning common rules for the internal market in electricity and repealing Directive 2003/54/EC (OJ L 211, 14.8.2009, p. 55), and (ii) Directive 2009/73/EC concerning common rules for the internal market in natural gas (OJ L 211, 14.8.2009, p. 94). The Commission proposal for a directive on energy efficiency (COM(2011) 370 final) (‘Energy Efficiency Proposal’), currently before the legislators, includes additional provisions on smart metering.
(4) With regard to data protection impact assessments, it is to be noted that the Commission proposal for a revised general data protection framework plans to make data protection impact assessments mandatory in some situations and provide further guidance on how such an impact assessment should be carried out. See Article 33 of the Commission proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (COM(2012) 11 final). See also paragraphs 200-205 of the EDPS Opinion of 7 March 2012 on the data protection reform package, available at: http://www.edps.europa.eu/EDPSWEB/edps/Consultation/Reform_package;jsessionid=46ACCFDB9005EB950DF9C7D58BDE5377
(5) See: paragraph 5 of the Recommendation.
(6) More information on the work of the Task Force and of Expert Group 2 is available on the website of the Task Force at: http://ec.europa.eu/energy/gas_electricity/smartgrids/taskforce_en.htm
(7) See: http://ec.europa.eu/information_society/policy/rfid/documents/infso-2011-00068.pdf and http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf
(8) It is noted that at the present stage no evaluation of the effectiveness of this soft law approach for the field of RFID has been provided, nor is there any generally available information indicating effectiveness of the approach.
(9) EDPS Letter of 27 October 2011 to Mr Günther H. Oettinger, Commissioner for Energy on a proposal for a directive of the European Parliament and of the Council on energy efficiency and repealing Directives 2004/8/EC and 2006/32/EC, available at: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2011/11-10-27_Letter_Oettinger_EN.pdf