“Smart” solutions are the answer of energy supply companies to the digital transformation. Smart meter and smart grid hold huge potentials for energy supply companies and consumers. The most important requirement for using the potentials is an approach in compliance with data protection law. If the Ferraris meter is still installed in the basement at present, the modern measurement device or the smart measurement system will soon determine the consumption of individual households. If a smart measurement system is used, the measurement data of the customer will be made available by the meter operator via a secured data connection to the authorized agents in an encrypted manner. The meters no longer communicate directly, but rather by Smart Meter Gateway (SMGW) This gateway constitutes the communication unit which can integrate one or more technical devices (smart meter, generating units) into a communication network and has functionalities for recording, processing and sending data. The following figure (1) illustrates the fundamental importance as a communication interface of the Smart Meter Gateway.
Figure 1: The retrieval of the measurement data takes place via a secure means predefined by the Federal Office for Information Security. (Source: Technical Guideline BSI TR-03109-1, page 14)
The customer’s previous annual consumption determines whether they receive a smart measurement system or simply a modern measurement device in exchange for the Ferraris meter. If the annual consumption is under 6000 kWh per annum, only a modern measurement device is generally installed. All other customer segments receive a smart measurement system. The following figure (2) shows in what time frame which customers segments are affected by the legally-binding mandatory fitting:
Figure 2: The mandatory fitting of the smart measurement system applies for many customer groups (Source: www.bmwi.de)
Smart energy supply
New technology gives both the customer and the energy supplier many new and interesting possibilities. For example, the energy supplier can offer variable tariffs in the future, depending on the perspective, even depending on the customer or the day. The customer receives transparency regarding their own consumption pattern by using apps or customer displays. They therefore have the possibility to optimize it. For the provider, this in turn means: An accurate “image” regarding the current consumption pattern of the individual customer is required in order to make the needs-based energy tariffs available individually. They receive the basis of the data via the smart measurement system which communicates the current consumption pattern in readouts every 15 minutes (meter status rate measurement). The installation of smart measurement systems is also the first step in the direction of a smart grid. In a smart grid, installed network components such as for example substations, charging stations or even storage farms are communicatively linked and most importantly intelligently linked to each other (IoT)and thus allow controllability over the network management.
Framework for energy supply companies under data protection law
If all the information recorded at the smart meter is compiled, conclusions can be drawn regarding requirements, living situation and behavior of the connection user. If one connection user consumes notably more energy compared to another connection user for a similar daily routine, this could indicate, for example, that the respective connection user uses outdated household appliances. This information could be used for advertising energy-efficient household appliances. It can be seen from this situation alone how closely connected the potentials of smart tools are with questions of data protection. For what purposes are the data of the connection user used? How is data security ensured to protect against data misuse or hacks? The legislature has passed special regulations to this end in order to ensure data protection and data security with regard to the operation and the use of smart measurement systems. In particular the “Law for the digitalization of the energy revolution” (abbreviated to GDEW) passed in 2016 contains “technical specifications for ensuring data protection and data security when using smart meter gateways” in Section 3. “Minimum requirements for smart measurement systems” thus emerge in particular from Section 21 GDEW. The permissible purposes of data processing are for example explained there as well as the requirements for a secure communication network. Section 22 also refers to the protection profiles of the Federal Office for Information Security (BSI). The following protection profiles are considered relevant in this regard:
Protection profile for the communication unit of a smart measurement system for material and energy quantities
Protection profile for the security module of the communication unit of a smart measurement system for material and energy quantities
Further requirements for data protection issued by the BSI are available on the BSI site. It is not only energy suppliers, but also consumers who ask questions regarding data protection. From their perspective, it is particularly interesting whether the BSI specifications are binding and whether they ensure effective protection of individual data? Where are the consumer data sent and who use these data and for what purposes?
Dealing with consumers, who would like to continue to live analogically is also completely unclear. The connection user will be informed in a letter regarding the change of meter, but they cannot refuse this.
There is no way around an approach in compliance with data protection law
Smart energy solutions based on smart measurement systems effectively link energy generation and consumption. They offer a high level of comfort and added value to the consumer and the energy supply company. They can increase sustainability, both economic and ecological, in society if everyone can have energy capacities made available in accordance with their needs, or makes them available themselves. When designing the smart solutions in compliance with data protection law, the need for information is, however, still certainly there. Since even if providers already take into account aspects of data security, this is still not transparent for the consumer.