Here at re.alto, we talk a lot about data. It is a key enabler of digitalisation, a cornerstone of innovation born out of collaboration and connectivity. But within energy, there are challenges around data that are putting the brakes on the industry’s sprint to digital transformation. Beyond the initial difficulties that surround integration, there is a further complication that needs to be addressed – user consent management.
There are two distinct types of data found within the energy value chain: systems or operational data, and personal customer data, such as that generated by smart meters. The more data collected and processed, the more prominent consent management becomes. Although extraordinarily complex, it can roughly be broken down into two areas: ethics (trust, privacy and the like) and technology (the shortcomings in the technical efficiency of many compliance processes currently available). In this feature, we’ll look at examples of both and how they’re inextricably intertwined in energy.
Smart meter data: the ethics of consent and compliance
GDPR legislation came into force across the EU in May 2018 and overhauled the entire process of data collection and use. Importantly, it placed the ethical burden of responsibility on the company collecting the data, and, unlike previous regulations, encompasses both B2B and B2C information. The highest profile B2C data/GDPR example within energy is that generated by smart meters. Smart meters provide near real-time information on energy consumption, bringing a wealth of potential benefits to consumer, utility and network owner alike. Unlike many B2B cases, smart meter data ownership is generally clear-cut; ethically, the data belongs to the homeowner and, once you’ve overcome the fears around privacy and security, the homeowner’s consent is legally required under GDPR for their supplier to take and use their readings.
So, a signature for compliance sounds simple enough, but is only really so when the numbers are small. Running a smart meter pilot with 100 households, for example, requires GDPR consent from each participant but at worst, just requires the pilot owner to go door-to-door to obtain that homeowner signature. An administrative burden, yes, but not a huge issue. The complexity increases exponentially however when this pilot is scaled to a national or international level, the data is now aggregated at volume and often stored in multiple databases and, according to GDPR, any individual data owner has the right to withdraw consent at any time.
What’s more, consider this added layer of complexity: some data owners may be willing to share some, but not all, of their data due to privacy concerns. The homeowner, for example, who wants to benchmark his solar panel production on his roof to check if the installation needs maintenance but is unwilling to share all the data with the solar company because it includes his real-time energy consumption and offers a glaring window into his life. Individual consent verification at this level becomes entirely implausible. Instead, what’s now needed is an easy-to-use technical solution which garners the same level of consumer trust and adheres to all regulatory privacy and transparency requirements at massive data volume but at significantly less effort (and cost) from the stakeholders involved. The question of ethical consent and the technical barriers for compliance are now two sides of the same data management coin.
The technical barriers to consent compliance
Make no mistake, the technical barriers here in our industry are many. Within such an immature data market as energy, there is very little data standardisation and no real industry-wide data communications protocols which adhere to the strict consent compliance rules when it comes to sharing. Energy data is traditionally far more siloed than in other industries as data owners are extremely protective and unwilling to share, fearing the data is too valuable and will jeopardise their own commercial competitive advantage if put in the hands of another party.
We see this issue more prominently in the B2B sector. A useful example is that of the operational data generated by the turbines on an onshore wind farm. Firstly, in B2B, the question of ownership isn’t always as clear cut as we’ve previously seen. Who owns this operational data: the windfarm owner? The turbine OEM? Secondly, the owner, whomever that may be, is unlikely to want to share all of what he considers to be proprietary data, the corporate parallel of that smart meter homeowner reluctant to share his own energy consumption for fear of privacy breaches. The result though is a very fragmented energy data landscape – today for example the biggest European data hubs consume less than 10% of the market data (wind, solar, smart meter, EV battery, industrial load etc) – with below par operational value and efficiency. The industry as a whole loses out, and in the case of B2C companies, the end-user sees absolutely no benefit from sharing his or her data in the first place.
The emerging technological consent management solutions
Solving these data consent management challenges that exist in a range of use cases across the energy sector, from residential to industrial, is difficult but as with most things, the solution lies in technological innovation. Promisingly, we are starting to see the emergence of such effective platforms and an acknowledgement that change in needed at sector-wide policy level.
For renewables, industry association WindEurope last year launched a digitalisation taskforce, addressing such topics as the standardisation of data exchanges in data marketplaces and cybersecurity. For smart meters, Estonian TSO Elering established a pan-European pilot scheme earlier this year to find smart solutions for compliant meter data sharing, aligned to their consent management platform, Estfeed, which monitors and grants third party access to user information in a fully GDPR-compliant process through its e-Elering portal.
These successful consent management platforms have the means to integrate multiple systems and databases, manage consent status, comply with robust regulatory requirements and enable straightforward interaction (largely via APIs) between the players in a complex stakeholder ecosystem. After all, there is very little point in a utility obtaining reams of smart meter data and the consent to use it, and not being able to exploit it because are unable to interact with an external third party who can link that data into a personalised CRM programme for customers. The technical and privacy-related complexities surrounding consent are not going to go away anytime soon, but it’s encouraging to see different parts of the sector being more proactive in this space and in some cases, creating solutions.
If you’d like to find out more about the data consent management solutions that re.alto is involved in and is able to offer, take a look at our use cases.