Teresa Scassa - Blog

Tuesday, 05 November 2019 06:54

Plans to sell smart meter data nixed over privacy and consultation concerns

Written by  Teresa Scassa
Rate this item
(2 votes)

The Ontario Energy Board (OEB) has just released a decision that should be of interest to those concerned about data governance for data sharing. The decision relates to an application by Ontario’s Smart Metering Entity (SME) for a licence to begin sharing Ontario’s smart metering data with third parties. The SME was established in Ontario as part of the governance structure for the data collected through government-mandated smart metering for all electricity consumers in the province.

Smart meters in Ontario collect fine-grained electrical consumption data. There are clear privacy interests in this consumption data as a person’s patterns of electrical consumption can reveal much about their activities, habits and preferences. In theory, fine-grained, aggregate, deidentified electrical consumption data can be useful for a broad range of purposes, including feeding the ever-hungry data economy. The SME was charged with governing this data resource in a way that would meet the needs of third parties (researchers, governments, and the private sector) to have access to the data while respecting consumer privacy. In 2019, Merlynda Vilain and I published a paper about the SME and its mandate to govern smart metering data in the public interest.

In its October 24, 2019 decision, the OEB considers an application by the SME seeking approval for its plan to provide access to smart metering data. The SME’s plan is built around three categories of data. The first, labelled “public offers”, consists of “highly aggregated products” ”such as monthly, seasonal or quarterly consumption data aggregated by postal district (i.e. the first digit of the postal code).” (OEB Order, p. 8) This data would be provided free of charge, and subject to unspecified terms and conditions.

The second category of data is “standard private offerings”. This consists of “pre-designed extracts based on popular data requests”. The examples provided include “Hourly or daily consumption data aggregated by 6, 5, 4 or 3 digit Postal Code at the municipal level, specifying the Distributor Rate Class and Commodity Rate Class”, as well as different types of visualizations. This category of data would be made available subject to a Data Use Agreement and at “market prices”.

The third category of data is “custom private offerings”, which are data sets customized to meet the demands of specific clients. These data sets would be subject to a Data Use Agreement and sold at “market price”.

Market price, is, of course, different from a fee for cost recovery. The SME in its application indicated that not only would the fees charged cover the costs of producing the data sets, any profits from the sale of smart metering data would be put towards lowering the Smart Metering Charge. In other words, the sale of data could potentially result in lower energy costs. This is an example of a plan to sell aggregate consumer data with a view to benefitting the class as a whole, although the extent of any benefits is difficult to assess without more information about market pricing and about the privacy risks and implications of the shared data. On the privacy issues, the SME maintained that shared data would be de-identified, although it acknowledged that there was some (unspecified) reidentification risk. It argued that factors mitigating against reidentification would include its work with a privacy consultant, compliance with guidance from the Office of the Information and Privacy Commissioner, the use of Data Use Agreements to limit the actions of the party acquiring the data, and the establishment of an Ethics Review Committee.

Those involved in data governance for data sharing will see how the SME’s proposal features some of the key elements and challenges in the data-sharing context. There is a perceived demand for high-value data, an attempt to meet that demand, privacy issues arising because the data is generated by individual activities and consumption, and a need to think about the terms and conditions of sharing, including cost/price. In this case, the data governance entity is a public body that must act under terms set by the regulator (the OEB), and it requires OEB approval of any data sharing plan. In this case, the OEB heard from the SME as well as a number of interveners, including the Building Owners and Managers Association, the Consumers Council of Canada, the Electricity Distributors Association, Ontario Power Generation Inc., and the Vulnerable Energy Consumers Coalition.

The decision of the OEB is interesting for a number of reasons. First, the approach taken is a precautionary one – the OEB sends the SME back to the drawing board over concerns about privacy and about the pricing scheme. In doing so, it appears to have paid some attention to the sometimes heated data governance discussions that have been taking place in Canada.

The OEB began by noting that none of the interveners objected to the first part of the SME plan – to make its “public offerings” category of data available to the public free of charge. In fact, this was the only part of the plan that received OEB approval. The OEB noted that “As these products would comprise highly aggregated data, they do not raise the same concerns about privacy as more tailored products.” It also concluded that the costs associated with preparing and sharing this data were part of the SME’s normal operations.

More problematic were the other categories of data for which sharing was planned. The OEB accepted that customers have a reasonable expectation of privacy “albeit a “significantly attenuated” one” (at p. 13) in their energy consumption data. The Board also noted that for some commercial customers, the consumption data might be confidential commercial information. The OEB observed that in spite of the fact that the plan was to de-identify the data, there remained some reidentification risk. It stated that “in light of the concerns expressed by stakeholders in this proceeding, the SME should proceed cautiously with third party access”. (at 13-14) The OEB considered that consumers needed to be well-informed about the collection and sharing of their data, and that while the SME has attempted to consult on these issues, “a more comprehensive consumer engagement process should take place.” (at 14) The OEB noted that “it is not clear form the evidence that consumers support the notion that consumption data (even if de-identified) should be offered for sale to third parties.” (at 14)

This approach reflects a shift in position on the part of the OEB. Past discussions of data sharing have regarded this data primarily as a public asset that should be put to use in the public interest. In the case of third party data sharing, this public interest was largely in the stimulation of the economy and innovation. What is different in this OEB Order is a much greater recognition of the importance of individual and collective consent. In its directions to the SME, the OEB asks for more detail from the SME’s consultation with consumers, the need to propose “a protocol for receiving and dealing with consumer complaints regarding the release of the data” (at 14), a plan for informing consumers about the release of deidentified information to third parties, and a need to obtain approval “of the basic terms of any Data Use Agreement with third parties.” (at 14).

In addition to these concerns about privacy and consultation, the OEB expressed reservations about the SME’s plans to share data at ‘market prices’. Some of the interveners noted that the SME held a monopoly position with respect to smart metering data, and there was therefore no market price for such data. The OEB called for the SME to develop a marketing plan that “should address pricing to ensure reasonably priced access by commercial and non-commercial users.” (at 14)

This decision is important and interesting for a number of reasons. First, it reflects a cautious, go-slow, precautionary approach to data sharing that might not have existed before Ontarians lost their data innocence in the debates over plans for Sidewalk Toronto. The OEB’s concerns include reidentification risk, proper consultation, accountability, and the terms and conditions for data sharing. The need to adequately and appropriately consult those individuals whose data is to be shared is an important theme in this decision. Although the SME claims to have made efforts to include consumer perspectives, the OEB is not satisfied that these efforts went far enough.

The decision also lands in the middle of the Ontario government’s data strategy consultation (which I have written about here, here and here). The consultation process – which lacks detail and is moving far too quickly – is clearly geared towards increasing data sharing and leveraging data for economic development and innovation, all while maintaining public ‘trust and confidence’. The Ontario government clearly wants to make some quick changes. Yet what this OEB decision reflects is a need to adopt a precautionary approach and to ensure adequate consultation and public awareness. As frameworks, models and templates are developed, things can being to move more quickly – but there is real value in getting things right from the outset.

Login to post comments

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law