Tighter controls over smart meter data collection are needed to prevent snooping on the public, an EU watchdog has warned.
The European Data Protection Supervisor (EDPS) said, while the devices would help reduce the carbon footprint in people's homes, the data collected and sent back to companies could also be used to "infer information about domestic activities".
The watchdog brought up the matter in response to the European Commission's plans to rollout smart meters across the continent by the end of the decade.
If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks.
It said the move would "enable massive collection of personal data which can track what members of a household do within the privacy of their own homes...if someone uses a specific medical device or a baby monitor, how they like to spend their free time and so on."
These patterns and profiles could be used for many other purposes, including marketing, advertising and price discrimination by third parties, it claimed.
Giovanni Buttarelli, assistant EDP supervisor, said legislation was necessary at EU level to ensure adequate protection of personal data for the rollout of smart metering systems.
"Some of these recommendations can already be implemented via an amendment to the Energy Efficiency Directive, which is currently before the Council and Parliament," he said.
"These should at least include a mandatory requirement for controllers to conduct a data protection impact assessment and an obligation to notify personal data breaches."
The watchdog also called for more guidance on the legal basis of the processing and the choices available to data subjects.
It also said there should be "direct access to consumers to their energy usage data, as well as disclosure to them of their individual profiles and the logic of any algorithms used for data mining and information on remote on/off functionality."
David Mahdi, global product marketing manager at identity management firm Entrust, said the watchdog's warning highlighted the need for the transfer of sensitive data to be protected at all times.
"If this data were to fall into the wrong hands, whether by accident or with malicious intent, consumers can be exposed to any number of risks," he said.
"In the hands of a professional criminal, this could be used to find out the movements of the occupant, when they are in or out of the house, and even when they are asleep, therefore posing a real risk to their personal safety."
Mahdi added that, while smart meters offered real advantages, they are, in essence, a critical infrastructure and need to be built with the most robust security and data protection in mind.
"Effective authentication and authorisation must be at the heart of smart meter rollouts," he added.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunityNews Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directiveNews The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member statesNews The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices
-
The EU's 'long-arm' regulatory approach could create frosty US environment for European tech firmsAnalysis US tech firms are throwing their toys out of the pram over the EU’s Digital Markets Act, but will this come back to bite European companies?
-
EU AI Act risks collapse if consensus not reached, experts warn
Analysis Industry stakeholders have warned the EU AI Act could stifle innovation ahead of a crunch decision
-
Three quarters of UK firms unprepared for NIS2 regulations, study findsNews Senior management can be held personally liable for non-compliance under NIS2 rules
-
US-UK data bridge: Everything you need to knowNews The US-UK data bridge will ease the complexity of transatlantic data transfers
