California Lays Out Smart Meter Privacy Rules

How should utilities protect their customers’ energy data, while at the same time letting the tech world access that data to find new ways to save energy and help the grid? On Friday, the California Public Utilities Commission (CPUC) came out with a long-awaited proposed ruling (PDF) on the subject that would impose privacy rules on home devices that use smart meter data and are “locked” into one company’s platform or technology (think how cell phones are locked into a carrier), but leave customer-owned data sources outside of its authority.

Simply put, CPUC’s proposed ruling would require the state’s big three utilities — Pacific Gas & Electric, Southern California Edison and San Diego Gas & Electric — to impose tariffs on third parties that want to get at utility customer energy data. It would also require the utilities to add conditions to those tariffs that impose CPUC’s privacy guidelines on the third parties that sign up for them.

That authority, however, would apply specifically to so-called “locked devices” — any system that’s limited to a single provider’s network or technology. The ruling also singles out systems that keep collecting and using data without any active role on the customers’ part, once the customer has given permission to access it.

Companies that run services that fit this bill will have to enroll in the utilities’ tariff programs, CPUC’s ruling states, and the CPUC has given the state’s three big utilities six months to come up with their tariff plans. I’m curious to hear how the smart grid companies that have argued against the commission having authority to tell them what to do will react to that.

Home energy devices that aren’t “locked” and don’t automatically transfer information to a third party fall under a different category. CPUC puts the onus on utilities in that case, saying they’ll have to provide customers with such systems “information concerning the potential uses and abuses of usage data should the customer forward or otherwise provide the data to another entity” — for example, if they switch from one services provider to another.

CPUC’s proposed ruling comes after years of discussion and argument about just how smart meter data should be managed. Because of California’s position as a market trend-setter and early-adopter of smart meters, it could help set guides for how other state commissions and federal regulators approach the subject.

Don’t expect the new ruling to end the arguments between privacy advocates and the startups, telcos and IT giants that want to use that data to deliver in-home energy services, however. That’s because some of the ruling’s new suggestions are likely to displease both sides on the issue — one of them being the idea that tariffs can give the CPUC the right to tell third parties what to do.

Early moves to link customers to their smart meter data via third parties haven’t yet had to face this issue. San Diego Gas & Electric, for one, has given about 11,000 smart meter-enabled customers next-day smart meter data via PowerMeter, Google home energy platform. All of those customers using Google’s platform have actively authorized the company to handle their data, and Google has pledged to keep it private and erase it as soon as the customer asks it to.

But privacy advocates, such as the Electronic Frontier Foundation and the Center for Democracy and Technology (PDF), have asked the CPUC to force third parties like Google and others to follow more stringent privacy rules. Those rules, in some cases, go beyond those set by authorities like the Federal Trade Commission or state privacy laws, like California’s SB1746.

Indeed, companies from Verizon (s VZ) and AT&T (s T) (PDF) on the telecom side to Tendril, Control4 and EnerNOC (s ENOC) (PDF) on the smart grid industry side have filed briefs with the commission saying that it lacks the legal authority to tell them what to do. The idea is that the CPUC is a utility commission — not a Verizon, AT&T, Tendril, Control4 or EnerNOC commission.

CPUC doesn’t lay claim to authority over data from devices that lie within customers’ homes and are owned directly by them, by the way, because they don’t depend on utility data. That’s an important subset in the field of home energy management, including everything from energy-specific devices like The Energy Detective and the PowerCost Monitor, home security-plus-energy monitoring systems like iControl and AlertMe, or home broadband and automation systems from telcos like Verizon and AT&T.

Still, with the cost of home-installed energy devices still in the multiple hundreds of dollars, many companies tackling the home energy space are looking to work with smart meter data that’s already been collected by the utility. That should lower the costs of installing in-home energy systems, and thus make them more affordable and more popular.

What about when the smart meter data is considered to belong to the customer, rather than the utility? Indeed, the CPUC has asked the state’s big three utilities to come up with plans to give their customers data available from smart meters in the coming years, and Friday’s ruling set a six-month deadline for all three to come up with pilot projects to test it out.

Home energy management companies argue that the CPUC can’t legally stop those customers from freely sharing their own data — after all, the CPUC doesn’t have authority over homeowners, any more than it has authority over Google. Once again, there’s room for confusion and argument here.

Image courtesy of Christian Haugen via Creative Commons license.