In a sign of increased Canadian regulator sensitivity to privacy issues, Ontario’s energy overseer has told the agency that operates the provincial electric system to tighten its plans to sell data pulled from home and business smart meters.
The Ontario Energy Board made the ruling last week, telling the Independent Electricity System Operator (IESO) it isn’t persuaded there is enough information to conclude a proposed plan for selling some data is in the public interest.
“There are benefits to making the data available to third parties,” the board said, such as helping to make new innovative products and services. But, it added, “there are also risks” that anonymized customer electricity use information it wants to sell could be massaged to identify specific homes and businesses.
As a result it told the IESO that “more work needs to be done,” and that the agency needs to “proceed cautiously” on plans to sell data on narrow geographies that could be de-identified.
In particular, the agency needs to consult the public more, the board said, because it isn’t even clear consumers want the IESO to sell meter data.
“The OEB’s overarching concern is to ensure that consumers are well informed concerning the data collection process and are protected from any disclosure that enables access to their personally identifiable data obtained from their meter.” the ruling says.
However, the agency can at least start to offer general location data free of charge.
In an interview Toronto privacy lawyer Barry Sookman noted governments and regulators are more sensitive to privacy than ever, which may be why the OEB wants to be cautious.
“This is an area where the [federal] government is studying very carefully. There’s the [proposed Liberal] Digital Charter … where they are looking at a number of issues, including data anonymization because the law is currently murky in Canada about the ability under fed privacy law to take data collected for one purpose, de-identify it and use it without consent from the person it was collected from.
“There isn’t clear guidance and what’s right and wrong right now. It’s something that’s evolving.”
He also added that there can be good reasons for a public organization to make data it collects available to the public if it can be anonymized in ways that preserve privacy.
Sookman didn’t mention it but Ontario is also looking into creating a digital strategy.
Former Ontario privacy commissioner and now privacy consultant Ann Cavoukian said in an interview that the OEB didn’t go far enough. “I would have preferred a stronger decision and greater direction — I want them to say to the Operator, ‘You have to strengthen the methodology associated with the de-identification you’re planning.'”
The issue of the use of smart meter data came up when she was privacy commissioner, and Cavoukian says she got an assurance from then-Premier Dalton McGinty that data couldn’t identify a household and would only be used by utilities delivering service. Her office then published guidance that this data could only be used for the purpose for which it had been collected.
As a result of the government’s commitment she strongly opposes the IESO’s plan to sell data linked to postal districts (see below) unless there are stringent de-identification processes, Cavoukian said.
“There have been a number of instances (around the world) where de-identified data has been re-identified. What I would demand of them, if this goes through, is they have to use that absolute strongest form of de-identification combined with the risk of re-identification protocols.”
Such protocols have been created by University of Ottawa professor Kahled El Emam, she pointed out
Coincidentally, the OEM decision came just before Waterfront Toronto — representing the federal, provincial and city governments — turned down Sidewalk Labs’ proposal to collect what it calls “urban data” in a smart community on Toronto’s lakefront. The obligation and ability to de-identify data collected at source have been controversial issues. Plans for the community have yet to be finalized. Waterfront Toronto is now evaluating Sidewalk Labs’ master plan development plan for the community, and while it won’t include urban data or a data trust does include a proposal to collect information from devices such as street sensors.
The IESO manages the data repository for around-the-clock energy consumption information scooped up by four million smart meters connected to homes and businesses across the province. As part of its mandate, the agency is obliged to offer third parties access to that data, which includes postal codes and the rates charged.
Last year the IESO asked the regulator to approve a data access plan with three levels:
- Public Offerings; which would be monthly, seasonal, or quarterly consumption data arranged by a general postal district (meaning the first digit of a postal code, perhaps covering dozens of blocks) available for free on a public web site.
- Standard Private Offerings; which would be narrower data, graphs or maps chosen by the IESO and sold at “market rates.” These might include hourly or daily consumption data – but the data could cover precise postal codes, meaning down to particular blocks. Buyers would have to sign a data use agreement.
- Custom Private Offerings; which would be customized datasets asked for and sold to buyers. Buyers would also have to sign a data use agreement.
The IESO emphasized the data it would make available to third parties won’t be personal information. Any data will be de-identified. It promised the regulator it would work with a privacy consultant, abide by the Information and Privacy Commissioner of Ontario’s guidelines for de-identification, and establish an ethics review committee to evaluate any requests for data that raise ethical concerns.
Still, the regulator noted, the IESO “acknowledged that the risk of re-identification is not zero.”
Energy board staff supported the IESO plan, but it was opposed by the Consumers Council of Canada and the Vulnerable Energy Consumers Coalition, which represents a number of groups on energy issues.
Both argued it is nearly impossible to delink the data from its addresses source and to guarantee that re-identification won’t happen. Most people, they added, don’t realize the data could be used for marketing products.
More importantly, they argued consumers and businesses should have to specifically consent that their data be made publicly available.
Both consumer groups and the Building Owners and Managers Association noted that the IESO wanted to sell data with postal codes as narrow as three addresses, which could make it easy to identify users.
Hydro One Networks, the biggest provincial power distributor, also weighed in, worrying that data could “inadvertently” be used to shame some communities that use a lot of power.
(This story has been updated to include comments from Ann Cavoukian)