Smart meters could be used to build extensive profiles of the households using them, Europe's privacy regulator has warned.
The European Data Protection Supervisor (EDPS) said in a statement on Monday that, while smart meters were potentially useful for controlling energy use, they will also "enable massive collection of personal data which can track what members of a household do within the privacy of their own homes".
According to the EDPS, which made the warning in an opinion document (PDF) for the European Commission, the data collected could spell out whether householders are at home or away, whether someone is using a specific medical device or baby monitor, and even "how they like to spend their free time".
"These patterns can be useful for analysing our energy use for energy conservation but, together with data from other sources, the potential for extensive data mining is very significant," the EDPS said. "Patterns and profiles can be used for many other purposes, including marketing, advertising and price discrimination by third parties."
Smart meters, which are supposed to give households much greater insight into their energy use, are central to the Commission's strategy for hitting EU energy targets. However, criticisms of the rollout have not only pointed out privacy risks, but also questioned whether the meters will actually save consumers money and cut down on energy consumption.
These patterns can be useful for analysing our energy use for energy conservation but, together with data from other sources, the potential for extensive data mining is very significant.– EDPS
The EDPS applauded the Commission's intention of giving guidance to member states on how to keep smart meters safe, but said it "regrets" that the Commission has not actually spelled out what this advice will be.
"The EDPS calls on the Commission to assess whether further legislative action is necessary at EU level to ensure adequate protection of personal data for the roll-out of smart metering systems," assistant EDPS Giovanni Buttarelli said in the statement.
Buttarelli added that there should be a mandatory requirement for those rolling out the smart meter networks to "conduct a data protection impact assessment and [be obliged] to notify personal data breaches".