Assessing the European approach to privacy and data protection in smart grids: Lessons for emerging technologies 

In this chapter, we would like to sketch societal challenges posed by smart grids, and in particular those related to surveillance, and – subsequently – to critically as- sess the approach of the European Union (EU) to addressing them. We first use the Dutch example of smart meters roll-out to illustrate that smart grids constitute a complex socio-technical phenomenon, and first and foremost, can be used as a sur- veillance tool (sections 2-3). Second, as the treat of abusive surveillance, to which we limit this chapter, is frequently framed in the language of privacy and personal data protection, we briefly introduce relevant legal frameworks of the EU (section 4) in order to demonstrate how smart grids interfere with these notions (section 5). Third, although the said frameworks solved some issues, they still left a number of open questions. Thus the EU has experimented with adding, on top of them, a “light” regulatory framework for personal data protection in smart grids, of which a data protection impact assessment (DPIA) can be seen as a core element. Having overviewed this development in section 6, we attempt to critically assess it in a sub- sequent section. We analyse the choice of regulatory instruments, their scope, focus, quality and effectiveness, among others. We conclude, in section 8, that the DPIA framework, chosen as the main means to solve the threat of abusive surveillance in smart grids, is rather a missed opportunity.