Balancing energy cost savings and privacy

Posted on 22nd March 2023

As the UK battles through the cost-of-living crisis, businesses and households are struggling. The steep rise in energy costs has produced a particular challenge, despite the energy price cap set by Ofgem and various government support packages. Both groups of energy customers are keen to explore ways to reduce their energy usage and save money. Many solutions are available, but some of them rely heavily on technical processes and the use of customers’ data, much of which is personal data.

There is often a tension between the actual and potential efficiency, ease of use, convenience and innovation that technological solutions offer on the one hand, and the myriad potential privacy implications associated with them on the other. It is no different with the energy suppliers: both value and risk are created through customer data being handed over to them.

Smart meters

In homes and businesses where smart meters are installed, it is possible to generate a precise picture of energy use. This can be updated and sent to the supplier every 30 minutes to match the settlement periods on the wholesale energy markets. Such an approach could lead to significant savings for consumers, but could also provide a granular picture of their consumption habits and general lifestyle.

Energy suppliers would say that their use of this data is primarily for:

  • Measuring consumption accurately and billing accordingly.
  • Providing advice on energy efficiency measures. 
  • Forecasting power consumption for individuals, and for the market as a whole.
  • Developing products and services.
  • Enabling the National Grid to become more efficient.

More granular data would improve the efficiency of the energy networks, so that generation and consumption could be more closely matched. This, in turn, would deliver carbon savings, which consumers and businesses are ever keener to pursue.

Internet of Things

Another way for energy companies to deliver savings to their customers is through the use of Internet of Things (“IOT”) technology. For example, a company supplying IOT hot water tanks could control them remotely to vary the temperature by a couple of degrees. Customers would be unlikely to notice the adjustment, but if the temperature was reduced in the same way on thousands of similar tanks, this could deliver a substantial reduction in the demand for electricity. Then, the benefit of the cost savings could be distributed among participating households. Similar energy demand management (“EDM”) schemes are already in place at some businesses. By sacrificing a degree of control, the businesses gain in terms of saving cost. In some cases, they can also generate revenue from participating in EDM schemes and being compensated by the energy networks for doing so.

When we factor in other technology such as smart electric heating systems, electric vehicle (“EV”) charging and smarter white goods and appliances, the potential for aggregated demand response across hundreds of thousands of households and businesses is enormous. There are benefits for consumers, electricity networks and the environment.

What could the data collected from technological energy solutions indicate?

The data sets that are collected from these devices can carry considerable risk to those who provide them. For example, for householders, it is likely to be easy to discover their:

  • Daily routine, including absence from the house.
  • Periods of holiday.
  • Habits, including what appliances are used at what times of the day.

Someone viewing the consumption profile might be able to determine whether a teen or older child was home alone. Abuse of IOT devices has also been cited in cases of harassment, bullying and coercive control. For example, heating has been switched on or off, or the hot water temperature has been adjusted, without someone’s permission or knowledge. Evidently, collecting this kind of data presents risks, so designing such products and services requires suppliers to “bake in” data protection principles by design and default.

However, in certain scenarios, the availability of data from smart meters or domestic IOT devices could provide benefits such as safeguarding and practical home help. For example, for those living in sheltered housing, an out-of-routine activity could act as a warning sign to the care organisations who manage the accommodation that the service user needed help of some kind.

Getting privacy right – where should the focus lie?

Given the potential benefits of collecting data from smart meters and IOT devices, it is easy to see why so many product designers and energy suppliers are focusing on this area.

The challenge is ensuring privacy by design. Customers may feel concerned about the control that they are surrendering to a remote, probably automatic source, and the extent to which they will have to part with their data to do so.

This is why consideration of data ethics and privacy must be incorporated into the early design phases and onwards. In this way, customers can appreciate the advantages of the new technology while learning to trust that appropriate measures are in place to minimise intrusion to their privacy.

Design of the devices must also factor in the potential for bad actors: how might the product be used to create an anti-social outcome? For example, there have been reports of the Apple AirTag – a tracking device designed to act as a key finder – being used nefariously to stalk victims or track valuable items with the aim of stealing them later. This is a clear example of how much damage smart devices can cause when they are used by unscrupulous individuals.

The Information Commissioner’s Office (“ICO”) is clear that hidden data processing is unacceptable, as its fine and condemnation of Easylife last year (reduced last week) showed. Energy companies will need to explain their data collection practices for these devices, and have an appropriate legal basis to support them. For example, if the data is to be used for profiling or direct marketing – or it could reveal sensitive personal data or special category data – the companies will need to consider various questions:

  • How would their customers provide consent, where it is required?
  • Would they want to provide consent?
  • Would that consent be valid? What if customers felt that they had no choice but to give consent?

When the energy companies analyse their practices, they may need to perform a legitimate interests assessment (“LIA”) to prove that they gave everything proper consideration. Doing so will help to bring them in line with the accountability principle in the UK General Data Protection Regulation (“UK GDPR”).


The benefits of new technological devices in the energy market – to businesses, households, suppliers and the environment – are numerous. However, innovators, suppliers of IOT-enabled appliances, energy suppliers and local networks need to factor in the privacy implications for their design from the outset. In this way, they can properly comply with their requirements under the GDPR, avoid costly fines and penalties, maintain trust in the products and protect the most vulnerable.

Pritchetts Law has worked extensively on innovative data-led solutions and IOT technology in both the domestic and commercial spheres. We offer a pragmatic and commercial approach to balancing privacy requirements with commercial objectives. If you’d like to know more about how we could help you, please get in touch.

Back To Blog »

Contact Us

Get in Touch

Pritchetts Law LLP
35 Westbury Hill
United Kingdom

+44 (0) 117 307 0266

Make an Enquiry

Please provide your details, and a brief summary of your enquiry, and one of our team will be in touch.

Pritchetts Law LLP is a Limited Liability Partnership registered in England and Wales (company no. OC413975) and authorised and regulated by the Solicitors Regulation Authority (SRA no. 647155). "Partner" refers to a member of Pritchetts Law LLP.
© Copyright 2024 Pritchetts Law LLPWeb Design By Toolkit Websites