Insight,

Energy Generation & Storage,Privacy,

Consumer Energy Resources: data and privacy

20 June 2024

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Welcome back to our 5-part series exploring the emerging opportunities and challenges associated with the uptake of CER in Australia from a tech law perspective, with a focus on privacy and data, AI and automation, cyber security and contracting to enable the transition to CER.

Tell me in two minutes

As has been the case for some time now, energy is no longer being exclusively generated by large power stations. Rather, it is increasingly being generated, stored and distributed back to the grid by consumer energy resources (CER, sometimes referred to as distributed energy resources). The effective and widespread use of CER (and their integration with Australia’s energy grid) is critical to Australia’s path towards net zero.

CER also offer other benefits to consumers and small businesses, such as lowering energy costs and giving consumers readily accessible data regarding their energy usage, storage and generation.

Data is key to maximising the benefits of CER. However, the collection, use, storage and transfer of this data also introduces new data and privacy vulnerabilities to the energy ecosystem. An under-explored area of increasing importance is the nexus between CER, data governance and privacy. This includes the application of the federal Privacy Act to energy data and how data sharing agreements can be used by industry to share data confidently and securely.

This article explores the types of data relevant to CER, the importance of it, the application of the federal Privacy Act, and the role of data sharing agreements.

Quick recap: what are Consumer Energy Resources?

As we discussed in our first article in this series, CER refers to the concept of consumer-owned devices that are capable of generating, storing or managing electricity from renewable sources. These devices include smart meters, rooftop solar, batteries, electric vehicles and smart inverters.  These devices can form a network that is managed by a Virtual Power Plant (VPP).   Consumers can join these VPPs that are often managed by energy retailers.

What data is relevant to CER?

Various types of data are relevant to CER. These include the following:

Click to expand image

Click to expand image

The importance of CER data

CER data also plays an important role in building the connection between consumers and energy consumption.  Being able to track and trade energy from a mobile device creates a sense of ownership and autonomy, which drives consumer participation in the electrification of Australia.

CER data also plays a practical role as it is critical in managing energy demands and monitoring energy flow from and into the grid. Among the vast amounts of data collected, the importance of specific CER data will vary depending on the entities that propose to use that data and what they propose to do with it.

The different entities that rely on data relevant to CER include:

  • Market bodies, such as:
    • the Australian Energy Market Commission (AEMC), who confirmed that the better integration of CER into the market to achieve the national energy objectives is one of its five key priorities for the 2023-2024 financial year; and
    • the Australian Energy Regulator, who may use grid performance data to analyse market dispatch and prices, network constraints and outages, and demand forecasts;[1]
  • Consumers, who can use pricing (tariff) data to accurately calculate electricity bills, inform decisions about how they consume energy to reduce costs, and decide the best time to sell energy stored in their battery to retailers (generally, when prices are high);
  • CER manufacturers and retailers, who can collect energy data relevant to a consumer to provide them with a technology solution that allows the consumer to track their energy consumption and generation, and consume or sell energy when it suits them;
  • CER retailers and metering providers, who can use customer details in combination with historic energy consumption data and energy generation projections to increase consumer knowledge on what CER can be implemented and how they can be utilised at specific premises, promoting a cost efficient and renewable energy sector and to assist in accurate billing; and
  • VPP operators, who may use operational (such as energy generation, energy consumption and power quality) and telemetry data to optimise the aggregation of CER assets across a large area for the purposes of responding to peak energy periods and ensuring grid stability. Standing/connection point data may be used for equipment maintenance purposes.

The collection of data from CER is equally important for the technical components of the grid itself. Inverters can receive instructions based on network conditions from data and adjust electricity output accordingly. Smart meters provide network visibility down to the household level. 

Recognising the role of data in managing the system, the former Energy Security Board (ESB) developed a Data Strategy, which aimed to manage changing data needs in the energy transition and optimise the long-term interests of energy consumers in a digitalised economy.[2] This work is designed to reduce barriers to data access to inform policy, planning and research, and designing options to address emerging data needs for CER in the energy transition in order to monitor and manage the electricity system.[3]

The Privacy Act and its relevance to CER

The Privacy Act 1988 (Cth) imposes obligations on APP entities in relation to their collection, use, processing, storage and deletion of personal information. An APP entity is an entity or organisation (including an individual, body corporate and partnership) that is not a small business operator. Small business operators – i.e. businesses with an annual turnover of $3 million or less in a financial year - do not currently need to comply with the Privacy Act (although the government is considering removing this exemption). ‘Personal information’ is information or an opinion about an identified individual or an individual who is reasonably identifiable, irrespective of whether that information or opinion is true or whether it is recorded in material form. Not all of the types of CER data identified above will constitute personal information, but some of it may be. Customer details (name, address, contact information) is personal information. Energy consumption or generation data may be personal information if it is tied to a specific address or meter (particularly insofar as it reveals insights about a person’s daily routines, absence from home or how they use equipment or appliances at home).

Aggregated data that does not identify a specific individual is not personal information. However, it could become personal information if later matched with other data that, when looked at in combination, relates to an individual who is reasonably identifiable.  

The Government is currently considering reforming the Privacy Act 1988 (Cth) (see here). As part of this, the Government is considering amendments needed to clarify that personal information is an expansive concept that includes technical and inferred information (such as IP addresses and device identifiers) if this information can be used to identify individuals. This may change what type of CER data is considered personal information.  For example, energy consumption data may be caught if a user can be singled out using that information, even if their underlying legal identity is not known, or if there is a reasonable likelihood of identification or re-identification of an individual.

The table below sets out key questions that APP entities should consider when they collect, use or otherwise process energy data relevant to CER that is personal information:

https://aemo.com.au/about/what-we-do

https://esb-post2025-market-design.aemc.gov.au/data-strategy

https://esb-post2025-market-design.aemc.gov.au/data-strategy

Click to expand image

Click to expand image

Notably for network service providers, the National Electricity Rules provide that such providers are not required to give AEMO CER generation data for AEMO’s CER Register Report where the collection, use or disclosure of that data would breach applicable privacy laws. This data must be aggregated such that it does not directly or indirectly disclose confidential information or result in a breach of applicable privacy legislation.

The Privacy Act also sets out a comprehensive regime for notifying the OAIC in relation to data breaches, where there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an APP entity, and the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates. We will discuss this further in our fourth article in this CER series.

Utility of Data Sharing Agreements

Data sharing agreements are increasingly prevalent and important in the energy sector. These agreements govern the terms on which one person or entity will share data with another. Drafted well, they can be an effective way of ensuring compliance with the Privacy Act and allocating liability if something goes wrong. 

Further considerations of data sharing agreements include:

  • what data will be shared with the recipient (and when and how it will be shared)
  • the format in which the data will be provided
  • what the recipient can do with the data (including limiting its use to a particular purpose or agreed output)
  • any prohibitions on the recipient on-disclosing the data, including to overseas recipients
  • whether the recipient is entitled to modify or commercialise the data or any derivatives of the data
  • the parties’ respective obligations in the event of a data breach, and
  • any charges payable.

KWM, as leaders in both the tech and data and energy sectors is at the forefront of these developments regularly assisting clients in getting ‘up to speed’ in this quickly evolving landscape. Please feel free to reach out to our team to discuss CER, data and privacy further. CER is playing an exciting role in the energy transition and we are always keen to help.

The next articles in this series:

In the next article in this series, we will be discussing the relevance of AI and automation in Consumer Energy Resources. It will discuss the potential for AI to be deployed in CER (including case studies where industry is already leveraging AI), risks to watch out for, and an update on the regulation of AI in Australia and what organisations can do now in advance of any such regulation coming. 

Categories

Reference

MEET THE AUTHORS

SHOW MORESHOW LESS
LATEST THINKING
Insight
AI governance in government: Is your agency ready for the ANAO’s spotlight?
The Australian National Audit Office’s (ANAO) has recently emphasised the importance of agencies having effective and specific AI governance frameworks. This was the key message coming out of the ANAO’s performance audit report on the ATO’s Governance of Artificial intelligence.

14 March 2025

Insight
B Corps: To B or not to B
We explain what a B Corp is, how to become a B Corp and some of the benefits and challenges of obtaining this certification.

13 March 2025

Insight
The Cyber Security and Critical Infrastructure Rules have now been registered
Following a period of consultation on rules to support the Government’s Omnibus Cyber Security and Critical Infrastructure package discussed here, 4 of the 6 proposed rules have now been registered.

13 March 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
KWM KINETIC
OWL ADVISORY BY KWM
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies