Government's collection of energy use data makes private business state informants, ORG

The government says it needs the data to manage EPG scheme and to check for fraud, but the Open Rights Group says this bodes ill for the upcoming Data Protection and Digital Information Bill

The UK government's plan to collect consumer data on energy consumption would not be limited to energy companies and may eventually include other private organisations effectively making them government informants, the non-profit campaigning organisation Open Rights Group (ORG) has warned.

Households and companies are eligible for savings on their energy bills under the Energy Price Guarantee (EPG) scheme, which will help mitigate the negative effects of rapidly rising gas costs. As part of the scheme, which began on October 1st, the Department for Business, Energy and Industrial Strategy (BEIS) announced that it would be collecting data on users' energy use, including information that could be used to identify individuals.

The scheme was supposed to run for two years, but new chancellor Jeremy Hunt cut the duration from two years to six months in his emergency announcement on Monday.

According to the government, the following data will be collected and processed, related to each electricity and gas meter in Great Britain:

• Meter Point Administration Number (MPAN) - electricity meter number
• Unique Property Reference Number (UPRN)
• electricity consumption
• data about each meter (for example profile class, energisation status)
• data about how the meter point is billed (for example billing cycle, payment type)
• postcode
• energy tariff data
• personal data including name, address, date of birth, communication data, and email address

The data will be used to:

• allow BEIS to keep track of the EPG's progress and operational delivery
• conduct financial checks on EPG payments, including for assurance and the prevention, investigation, detection, or prosecution of criminal offences, including fraud
• enable BEIS to assess the scheme to comprehend its impact and to inform future government strategy

According to the government, BEIS will share the acquired data with other parties as required for the purposes of preventing and detecting fraud and mistake, including:

• other government departments
• public authorities
• law enforcement agencies both in the UK and overseas
• regulatory bodies
• credit reference agencies
• debt collection agencies
• anti-fraud organisations

Officials said that even though the scheme only lasts for six months, the data would be kept for up to 10 years after it is gathered.

ORG described the government's plan as "unjustified intrusion into our private lives" which could soon expand to reading our emails.

'This plan, and the attitude the Government are showing, gives us a good preview of how UK data protection reforms would work in practice,' legal and policy officer at ORG, Mariano delli Santi said in an online post.

deli Santi argues that the way the EPG scheme is set up does not make it a fraud risk and that gathering and collating data in this way is unjustified. He also claims that requiring energy companies to hand this data over to the authorities does not bode well for the upcoming UK Data Protection and Digital Information Bill, which includes exemptions for government when it comes to purpose limitation with data sharing, as enshrined in the GDPR. Potentially any business "a supermarket, a gym or a General Practitioner" could be forced to hand over sensitive information about customers, he wrote.

According to the advocacy group, the GDPR, which still applies in the UK, is built on the tenets of lawfulness and purpose restriction, and these abstract concepts become rather substantive when compared against the government's plan.

"Is it lawful, and thus proportionate and justified, to treat you as a suspect unless proven innocent, and to store your energy bills for 10 years to detect a fraud you are not even likely to commit? Would you expect your energy company to use your meter readings to charge you, and then to repurpose and hand over your readings to a public authority even if you did nothing wrong?" ORG questioned.

The group referred to the government's Data Protection and Digital Information Bill as "the mini-budget of digital regulation", that will undermine the accountability of the government, let loose automated discrimination, and destroy the digital economy of the UK.

"It is about time that the government take stock of their years-long failure to produce a decent proposal, and bury their data protection reforms for the better," ORG added.