This case study raises key questions about how lawyers can ensure that fundamental values, such as privacy and equality, can be properly integrated into information pathways and flows in energy infrastructures. As large and distributed energy projects come to rely more and more on the enabling role of information and communications technology to make massive, responsive, and individually-tailored systems possible, a detailed consideration of questions that have not been discussed by environmental lawyers until recently is necessary.
Energy usage patterns reveal lifestyle information and can highlight very sensitive issues in an individual's life: health issues (particularly sleep, diet, exercise, or alcohol use); intimate relationships and child care arrangements; or religion. Easy access to this data can enable unlawful or unfair discrimination and bias, and can be put to unintended or unwanted uses. Anonymisation is often an incomplete and inadequate response. In addition, smart grids and meters may not be secure. Consumers may not be able to make informed decisions about privacy.
Technical approaches to these problems abound. Tools like Privacy by Design are touted as providing a solution. The European Commission places particular emphasis on the idea of a `Data Protection Impact Assessment'. Security by Design is a complementary approach, which relies on end-to-end encryption and the use of separate data streams for core and value-added services.
However, these are incomplete responses. Privacy by Design provides a vague set of principles
without methodological guidance: how do systems developers build privacy into design process? Privacy by Re-Design (retro-fitting existing systems) is very expensive. Computers are designed to share, retain, index, and analyse information --- not to `forget'. Even `erasure' is not straightforward.
Legal rules are flexible, deliberately unclear, contested, and malleable. Digital rules are rigid, clearly defined in advance, strictly operationalised, and difficult to change. The latter can easily become closed, inflexible, and unaccountable systems, containing assumptions, biases, and mistakes. Formalising practices and knowledge is difficult and there is therefore a need to `Get It Right First Time'. However, information systems developers do not work from laws, principles, or rights, but
with `requirements': clear, complete, consistent specifications of the behaviour of a system.
Innovation in products, services, and markets is often touted as essential for sustainable development. However, this process of `creative destruction' should not lose sight of fundamental values, which need to be fully integrated into the thinking of entrepreneurs, policy-makers, and systems developers. This must go beyond check-box compliance or an `balancing' exercise in which privacy and equality always lose, to a nuanced perspective which understands that rights are enablers of, rather than barriers to, innovation. To achieve this, lawyers must first obtain a deep knowledge of the potential and limitations of technological solutions. This can help to bring about greater coherence between legal aspirations and technical realities.