Target audience(s): Policy experts, energy sector experts — Estimated reading time: 12-15 minutes

Reference: Australian policy consultation — Energy Rules Framework

Icebreaker One Response — August 2020

Executive Summary

We welcome the publication of this consultation document and fully support consumer control over their energy data through the Consumer Data Right (CDR). We believe this is an inflection point that will enable a thriving ecosystem of private service providers, new entrants and existing energy stakeholders, expanding to provide the innovation the whole system requires to meet its goals. Access to data will clarify inefficiencies and identify opportunities, bringing considerable efficiency gains and savings as digitalisation, decentralisation and decarbonisation accelerate.

To achieve this, the use of energy data must be characterised by strong governance, standards and architectural agility. We hold an ambitious view for the future energy system: one which is highly innovative, delivering strong environmental, economic and societal benefits by fostering a decentralised data ecosystem, enabling widespread machine-to-machine data exchange and the ability to address privacy challenges. This will require additional consumer protections and enhanced rights. We advocate the principles of consumer primacy, control of consent throughout the provisioning chain, and greater emphasis on liability and redress. 

We recently published relevant reports through our associated company, Dgen, for the UK Government on consent, liability and redress. These are pertinent to your consultation and you can find them here:

https://www.gov.uk/government/publications/smart-data-research-on-consent-liability-and-authentication

Overview of Icebreaker One 

Icebreaker One is an independent, non-partisan, global non-profit. Our vision is to develop the data infrastructure to deliver a demonstrably net-zero future. We connect private and public sector leaders to help reduce risk and grasp the opportunity to transform the climate crisis into economic innovation.

We understand that every asset, system, organisation and network in energy (and beyond) will be producers and consumers of data. These systems will increase in complexity: they are not only being digitalised, they are becoming data-driven. The growth in data connections will be exponential as the market matures. 

We believe the energy ecosystem must implement a data architecture which can scale in data-type, volume and connectivity, across use-cases, organisational and logistical boundaries, sectors and jurisdictions. It must deliver this in a secure, safe, robust and adaptable environment with trusted governance. 

Responses to Consultation Questions

We have responded to questions 1, 2, 3, 4, 20, 22, 24, 26, 34, 35 where we believe Icebreaker One (IB1) expertise and experience will be helpful. 

Consultation questions: an approach to data sets in energy rules

1. Do you agree with our proposed approach to data sets in the energy rules? Why or why not?

We recommend that all data sets and assets should include descriptive metadata. The approach adopted should enable the ability to “crawl” energy metadata for both open and shared data. This approach enables searchable energy datasets and assets and understands relationships and meaning. Furthermore, it will enable links to be created between related assets and datasets e.g. metadata about a dataset linking to metadata about the physical asset from which the dataset was recorded.  

2. Considering the above discussion about potentially sensitive information, what data, if any, should be subject to specific arrangements (for example, during the consent process)? Should any particular sensitive data be explicitly excluded from the proposed data sets?

We agree that hardship details and concession details be separately categorised to allow ADRs to clearly explain the purpose and benefit of a consumer consenting to the sharing of these data sets. This confirms research in the UK by the Money & Mental Health Policy Institute which considered how firms might use data which suggests a consumer may be vulnerable. A key recommendation from this was for government to create a shared space for regulators, firms and consumer groups to consider how such data can be used appropriately. Ethical use of data must be a key focus of regulation and should ensure that those consumers choosing not to share such sensitive data do not face prejudice.

Moreover, it is essential that consumers are fully informed when making decisions and are asked to consent. From a consumer perspective ‘consent’ is often not clear because to access a product or service consumers must understand and agree the company Terms and Conditions as well as the way in which their data will be used. This is a lot of information to absorb and is often poorly presented. This raises the risk that consumers do not genuinely understand what they are agreeing to, and the potential consequences of their actions. 

We, therefore, recommend that a Standard for consent that requires ADRs to put the interests of consumers first. This should be implemented as a codified approach with a common set of parameters and values that is presented to the consumer in an easily understood way. For example, such a standard should include:

  • The purpose of data sharing (with a clear explanation of the value exchange)
  • Other organisations involved in the data sharing, if this is the case
  • What data items will be shared
  • Draw attention to any sensitive data
  • Access and individual rights of the consumer
  • Information governance arrangements (such as accuracy of data, the deletion of data, termination of data sharing and complaints management)
  • End date and review periods for the agreement

This should be developed from the consumer perspective, with an emphasis on comprehension and user experience, and allowing for the interconnected nature of the data provisioning chain.  We note that such a Standard would enable the development of an API specification and associated metadata that enables the detail of the consent to be checked by other parties in any provisioning chain or carried alongside the consumer’s data in an API payload. This requirement is not unique to the energy sector and should be applied to any sector where personal data is shared. We trust that these aspects of the consent approach and process are included in the scope of the planned work on authentication and authorisation. 

Consultation questions: approach to the Rules, standards and privacy safeguards to accommodate the gateway data access model
3. Do you consider the proposed approach to the gateway rules, standards and privacy safeguards appropriate for CDR in energy?

We are concerned that the proposed approach may limit the potential for the use of energy data in Australia. While noting the rationale behind the original decision and extensive stakeholder engagement, we are encouraged at the inclusion of a 3-year review of the gateway approach as in the longer-term this approach:

  • Will create a single point of failure;
  • May prove to be costly and inefficient to ensure consistent, reliable real-time access to the data required in use-cases that will become widely adopted;
  • Adds a layer of complexity in the development of the CDR rules and data standards to ensure interoperability with the broader CDR ecosystem, potentially hindering the emergence of cross-sector services; 
  • Is not the favoured option for innovative technology companies that will be critical in the drive to decarbonise;
  • Does not, in our view, take into account the powerful mitigating impact in the economy-wide model of Technology Service Providers, which have emerged in the data-sharing ecosystem to provide integration, implementation and aggregation services, as well as consent management services.

Our experience through extensive stakeholder engagement in the UK energy sector repeatedly emphasised that there cannot be a ‘single platform’ in which ‘all data is put’ to address ‘all use cases’. Energy data is highly diverse and is evolving too rapidly for any central, proprietary IT system to keep up.

4. If not, which aspects of the approach should be reconsidered or amended, and why?

We favour a fully decentralised approach – akin to the economy-wide model considered – in which data and metadata is distributed, always up-to-date, and managed real-time on data holders’ servers.

We acknowledge that decentralised data and asset search is challenging and existing datasets are not strongly linked. However, search and discovery technology offers a solution to this problem.

Data should be searchable, accessible and available to agreed standards. This approach can provide the common rules, controls and processes needed for access, discovery, security, commercial applications, privacy and regulatory compliance. This will enable an energy data ecosystem to develop, which will lead to greater innovation that brings both direct consumer benefits and will support solutions that enable more rapid decarbonisation.

Consultation questions: dashboards
20. Of the three options for data holder dashboards, which do you prefer and why? 

We welcome the inclusion of dashboards as a tool to enable authorisation and consent management. However, we recommend that an alternative approach is considered, enabling new approaches and entities for consumers to manage their consents. It will be insufficient to consider just the retailer or AEMO, as we fully expect a thriving ecosystem of third party service providers to develop innovative, value-adding solutions as the market develops. This will lead to complexity in the provisioning chains as data will necessarily be shared with other parties. This means that consumers may be faced with managing many consents, some of which is likely to relate to data drawn from multiple sectors.

Given the complexity of managing ongoing consents, and the proliferation of consent and access management across those sectors opening up to the data-sharing ecosystem, it would be useful to consider early how this could be managed most effectively for the consumer and market alike so that they have the tools and a good understanding of the way in which these tools can be used. Alternative models should therefore be explored.

22. What other options should we consider? 

We recommend consideration of new models such as companies or entities that undertake the management of the consumer’s consents on their behalf across all sectors covered by the CDR. This can be achieved using a common consent standard, API specifications and associated metadata. 

24. What consumer experience factors should we take into account with respect to how dashboards should be presented to CDR consumers?

We strongly recommend a common set of language, with common terminology applicable across sectors wherever possible.  From the consumer’s perspective, easily comprehensible words and phrases must be widely used that are easy to read and well understood. This will encourage wider acceptance, trust and adoption of services.

We also recommend that dashboards should be considered as tools which enable consumers to view which data has been received into the firm, as well as data which the firm has shared with other participants (data ‘in’ and data ‘out’). 

Dashboards should include:

  • The recognisable consumer brand with whom a consumer has shared their data, and any party to whom data has been onward shared.
  • The specific data clusters/types being accessed, clearly explained.
  • Why the data is needed – the purpose, so that this can be easily understood.
  • What specifically it is used for – the processing activities and any sharing with other parties in a provisioning chain.
  • The duration that access to the data is granted for.
  • Their rights, and the way in which they can manage their data should be clearly explained.
  • The ability to revoke consent and notification that this has taken place and how data collected previously will be dealt with (e.g. ‘put out of use’/’deleted’)
  • Consents should be sortable and clearly outline those which are active, expired or cancelled

Additionally, the introduction of a recognised approach to the provision of consent management tools, and potentially a guarantee or certification will help consumer trust. The location of the dashboard should be easy to find from the main menu. You may also wish to make requirements about the accuracy and timeliness of the data held on the dashboard (for instance, the dashboard should update in real-time to avoid any miscommunication).

Consultation questions: internal dispute resolution
26. How important do you consider consistency of IDR approaches across sectors at this stage of the CDR regime? 

We observe that, as a proxy measure, the UK Open Banking initiative has undergone a rapid evolution in the way in which products and services are provided to consumers, through complex provisioning chains. We believe that this will become a characteristic across all markets and sectors. We observe new risks associated with opening up data as well as the risks which are exacerbated by the intelligence afforded by data. Data risks are often interlinked so that a mistake at a data holder creates risks downstream, not just for the ADR but for other parties involved in the provisioning chain. 

Furthermore, data will be used in services which cross regulatory/sector perimeters, meaning that there must be a consistent approach so that consumers can always feel confident and trust that if anything goes wrong, they know how to have things put right. In particular, consideration should be given to the assessment of liability and apportionment of redress both in the energy sector in and cross-sector, cross regulatory cases, which will prove to be complex.

We, therefore, recommend that early attention is given to the creation of a single, accessible dispute resolution system for problem resolution, that facilitates effective inter-organisational communication and has common rules and processes. This will require consistency between regulatory approaches across different sectors.

Internal Dispute Resolution will be greatly improved where data is more easily traceable. We, therefore, recommend that metadata attaches to consent. This aids discussions about liability and dispute resolution.

We also recommend that consideration is given to how consumers may access redress which is simple, free and timely without recourse to the courts. This work includes understanding the value of energy data, how it may be used by nefarious actors (e.g. isolating when a family are at home and when the house is empty for instance), and what the value associated with privacy, were this data to be breached. This includes consideration of the use of energy data outside the energy sector by other third parties and the jurisdiction of any ombudsmen. 

Consultation questions: issues relating to accreditation
Energy data
34. Do you agree that energy data sets are less sensitive than banking data sets?

We agree with this statement at present, but advise that this situation will change. As energy generation decentralises and decarbonises, with wider use of DERs, data originating at the household level (including personal data) will become more widely used. Therefore, the sensitivity of this data will increase. Moreover, the combination of energy data with data from other sectors will enable greater levels of analysis and inference.

35. Should any energy data sets, or subsets of those data sets, be treated with a higher degree of security (due to potential sensitivities), similar to banking data?

Any data originating at household-level, or where individuals and their behaviour are identifiable, should be treated with a higher degree of security. We see a range of use cases, such as home energy management or localised/community resource management where such data will be critical.