Log in / Register
Home arrow Computer Science arrow Social Informatics
< Prev   CONTENTS   Next >

2 Analysis

2.1 Are Energy Logs Personal Data?

According to the European Data Protection Directive, personal data is defined as “any information relating to an identified or identifiable natural person” [Par95]. Especially when office rooms are used by only one person it is straight forward to relate energy logs of this room to this person. Hence, energy logs need to be considered as personal data and data protection laws have to be applied.

2.2 EMS User Groups and Their Access Rights

Before introducing different roles in the EMS, we must introduce several assumptions about a building. A building is provided and managed by an authority we call Building Supplier (BS). Different spaces of the building (multiple floors, rooms, etc.) can be rented by Building Customers (BC), for instance, companies. BCs pay money to the BS for rented space and consumed energy (electrical power, heating, etc.).

Based on above assumptions, we introduce user groups in the EMS. Each user is represented in the EMS by processes that automatically analyze data accessible for this user.

Building User (BU): a person working in the building. By default she is allowed to retrieve energy measurement data in full granularity concerning herself. A BU belongs to a BC. Energy Manager (EM): belongs to a BC. Her duty is finding unnecessary energy consumption in the company and optimizing the situation. Hence she needs to access detailed energy logs of the entire space rented by the BC. This data set comprises personal data of several BUs. Energy Accountant (EA): belongs to the BS. Her tasks include billing of energy by BCs. For the EA a spatially and temporally aggregated view on energy logs, i.e., the sum of energy spent within the space of an BC, is sufficient.

2.3 Design Strategies for Privacy by Design vs. Energy Control

Hoepman defined in [Hoe12] eight design strategies for privacy by design systems. These strategies are derived from data protection laws, such as [Par95]. In the following we introduce the most relevant strategies and assess their applicability.

Strategy #1 Minimize: “The amount of personal data that is processed should be restricted to the minimal amount possible.” [Hoe12] As already described, collecting data with high resolution is essential for an EMS. Otherwise, the successful operation of the EMS is compromised. Hence, this strategy can not be applied.

Strategy #2 Hide: “Any personal data, and their interrelationships, should be hidden from plain view.” [Hoe12] This design strategy does not conflict with an EMS and can be implemented by access control mechanisms.

Strategy #3 Separate: “Personal data should be processed in a distributed fashion, in separate compartments whenever possible.” [Hoe12] This strategy does not conflict with an EMS. However, distributed processing and storage has a bigger overhead in administration than a centralized system.

Strategy #4 Aggregate: “Personal data should be processed at the highest level of aggregation and with the least possible detail in which it is (still) useful.” [Hoe12] Aggregation will reduce resolution. Hence, this strategy is basically equal to strategy #1 and can only be applied in selected cases, e.g. for the EA.

Furthermore a system following privacy by design should also obey the following remaining principles. It should inform (#5) a user when her personal data is processed as well as preferably putting her in control (#6) of her data and its distribution. Furthermore, the system's compliance to legal requirements must be enforced (#7) while being able to demonstrate (#8) this property.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science