From L’Usine Nouvelle / Robin des Toits
Why the CNIL pins the Linky
22 February 2020
The sling against Linky is not likely to weaken. The National Commission for Computing and Liberties (CNIL) has just put EDF and Engie on notice for their management of the data emitted by these communicating electric meters. Specifically, it reported, after verification, two breaches of the General Data Protection Regulation (GDPR).
The first refers to the conditions for obtaining users’ consent. By checking only one box in the form, an EDF or Engie customer agrees to transmit the history of their daily consumption, but also the history to the nearest half hour. ” Such global consent is contrary to the requirements of the GDPR ” because it is ” neither specific nor sufficiently informed“, denounces the CNIL. It stresses that a user may wish to transmit to his supplier a history, but not the other. This is all the more important since the half-hour data are much more precise on private life, revealing the times of getting up and going to bed, the periods of absence or even the number of people present in the accommodation. On this point, Engie reacted by indicating that he had changed his policy since, basing his offer solely on consumption data at the day. Other bad practice pinned ” excessive retention period for data consumption.
“EDF keeps daily and half-hour consumption data five years after the termination of the contract. The monthly data are kept three years after termination at Engie. The two companies have indicated their intention to comply with the GDPR in the three months allotted by the CNIL. This reframing does not settle the businesses of Linky which, in spite of its installation in 19 million homes since 2015, is the subject of 22 legal actions representing 5000 opponents. Their criticisms relate to its attack with privacy and the possible health effects of the electromagnetic fields it emits
Source : https://www.usinenouvelle.com/editorial/pourquoi-la-cnil-epingle-linky.N930719