DSK - energy supplier pool - March 2021

From GDPRhub
DSK - „Energieversorgerpool“ darf nicht zu gläsernen Verbraucher*innen führen
Logo-DSK-big.jpg
Authority: DSK (Germany)
Jurisdiction: Germany
Relevant Law: Article 6(1)(f) GDPR
Type: Advisory Opinion
Outcome: n/a
Decided: n/a
Published: 15.03.2021
Fine: None
Parties: n/a
National Case Number/Name: „Energieversorgerpool“ darf nicht zu gläsernen Verbraucher*innen führen
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): German
Original Source: Datenschutzkonferenz (in DE)
Initial Contributor: Florian Kurz

The German Data Protection Conference (Datenschutzkonferenz) holds that credit agencies in cooperation with energy suppliers cannot rely on Article 6(1)f GDPR to collect customer data in a data pool to determine if a customer considers a longterm contractual relationship.


English Summary[edit | edit source]

Facts[edit | edit source]

In late 2020 it had been reported that a number of credit agencies and energy suppliers were considering to set up a data pool consisting of customers of said energy suppliers. It had been in intended to not only process so-called „Negativdaten“, i.e. data on consumers who did not pay their bills on time, but also „Positivdaten“, i.e. data on the mere conclusion of a contract. The aim was to identify bargain hunters who are not looking for a longterm contractual relationship with the energy supplier but only want so save a couple of bucks. In identifying this type of customer, the energy supplier would be able to refuse service to these potential customers.

Dispute[edit | edit source]

While the credit agencies and suppliers had not yet implemented this plan, the Data Protection Conference considered whether such a processing could be justified by Art. 6(1)f GDPR (legitimate interest)?

Holding[edit | edit source]

The Data Protection Conference maintained that the intended data processing could not be based on Article 6(1)f GDPR. It held that even if the interests of the involved undertakings were considered to be legitimate, they would be overridden by the fundamental rights and freedoms of the individual customer. Moreover, the Conference stated that the consumer expects that his/her personal data is not processed beyond what is necessary for the performance of a contract. Hence, the planned processing would impede consumers to act freely on the market.

Comment[edit | edit source]

This statement from the Data Protection Conference is interesting in so far, as the system conceived of by credit agencies and energy suppliers has not yet been implemented. The body consisting of all national DPAs preemptively issued this statement to provide its view on a system that was or is still in its planning stages.

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the German original. Please refer to the German original for more details.

Resolution of the Conference of the Independent Data Protection Authorities of Bund and the Länder

The "energy supplier pool" must not lead to transparent consumers
of 15 March 2021

Credit agencies and energy suppliers are considering creating a so-called energy supplier pool. In this central data pool, positive data of customers should also be stored and transmitted to other energy suppliers. Positive data is data on contracts where the customers do not give cause for complaint, i.e. they behave in accordance with the contract.

Information on the number of contracts concluded and the respective contract duration can indicate whether consumers intend to have a longer contractual relationship with an electricity supplier or regularly use offers for new customers. Consumers who regularly choose the cheapest offer on the market and want to switch suppliers could then be excluded by utilities when they have attractive offers.

However, every citizen has the right to take advantage of the competition between energy suppliers and to look for cheap offers on the market. The desire to record alleged "bargain hunters" in a central data pool in order to be able to identify them as such when initiating a contract and, if necessary, to exclude them from offers, does not constitute a legitimate interest within the meaning of Article 6 (1) sentence 1 lit. f) of the GDPR. It was precisely the aim of the legislator to enable effective and undistorted competition in the supply of electricity and gas by liberalising the energy market. The attempt to identify price-conscious consumers who are willing to switch and to exclude them from certain offers, if necessary, would run counter to this objective.

Even if the interests of the companies were to be considered legitimate, the interests and fundamental rights of the customers worthy of protection outweigh them in such cases. Consumers who are in compliance with the contract have the right to expect that their data will not be processed beyond the purpose of the contract, which may limit their ability to operate freely in the market. 

The storage and transmission of positive data by an energy supplier pool would contribute significantly to transparent consumers and would be illegal according to Art. 6(1) sentence 1 lit. f) DS-GVO.