Data Sharing, Privacy and Security Considerations in the Energy Sector: A Review from Technical Landscape to Regulatory Specifications
Shiliang Zhang, Sabita Maharjan, Lee Andrew Bygrave, Shui Yu
TL;DR
The paper tackles the convergence of data-sharing, privacy, and cybersecurity in the energy sector by linking technical data landscapes with EU regulatory frameworks. It systematically maps data availability, transmission, and processing practices to regulatory constructs (data-sharing, GDPR/privacy, and cybersecurity) and analyzes the EU’s regulatory evolution, including the Data Governance Act, GDPR, NIS directives, and cybersecurity policies. Key contributions include a structured regulatory articulation for data-sharing, privacy, and cyber security in energy, an organizational view of roles and responsibilities, and guidance toward a unified framework that supports participatory energy paradigms such as transactive energy and V2G. The study identifies significant gaps—particularly in energy-specific interpretations of data sharing, cyber risk matrices, and practical implementation guidance—and discusses how emerging acts like the AI Act will shape AI usages in energy systems. Overall, the work provides a consolidated, energy-focused regulatory lens to accompany the technical progression of a distributed, data-intensive energy landscape, with implications for policy designers, industry stakeholders, and researchers aiming to harmonize innovation with rights and security.
Abstract
Decarbonization, decentralization and digitalization are the three key elements driving the twin energy transition. The energy system is evolving to a more data driven ecosystem, leading to the need of communication and storage of large amount of data of different resolution from the prosumers and other stakeholders in the energy ecosystem. While the energy system is certainly advancing, this paradigm shift is bringing in new privacy and security issues related to collection, processing and storage of data - not only from the technical dimension, but also from the regulatory perspective. Understanding data privacy and security in the evolving energy system, regarding regulatory compliance, is an immature field of research. Contextualized knowledge of how related issues are regulated is still in its infancy, and the practical and technical basis for the regulatory framework for data privacy and security is not clear. To fill this gap, this paper conducts a comprehensive review of the data-related issues for the energy system by integrating both technical and regulatory dimensions. We start by reviewing open-access data, data communication and data-processing techniques for the energy system, and use it as the basis to connect the analysis of data-related issues from the integrated perspective. We classify the issues into three categories: (i) data-sharing among energy end users and stakeholders (ii) privacy of end users, and (iii) cyber security, and then explore these issues from a regulatory perspective. We analyze the evolution of related regulations, and introduce the relevant regulatory initiatives for the categorized issues in terms of regulatory definitions, concepts, principles, rights and obligations in the context of energy systems. Finally, we provide reflections on the gaps that still exist, and guidelines for regulatory frameworks for a truly participatory energy system.