This is Icebreaker One’s response to Ofgem’s call for input on Data Sharing in a Digital Future. Please find the Google doc version here.
Please note that throughout this consultation, Icebreaker One uses the terms Open, Shared and Closed data as defined here.
Call for input response:
Question 1
Yes/No: Do you agree that a Consumer Consent solution is required as per the task force’s recommendation?
Yes, we agree with the recommendation that a Consumer Consent solution is required. We also support the idea of emulating the concept of Open Banking to empower consumers and accelerate innovation and competition in the energy sector, as new market participants can offer more personalised and efficient solutions to the consumer.
Question 2
2. Could you please provide any reasons why the current methods for obtaining consent from a consumer might be ineffective or inefficient?
The current methods for obtaining consent from a consumer may be ineffective or inefficient due to:
- Lack of transparency in obtaining consent – e.g. overly legalistic wording, items hidden in small print, lack of clarity around the full range of partners data will be shared with and/or for what purpose(s)
- Lack of trust – as mentioned in the consultation, there is a lack of trust in energy companies by consumers. Trust is key for obtaining consent.
- Individual/household dilemma – consent for data sharing pertaining to a whole household of people is obtained from a single individual (there may also be a gender bias here if the account holders tend to be male) who may or may not actually live at that address (eg landlord who pays bills) – there is no mechanism to ensure household members are consulted.
- Revoking or changing consent – it is often easy to give consent (e.g. automatic pop-up) but much harder to change or revoke consent (e.g. requires a log in, hidden in a long settings menu, not available by non-digital means) – this requires much more transparency and an easy process
- Linked services – Lack of understanding about the impacts of giving, changing, or revoking consent for services that may be linked (e.g. reliant on data flows) but potentially operated by different companies. For example, consumers may not understand the impact of rejecting access to 30 minute consumption data on access to smart products and services.
Question 3
3. Do you believe that consumers are sufficiently motivated to engage with the consent solutions proposed in this Call for Input? Please elaborate on your answer.
Open Banking provides a case study for engagement of a Consumer Consent solution. It has now reached over 7 million users and in July 2023 surpassed supporting 11 million transactions per month. This provides strong evidence that there is both appetite and capability for British consumers to engage with a consent solution based on a Trust Framework.
It is important that Open Banking is viewed holistically as a Trust Framework – an entity incorporating technical, communications, engagement, legal and ongoing governance arrangements – rather than a technical solution.
However, the answer to this question cannot solely consider motivation, as it is influenced heavily by interactive factors such as the design of the consent mechanism (e.g. one click) and the consent being obtained in an inclusive manner (e.g. language, online/offline options, etc). Engaging consumers through consistent engagement is essential for appropriate uptake of a Consumer Consent mechanism.
It is difficult to compare consumer motivation across the three options as they are very different and could support different forms of consumer engagement. For example, Option 2 (A set of principles outlining a consistent way for trusted market participants to obtain consent, such as Data Best Practice) may result in a range of acceptable consent mechanisms which still look different to consumers when implemented and operated by different organisations.
Question 4
4. Do you agree that the four use cases referenced are high priority use cases? Can you describe any other high priority use cases?
We agree that the four identified use cases are high priority and hold capacity to contribute strongly towards energy system decarbonisation. In parallel, we note that these use cases focus on activities bounded within the energy sector. The broader consultation document indicates the potential for an Open Banking style (i.e. Trust Framework based) consent mechanism to operate across sectoral boundaries. If the wider context is considered, then we suggest carbon accounting to be added as one further further priority use case in which enabling the flow of energy data – facilitated by consumer consent (domestic, SME and industry) is strongly implicated.
In the arena of carbon accounting, Perseus provides one example of how a Trust Framework enabling the permissioning and flow of sustainability data can support the automation of carbon accounting for SMEs. The project demonstrator, recently presented at COP28, focuses on enabling the flow of electricity data from SMEs to carbon accounting providers. The Trust Framework is being designed for future extensibility to other forms of sustainability data (e.g. gas, water, transportation, etc.). It is also exploring the potential for optional onward sharing of data and/or data products to financial institutions for the purpose of green financing.
Question 5
5. Do you believe that a new Consumer Consent solution would enable the improvements to the energy system described in the four use cases? If not, could you please elaborate?
We support Ofgem’s position that a new Consumer Consent solution is necessary to underpin improvements to the four use cases identified.
Question 6
6. Do you agree with our method and scoring of options?
The methodology was described transparently and assesses a scope of considerations affecting the three options. As touched in question 4, however, it does not assess the scalability or adaptability of the three solutions to important adjacent sectors in the net zero ecosystem (e.g. water, transport, built environment etc.). If cross or multi-sectoral factors were accounted for, we believe that they would comparatively lower the scores of Options 2 and 3. This is because attempts either to scale or align these options to adjacent sectors for the purposes of interoperability would introduce a high burden of complexity and potential competing interests, which may not produce desirable outcomes from principles-based (i.e. potentially multi-pathway) or self-governed consent mechanisms.
However, we also do not believe that the complexity outlined automatically advocates for a solely technical solution (i.e. option 1). We have outlined further detail in question 8 regarding the presentation of an alternative option which more adequately meets the gap in needs around Consumer Consent: a Trust Framework.
Question 7
7. Which of the options referenced in this chapter do you believe would be the most appropriate Consumer Consent solution, for the industry, the government, and the consumer?
We believe that none of the three options presented adequately meets the gap in needs regarding Consumer Consent. We present an alternative option in question 8 below.
Question 8
8. Please can you explain why you chose a specific option? Do you have any suggestions on how to improve this option?
Icebreaker One believes that an additional option should be added to the consultation process, a Trust Framework. A Trust Framework comprises processes for co-designing and implementing system rules, liabilities and ongoing governance, including the operation of a consent mechanism where required to enable data sharing. Design of such a framework would be necessary to underpin a technical solution as outlined in option 1. An Open Banking style Consumer Consent mechanism should be viewed holistically as a Trust Framework – an entity incorporating technical, communications, engagement, legal and ongoing governance arrangements – rather than solely a technical solution.
A Trust Framework brings together several of the advantages offered by options 1-3 while avoiding certain disadvantages (e.g. option 1 disadvantage – lack of non-technical consideration, option 2 disadvantage – difficulties with achieving consistency, option 3 disadvantage – potential problems with transparency or vested interests). Furthermore, the adoption of a Trust Framework to manage Consumer Consent in the energy system aligns with Ofgem’s parallel decisions regarding the need for the formation of Trust Frameworks to support wider processes of energy system digitalisation.
What is a Trust Framework?
A Trust Framework implements and automates the adoption of rules for data providers (including individuals and/or households providing personal data), aggregators and users, to share data securely at market-wide scale. It enables an assurable data flow between organisations peer-to-peer, based on obtaining appropriate consents or other permissions, and verifying that organisations and their data sharing are compliant with the rules.
Data sharing at scale requires the separation of ‘the data’ from its governance and the technology used to host and transfer it. A critical design feature of a Trust Framework is that it does as little as possible. This balances the building of trust, with reducing transactional friction. The Trust Framework itself doesn’t define the rules, nor does it touch the underlying data, or know who the end users are. It just verifies that rules have been agreed and can enable their enforcement.
Within a Trust Framework, individual data markets operate as Schemes. These define the roles, contracts and licences necessary to support the operation of the market. A Trust Framework may put conditions on the Schemes it will allow, such as minimum identity requirements or permitted authorisation methods.
Scheme governance is based on five pillars, each of which are essential to development and operation of the scheme:
- User needs, materiality, and impact: Agree data needs that represent materiality of the challenge area that can be linked to market impact.
- Technical infrastructure: Agree technical data and metadata standards for publishing data, including machine-readable standards and data access (e.g. APIs).
- Data licensing and legal: Develop standard legal data licences that allow restricted data to flow securely across the market, with consent
- Engagement and communications: Convene and bring people together to ensure common understanding of the value proposition, and what is being done, why and how.
- Policy: Address potential policy interventions.
Icebreaker One recommends that consent-based data sharing within the energy market should be operated as a scheme within the existing Open Energy Trust Framework. This aligns with parallel initiatives currently underway on the “Trust” element of the Data Sharing Infrastructure, and guidance provided to the Flexibility Digital Infrastructure workstream.
The approach has three elements:
- Co-design of the rules: this precedes the implementation of the Trust Framework and includes technical and non-technical rules. Once rules are established, processes for change and ongoing governance are codified and maintained.
- Implementation of the rules: this is done in a machine-compatible and enforceable manner.
- Use: infrastructure is accessed via verified permission-based trust to enable data to be shared directly between organisations according to consumer consent and preferences.
- From the perspective of an individual or household providing consent, they want to know ‘can I consent to the right data users finding, accessing and using my data with the right permissions and can I view and edit these permissions easily?’
- From the perspective of a data user, they want to know ‘can I find data, access it and use it for a specific purpose(s)?‘
We are happy to answer any further questions from Ofgem regarding how Trust Frameworks operate, provide examples of where and how they have been implemented or trialled elsewhere (e.g. Open Banking, Perseus), and how they could be applied as a Consumer Consent mechanism in this context.
Question 9
9. What barriers do you see to the successful implementation of a new consent Solution?
A Consumer Consent mechanism must follow good general principles on consent, including:
- consent should be freely given (i.e. there is no coercion, or service dependency created)
- it should be as easy to withdraw consent as it is to provide consent
- consent should be an active (not passive) decision, e.g. a positive opt-in by checking a box, a signing of an agreement
- it should be clear what is being consented to, and what the consent does not permit
- if the consent is for data sharing, it should be made explicit who the data will be shared with (e.g. a list)
- if the list of who the data will be shared with changes, then consenting parties should be notified, with the option to withdraw their consent provided
- (if applicable) avoid making consent a pre-condition for accessing/using a service.
- records of consent should be kept that include when the consent was given, the wording of the consent, and similar information for the withdrawal of consent. i.e. there needs to be a good system/data for consent management that could be audited if needed.
- If the consent is being provided by an organisation, then the person providing the consent should have the authority and power to do so.
The barriers to successful implementation of a new consent mechanism include:
- Too much emphasis on a technical solution – a Consumer Consent mechanism should not be ‘just’ a technical solution. A solution must equally address governance, user needs, business, social, legal, engagement and communications to be successfully implemented and ensure the solution is fit for purpose
- Complexity and collective agreement across the industry – the energy industry is complex and rapidly changing. It can be difficult to meaningfully engage
- Cultural change and industry readiness – a Consumer Consent mechanism must interact with the current data sharing culture within the energy companies, and consumers must be engaged to understand their value proposition.
- Creation of a governing entity – this would need to be decided and integrated with energy system governance landscape
- Appropriately defining and governing the roles of Ofgem regulated and non-regulated participants
- Appropriate legal support and resourcing – a mechanism must develop the applicable data licences, and needs to be appropriately resourced to be able to do so.
Question 10
10. What do you think are the roles of Ofgem, industry and other stakeholders in enabling a simple and effective consent solution?
- Ofgem: if the desired outcome is unified action across the sector (even allowing for some variation in delivery such as option 2) Ofgem must step in to mandate compliance.
One anticipated difficulty: requiring organisations handling energy data, but which do not hold an Ofgem licence, to sign up and comply. Example: third party intermediaries.
Research required: boundaries of the consent solution, Ofgem’s relationship with important arbitrators of energy system digitalisation such as TPIs, Ofgem’s relationship with cross-sector actors who may also handle energy data.
- Mechanism implementer/operator: suggest non-profit independent entity (similar to OBIE / Open Banking Ltd) to implement and operate the Trust Framework and run its ongoing governance process subject to oversight/regulation from Ofgem. This process must be transparent to ensure trust. The mechanism could convene prior to implementation subject to an assessment of any conflict of interest – in the event of significant COI this may need an alternative approach (e.g. convened by Ofgem).
- Industry: co-design of the mechanism and involvement in its ongoing governance.
- Consumer advocacy/support organisations: must be involved in the mechanism’s design and ongoing governance, particularly regarding accessibility and (digital) inclusion.
- Additional consideration – responsible entity TBD: The legal frameworks and internal company processes governing consumer complaints, dispute management and redress in relation to energy data sharing are complex. While some elements of the landscape sit within the energy sector, some fall beyond sector specific boundaries. Further work is required to understand if or how there may be value in setting up additional mechanisms to build trust in energy data sharing and related services. For example, this could consist of setting up a consumer-visible guarantee for energy data sharing, and associated complaint and redress mechanisms, akin to the Direct Debit Guarantee. Further research is required to explore a full range of possibilities.