• The scheme agreement [pdf, Google Doc for comment]
• The assurance levels:
  • Organisation assurance [specification]
  • Dataset assurance [specification]
  • Both specifications are also available in a Google Doc for comment

Please comment directly on the Google Docs if you are able, or email feedback to openenergy@ib1.org. Comments received before June 2 2025 will be considered for inclusion in the initial scheme implementation.

Background

Open Energy is proposing to add an Assured Open Data scheme to the Energy Sector Trust Framework (ESTF). The scheme has these main aims:

• Provide assurance to consumers of Open Data published by Members
• Enhance the quality, consistency, and reliability of published data
• Ensure Members comply with relevant data protection, privacy, and security regulations (e.g. members don’t publish any data subject to data protection regulations such as GDPR as Open Data under the scheme)
• Promote transparency and accountability within the data-sharing ecosystem.

The scheme incorporates updated organisational and dataset assurance levels based on feedback on the original levels that Icebreaker One announced in September 2023. These levels are already being used, for example by Open Energy members SSEN-D on their data portal.

Joining the scheme will be free to ESTF members. In order to assert the assurance levels members must execute the scheme agreement that sets out their commitments, and liabilities should they fail to meet them.

All terms used in the blog are defined in the glossary here. All policies will also be published in the Phase 3 operational guidelines (forthcoming end July 2021). For any questions stemming from this blog, or materials within, please contact openenergy@ib1.org.

Data Sensitivity Classes

Open Energy facilitates sharing of a wide variety of data types, with varied levels of sensitivity. In order to handle this complexity, and to ensure data is appropriately protected, Open Energy has developed a system of data sensitivity classification. This policy details five Open Energy data sensitivity classes, graded across three dimensions of sensitivity: personal, commercial, and security. They are designed to complement Ofgem’s Data Best Practice guidance, by adding nuance to how Data Providers can classify types of Shared data.

Consultation during policy development informed a range of changes including:

• Reducing the number of classes from 6 to 5,
• Improving descriptions and example data types provided for each class; and
• Updating guidance regarding the classification of aggregated and anonymised personal data.

Details of public consultation feedback, and Open Energy’s responses, can be found here. A copy of the updated policy can be found here.

Data Access Conditions

Once Data Providers have allocated their datasets to appropriate sensitivity classes, they will then specify the access conditions for each dataset. To encourage the creation of  access conditions that are fair and proportionate to the dataset’s sensitivity profile, data sensitivity classes will be used as a guiding basis for considering access conditions, though not a complete determinant. As such, we define a standardised range of access condition types that Data Providers can associate with a particular dataset. This acknowledges the need for more nuance than would be captured under a ‘one size fits all’ approach for each sensitivity class, while still enabling standardisation of condition types. The policy focuses on access conditions for classes OE-SA and OE-SB only as personal data (OE-SP) are out of scope for Open Energy Phase 3. 

Consultation during policy development informed a range of adaptations including:

• Dividing group-based access conditions into externally defined and self defined types;
• Tightening the scope of use case-based access conditions to promote clarity and fairness; and
• Removing purpose-based access conditions to reflect coverage of these conditions elsewhere in ways that reduce implementation difficulties.

Details of public consultation feedback, and Open Energy’s responses, can be found here. A copy of the updated policy can be found here.

Data Licensing 

This represents the final step of the journey that Data Providers must take in order to ready their datasets for sharing via Open Energy. It consists of two parts: creating access rules, then associating the grant of a set of capabilities and obligations with each rule to form the license. Our model proposes a system whereby access and capability grants are determined, for each request to a Data Provider’s API, on the basis of a set of rules defined and published by that Data Provider. This is different from the single licensing model that is commonly used in the sector, whereby one license is produced to cover all circumstances of the dataset’s use. It also responds to industry feedback regarding problems with the length and complexity of single licenses, which can increase cost, friction and risk associated with data use. By contrast, the Open Energy model permits reasonable multiple licensing within a set of transparent, standardised parameters that enable each license to be significantly simplified. 

Consultation during policy development informed a range of changes including:

• Sharpening the descriptions of certain capabilities; 
• Confirming use of the ‘data pyramid’ to support the definition of different levels of onward sharing permissions; and
• Honing a set of clarifications provided with the policy to support understanding.

Details of public consultation feedback, and Open Energy’s responses, can be found here. A copy of the updated policy can be found here.

What’s next? 

In the next phase of development, Open Energy will produce guidance and tooling designed to support Data Providers to comply with Open Energy policies. We aim for this to build trust and fairness in the ecosystem, while making it as easy as possible for Data Providers to get up and running. The next phase of the project will also explore policy development around dispute resolution and we expect to hold a further public consultation on this topic in due course.

Summary

We are seeking feedback on a system of data classification proposed for the Open Energy ecosystem. Comments are welcomed from all energy sectors organisations and users of energy data. Feedback will be used to shape the Open Energy data classes policy and inform subsequent development of data access and licensing policies (to be consulted on in due course). The consultation is open until 30 April 2021 and can be accessed here.

Background

Open Energy aims to modernise access to energy and related data and break down barriers to data sharing. Open Energy will make it easier to both share and access data, supporting the sector’s drive towards decarbonisation, as well as related social and economic benefits. The project aims to serve all energy sector actors looking to share data, access data, or both.

Open Energy builds on learning from Open Banking – identifying which elements are transferable to the energy sector, and which require adaptation or fresh thinking. Our ethos emphasises openness, transparency and sector engagement to ensure that the project meets the widest possible variety of needs. We are now seeking feedback on the first of a set of three policies aiming to navigate one of the most significant differences between Open Energy and Open Banking: the diversity of datasets shared within their respective ecosystems. 

Open Banking only handles two categories of data: open data and personal data. By contrast, Open Energy will incorporate more categories of data that have varied levels of sensitivity. In order to handle this complexity, and to ensure data is appropriately protected, Open Energy is developing a system of data classification. This consultation focuses on sharpening the descriptions, examples and criteria forming the data classes proposed. Follow-up consultations exploring data access and data licensing will take place later. 

Proposal

We propose a system of six data classes, graded across three dimensions of sensitivity: personal, commercial, and security. Proposed classes are presented in Table 1 of the consultation document. It is proposed that – once finalised – a definition, specification and dataset examples for each class will be provided in the Open Energy Operational Guidelines. Data Providers (organisations sharing data via the Open Energy ecosystem) will then assess their datasets and self-allocate them to a class, prior to sharing them via Open Energy. 

Open Energy data classes are designed to supplement, not replace, the Modernising Energy Data Best Practice Guidance (current version Point 12) determining whether data should be made Open, Shared or Closed. In particular, Open Energy data classes are designed to provide nuance to different classes of Shared data, with different sensitivity profiles.

How can you help?

We are seeking feedback on the proposal through our consultation here. It takes around 30 minutes to respond. The consultation explores questions including: 

• Are proposed data classes appropriate and clear?
• Are example datasets given for each class are accurate?
• Are any types of sensitivity missing from our analysis?

The consultation is open until 30 April 2021 and responses are encouraged from all actors in the energy sector, or who work with energy and related data. Any queries should please be directed to emily.judson@ib1.org. 

Reference: Australian policy consultation — Energy Rules Framework

Icebreaker One Response — August 2020

Executive Summary

We welcome the publication of this consultation document and fully support consumer control over their energy data through the Consumer Data Right (CDR). We believe this is an inflection point that will enable a thriving ecosystem of private service providers, new entrants and existing energy stakeholders, expanding to provide the innovation the whole system requires to meet its goals. Access to data will clarify inefficiencies and identify opportunities, bringing considerable efficiency gains and savings as digitalisation, decentralisation and decarbonisation accelerate.

To achieve this, the use of energy data must be characterised by strong governance, standards and architectural agility. We hold an ambitious view for the future energy system: one which is highly innovative, delivering strong environmental, economic and societal benefits by fostering a decentralised data ecosystem, enabling widespread machine-to-machine data exchange and the ability to address privacy challenges. This will require additional consumer protections and enhanced rights. We advocate the principles of consumer primacy, control of consent throughout the provisioning chain, and greater emphasis on liability and redress. 

We recently published relevant reports through our associated company, Dgen, for the UK Government on consent, liability and redress. These are pertinent to your consultation and you can find them here:

https://www.gov.uk/government/publications/smart-data-research-on-consent-liability-and-authentication

Overview of Icebreaker One 

Icebreaker One is an independent, non-partisan, global non-profit. Our vision is to develop the data infrastructure to deliver a demonstrably net-zero future. We connect private and public sector leaders to help reduce risk and grasp the opportunity to transform the climate crisis into economic innovation.

We understand that every asset, system, organisation and network in energy (and beyond) will be producers and consumers of data. These systems will increase in complexity: they are not only being digitalised, they are becoming data-driven. The growth in data connections will be exponential as the market matures. 

We believe the energy ecosystem must implement a data architecture which can scale in data-type, volume and connectivity, across use-cases, organisational and logistical boundaries, sectors and jurisdictions. It must deliver this in a secure, safe, robust and adaptable environment with trusted governance. 

Responses to Consultation Questions

We have responded to questions 1, 2, 3, 4, 20, 22, 24, 26, 34, 35 where we believe Icebreaker One (IB1) expertise and experience will be helpful. 

Consultation questions: an approach to data sets in energy rules

1. Do you agree with our proposed approach to data sets in the energy rules? Why or why not?

We recommend that all data sets and assets should include descriptive metadata. The approach adopted should enable the ability to “crawl” energy metadata for both open and shared data. This approach enables searchable energy datasets and assets and understands relationships and meaning. Furthermore, it will enable links to be created between related assets and datasets e.g. metadata about a dataset linking to metadata about the physical asset from which the dataset was recorded.  

2. Considering the above discussion about potentially sensitive information, what data, if any, should be subject to specific arrangements (for example, during the consent process)? Should any particular sensitive data be explicitly excluded from the proposed data sets?

We agree that hardship details and concession details be separately categorised to allow ADRs to clearly explain the purpose and benefit of a consumer consenting to the sharing of these data sets. This confirms research in the UK by the Money & Mental Health Policy Institute which considered how firms might use data which suggests a consumer may be vulnerable. A key recommendation from this was for government to create a shared space for regulators, firms and consumer groups to consider how such data can be used appropriately. Ethical use of data must be a key focus of regulation and should ensure that those consumers choosing not to share such sensitive data do not face prejudice.

Moreover, it is essential that consumers are fully informed when making decisions and are asked to consent. From a consumer perspective ‘consent’ is often not clear because to access a product or service consumers must understand and agree the company Terms and Conditions as well as the way in which their data will be used. This is a lot of information to absorb and is often poorly presented. This raises the risk that consumers do not genuinely understand what they are agreeing to, and the potential consequences of their actions. 

We, therefore, recommend that a Standard for consent that requires ADRs to put the interests of consumers first. This should be implemented as a codified approach with a common set of parameters and values that is presented to the consumer in an easily understood way. For example, such a standard should include:

• The purpose of data sharing (with a clear explanation of the value exchange)
• Other organisations involved in the data sharing, if this is the case
• What data items will be shared
• Draw attention to any sensitive data
• Access and individual rights of the consumer
• Information governance arrangements (such as accuracy of data, the deletion of data, termination of data sharing and complaints management)
• End date and review periods for the agreement

This should be developed from the consumer perspective, with an emphasis on comprehension and user experience, and allowing for the interconnected nature of the data provisioning chain.  We note that such a Standard would enable the development of an API specification and associated metadata that enables the detail of the consent to be checked by other parties in any provisioning chain or carried alongside the consumer’s data in an API payload. This requirement is not unique to the energy sector and should be applied to any sector where personal data is shared. We trust that these aspects of the consent approach and process are included in the scope of the planned work on authentication and authorisation. 

Consultation questions: approach to the Rules, standards and privacy safeguards to accommodate the gateway data access model

3. Do you consider the proposed approach to the gateway rules, standards and privacy safeguards appropriate for CDR in energy?

We are concerned that the proposed approach may limit the potential for the use of energy data in Australia. While noting the rationale behind the original decision and extensive stakeholder engagement, we are encouraged at the inclusion of a 3-year review of the gateway approach as in the longer-term this approach:

• Will create a single point of failure;
• May prove to be costly and inefficient to ensure consistent, reliable real-time access to the data required in use-cases that will become widely adopted;
• Adds a layer of complexity in the development of the CDR rules and data standards to ensure interoperability with the broader CDR ecosystem, potentially hindering the emergence of cross-sector services; 
• Is not the favoured option for innovative technology companies that will be critical in the drive to decarbonise;
• Does not, in our view, take into account the powerful mitigating impact in the economy-wide model of Technology Service Providers, which have emerged in the data-sharing ecosystem to provide integration, implementation and aggregation services, as well as consent management services.

Our experience through extensive stakeholder engagement in the UK energy sector repeatedly emphasised that there cannot be a ‘single platform’ in which ‘all data is put’ to address ‘all use cases’. Energy data is highly diverse and is evolving too rapidly for any central, proprietary IT system to keep up.

4. If not, which aspects of the approach should be reconsidered or amended, and why?

We favour a fully decentralised approach – akin to the economy-wide model considered – in which data and metadata is distributed, always up-to-date, and managed real-time on data holders’ servers.

We acknowledge that decentralised data and asset search is challenging and existing datasets are not strongly linked. However, search and discovery technology offers a solution to this problem.

Data should be searchable, accessible and available to agreed standards. This approach can provide the common rules, controls and processes needed for access, discovery, security, commercial applications, privacy and regulatory compliance. This will enable an energy data ecosystem to develop, which will lead to greater innovation that brings both direct consumer benefits and will support solutions that enable more rapid decarbonisation.

Consultation questions: dashboards

20. Of the three options for data holder dashboards, which do you prefer and why? 

We welcome the inclusion of dashboards as a tool to enable authorisation and consent management. However, we recommend that an alternative approach is considered, enabling new approaches and entities for consumers to manage their consents. It will be insufficient to consider just the retailer or AEMO, as we fully expect a thriving ecosystem of third party service providers to develop innovative, value-adding solutions as the market develops. This will lead to complexity in the provisioning chains as data will necessarily be shared with other parties. This means that consumers may be faced with managing many consents, some of which is likely to relate to data drawn from multiple sectors.

Given the complexity of managing ongoing consents, and the proliferation of consent and access management across those sectors opening up to the data-sharing ecosystem, it would be useful to consider early how this could be managed most effectively for the consumer and market alike so that they have the tools and a good understanding of the way in which these tools can be used. Alternative models should therefore be explored.

22. What other options should we consider? 

We recommend consideration of new models such as companies or entities that undertake the management of the consumer’s consents on their behalf across all sectors covered by the CDR. This can be achieved using a common consent standard, API specifications and associated metadata. 

24. What consumer experience factors should we take into account with respect to how dashboards should be presented to CDR consumers?

We strongly recommend a common set of language, with common terminology applicable across sectors wherever possible.  From the consumer’s perspective, easily comprehensible words and phrases must be widely used that are easy to read and well understood. This will encourage wider acceptance, trust and adoption of services.

We also recommend that dashboards should be considered as tools which enable consumers to view which data has been received into the firm, as well as data which the firm has shared with other participants (data ‘in’ and data ‘out’). 

Dashboards should include:

• The recognisable consumer brand with whom a consumer has shared their data, and any party to whom data has been onward shared.
• The specific data clusters/types being accessed, clearly explained.
• Why the data is needed – the purpose, so that this can be easily understood.
• What specifically it is used for – the processing activities and any sharing with other parties in a provisioning chain.
• The duration that access to the data is granted for.
• Their rights, and the way in which they can manage their data should be clearly explained.
• The ability to revoke consent and notification that this has taken place and how data collected previously will be dealt with (e.g. ‘put out of use’/’deleted’)
• Consents should be sortable and clearly outline those which are active, expired or cancelled

Additionally, the introduction of a recognised approach to the provision of consent management tools, and potentially a guarantee or certification will help consumer trust. The location of the dashboard should be easy to find from the main menu. You may also wish to make requirements about the accuracy and timeliness of the data held on the dashboard (for instance, the dashboard should update in real-time to avoid any miscommunication).

Consultation questions: internal dispute resolution

26. How important do you consider consistency of IDR approaches across sectors at this stage of the CDR regime? 

We observe that, as a proxy measure, the UK Open Banking initiative has undergone a rapid evolution in the way in which products and services are provided to consumers, through complex provisioning chains. We believe that this will become a characteristic across all markets and sectors. We observe new risks associated with opening up data as well as the risks which are exacerbated by the intelligence afforded by data. Data risks are often interlinked so that a mistake at a data holder creates risks downstream, not just for the ADR but for other parties involved in the provisioning chain. 

Furthermore, data will be used in services which cross regulatory/sector perimeters, meaning that there must be a consistent approach so that consumers can always feel confident and trust that if anything goes wrong, they know how to have things put right. In particular, consideration should be given to the assessment of liability and apportionment of redress both in the energy sector in and cross-sector, cross regulatory cases, which will prove to be complex.

We, therefore, recommend that early attention is given to the creation of a single, accessible dispute resolution system for problem resolution, that facilitates effective inter-organisational communication and has common rules and processes. This will require consistency between regulatory approaches across different sectors.

Internal Dispute Resolution will be greatly improved where data is more easily traceable. We, therefore, recommend that metadata attaches to consent. This aids discussions about liability and dispute resolution.

We also recommend that consideration is given to how consumers may access redress which is simple, free and timely without recourse to the courts. This work includes understanding the value of energy data, how it may be used by nefarious actors (e.g. isolating when a family are at home and when the house is empty for instance), and what the value associated with privacy, were this data to be breached. This includes consideration of the use of energy data outside the energy sector by other third parties and the jurisdiction of any ombudsmen. 

Consultation questions: issues relating to accreditation

Energy data

34. Do you agree that energy data sets are less sensitive than banking data sets?

We agree with this statement at present, but advise that this situation will change. As energy generation decentralises and decarbonises, with wider use of DERs, data originating at the household level (including personal data) will become more widely used. Therefore, the sensitivity of this data will increase. Moreover, the combination of energy data with data from other sectors will enable greater levels of analysis and inference.

35. Should any energy data sets, or subsets of those data sets, be treated with a higher degree of security (due to potential sensitivities), similar to banking data?

Any data originating at household-level, or where individuals and their behaviour are identifiable, should be treated with a higher degree of security. We see a range of use cases, such as home energy management or localised/community resource management where such data will be critical.