By Hannah M. Hess, J.D.*
The California Consumer Privacy Act (CCPA) grants strong privacy rights, including allowing a consumer to opt out of the sale of her information to third parties, and to request that a business delete her information from its records. At the same time, the electricity industry is transitioning towards a decentralized distribution scheme, where electricity providers use consumer information and blockchain technology to improve energy efficiency. The CCPA is problematic to this shift in electricity distribution in two ways. First, the opt-out provision broadly defines “sale” as any exchange between a business and a third party. The broad definition of sale makes it unclear how electric utilities may exchange consumer information with third parties to deliver electricity to their consumers affordably and efficiently. Second, the deletion provision exempts deletion of consumer information in transactions where the consumer should “reasonably anticipate” the use of her information, and allows a business to fulfill a consumer’s deletion request through deidentification or aggregation. This provision is unclear in the context of blockchain transactions. Specifically, it does not clarify whether information in a blockchain transaction falls under the “reasonable anticipation” exception, and if not, to what extent a blockchain provider must deidentify or aggregate a consumer’s information to fulfill a deletion request. Together, these ambiguities deter electric utilities and electricity providers using blockchain from improving consumer access to renewable electricity, reaching state mandates for renewable energy production, and achieving cost-efficient distribution for consumers. To resolve these ambiguities, the California Attorney General should clarify when electric utilities may exchange consumer information under the opt-out provision, and issue guidance as to how the deletion provision applies in the context of a blockchain transaction.
Introduction
“We are in a climate crisis.”[1] These are the first words of the United Nations Secretary-General António Guterres in the 2019 Climate Action Summit Report.[2] The Report calls on local and national leaders to “decarbonize large swathes of the economy” and “develop sustainable . . . energy systems” that cut greenhouse gas emissions.[3] Both leading up to and in the aftermath of this call to action, countries implemented policies to reduce carbon emissions with international agreements,[4] nation-wide goals,[5] and local or state regulations.[6] Legislative measures include mandates requiring utility companies to decrease greenhouse gas emissions,[7] and subsidies that incentivize renewable energy.[8] To meet these mandates, utility companies have collected consumer use information, such as peak usage times and the number of members in the household, to improve energy efficiency in their electricity distribution.[9]
These mandates and incentives have also encouraged innovation from the electricity industry.[10] For example, blockchain technology has emerged as a tool to improve energy efficiency.[11] Blockchains are shared and distributed ledgers that connect users directly to each other and store transactions between users on a secure, digital network.[12] By connecting users directly, blockchain allows consumers to transact or contract with each other over a particular matter, rather than relying on a central administrator.[13]
In the energy context, blockchain transactions have improved energy efficiency by making renewable energy more accessible and affordable.[14] Without blockchain, consumers purchase renewable energy through a centralized administrator,[15] which connects the consumer to a renewable provider, collects the information necessary for the renewable provider to supply electricity, and in some cases, delivers the electricity to the consumer.[16] Working through a centralized administrator adds transaction fees, which increase the overall costs that consumers pay for renewable energy.[17] Blockchain eliminates these transaction fees by allowing consumers to directly connect with renewable providers.[18] Blockchain also improves energy efficiency by creating a platform for “energy trading” between neighbors.[19] Energy trading schemes allow consumers with on-site renewable production (e.g., rooftop solar) to sell excess electricity to their neighbors, rather than through a central utility that imposes transaction fees.[20] By directly connecting consumers to sources of renewable energy, blockchain technology makes renewable energy more accessible and affordable.[21]
To connect users to sources of renewable energy, blockchain transactions record and store consumer information, including demographic or energy consumption data, in digital ledgers.[22] The use of consumer information by electric utilities and in blockchain transactions exemplifies how the electricity industry is shifting from a centralized to decentralized electricity distribution model.[23] Decentralized models rely on consumer information to improve energy efficiency and increase the use of renewables.[24]
This use of consumer information in the electricity context implicates consumer privacy. And while there is an energy crisis, there is also a data privacy crisis.[25] In the wake of Cambridge Analytica’s use of over 87 million Facebook users’ personal information and the interference in the 2016 election, members of the international and United States communities have called for increased protections of consumer data.[26] The European Union passed the General Data Protection Regulation (GDPR), which empowers users to access, prevent the collection of, or request the deletion of their personal information collected by online providers.[27] The United States House of Representatives questioned Facebook CEO Mark Zuckerberg about Facebook’s use of consumer data,[28] and introduced privacy legislation.[29] Individual states also passed data privacy laws.[30] California passed the California Consumer Privacy Act (CCPA) on June 28, 2018 and the law went into effect on January 1, 2020.[31] The CCPA is the strongest privacy law in the United States, granting consumers rights to access, request deletion of, and opt out of the sale of their data.[32]
As the electricity industry decentralizes, electric utilities and blockchain transactions use consumer information to improve the efficiency of electricity distribution and make renewable energy more accessible to consumers.[33] This use of consumer data conflicts with the CCPA’s strong privacy protections, particularly the opt-out and deletion provisions. To ensure continued innovation into the renewable energy space while upholding the CCPA’s privacy protection measures, the California Office of the Attorney General (OAG) should add a regulation to its proposed CCPA regulations that clarifies when electric utilities may exchange consumer information with third parties under the opt-out provision, and issue guidance as to how the deletion provision applies in the context of a blockchain transaction.
Part One of this Essay provides background on the electricity industry, including how utilities and blockchain technology use consumer information to improve electricity distribution and access to renewables. Part One also explains the opt-out and deletion provisions of the CCPA. Part Two argues that the opt-out provision does not clarify how electric utilities may exchange information with third parties to deliver electricity, and that the deletion provision does not clarify how to handle a consumer’s deletion request in the context of a blockchain transaction. Part Three proposes that the OAG clarify how the opt-out provision applies to electric utilities and how the deletion requirement applies in the context of blockchain transactions.
Analysis
I. Background
The CCPA grants privacy rights that implicate the use of consumer data by electric utilities and in blockchain transactions. To demonstrate how the CCPA affects the electricity industry, this Part first gives an overview of the electricity industry and then explains relevant provisions of the CCPA.
A. Electricity Industry
The electricity industry is shifting from a centralized grid system to a decentralized system that requires consumer participation and information.[34] Traditional, centralized grid systems involve a single utility that generates and distributes electricity to consumers in a particular territory.[35] States typically regulate the utility’s electricity distribution to ensure low, fair prices and reliable service.[36] Affordability and reliability are particularly important in electricity distribution because electricity is an “essential” or “necessary” commodity, to which all consumers should have access.[37] California deems electricity an “essential service,” and requires the California Public Utilities Commission (CPUC) to regulate electric utilities to ensure safe, reliable, and affordable electricity infrastructure and distribution.[38]
In recent years, the electricity industry began to decentralize[39] and use more consumer information to distribute electricity.[40] Generally, decentralized systems use consumer data in the following categories:
- technical or usage data, which refers to how much electricity that particular consumer uses and if she has an on-site source, how much electricity she produces;[41]
- financial data, which refers to the costs of service to the consumer;[42] and
- demographic data, which refers to information about a consumer and her community, including “income, occupation, household information, location, age, and cultural affiliation.”[43] This data allows electricity providers to “estimate demand, assess financial risk and willingness-to-pay, and track the impact of their service.”[44]
Technical, financial, and demographic data enable utilities to distribute electricity more efficiently, by managing loads of electricity according to the usage rates of the consumers in the relevant territory,[45] or by enabling users to sell excess electricity to the grid.[46]
For example, decentralized electricity systems use consumer usage information for “net metering.” Net metering allows consumers with on-site solar systems to sell excess energy to the grid for an electricity credit.[47] Net metering programs require placing a meter on a consumer’s property where she connects with the central grid.[48] This meter tracks her electricity use and allows her to sell the excess back to the central utility.[49] These programs use consumer data by giving utilities access to the electricity generated and used by the participating consumer.[50] In the course of collecting consumer information for net metering, utilities may share consumer usage information with third parties, such as the metering companies.[51]
Another example of decentralization is the increase of the consumer’s control over her own electricity consumption. Many electric utilities work with partners to create reports of a consumer’s daily consumption and recommendations of where she can decrease it.[52] Opower, an electricity reporting company, generates “Home Energy Reports” (HER’s) on consumers’ energy usage.[53] HER’s gather users’ electricity usage and demographic data, including household type and features (e.g., whether it has a pool or number of residents), and provides these reports to utility SoCal Gas.[54] SoCal Gas then delivers these reports to its customers, so they can decrease their electricity consumption wherever feasible.[55] This partnership saw great success in improving energy efficiency: between 2014–2018, it saved consumers $198 million in utility bill costs, and decreased greenhouse gas emissions by approximately 955,000 metric tons.[56] HER’s and similar programs implicate consumer data because the utilities exchange consumer information with third parties to generate these reports and ultimately, improve users’ energy consumption.[57]
Finally, blockchain technology has played a role in the decentralization of the electricity industry by increasing consumer access to affordable and renewable energy sources.[58] Blockchains are ledgers that securely store digital transactions between individuals without using a centralized administrator.[59] Blockchain technology connects participating users through a secure database on which the users create a contract, track and record changes of the contract as peers in the scheme make changes, and ultimately come to an agreement.[60] Because each member of the transaction maintains a record of the transaction, blockchain ledgers are often immutable.[61]
In the energy context, blockchain has opened the door to affordable clean energy because it allows users to contract directly with renewable providers for electricity needs, rather than have a central entity manage these transactions.[62] Direct consumer-to-producer contact differs from the traditional approach to renewable purchase agreements, where renewable producers would sell electricity to consumers through centralized administrators.[63] By creating a secure platform for transactions between renewable energy producers and their consumers, blockchain has eliminated the costs associated with a centralized administrator.[64] Distributed ledger technology like blockchain is the leading way for consumers and producers to exchange and store information in a secure, direct transaction.[65]
For example, the company WePower uses blockchain to connect consumers to renewable energy producers for electricity use.[66] WePower makes renewable energy more affordable because it allows consumers to purchase this electricity directly from the source without the transaction fees that come with working through a central administrator.[67] Additionally, Silicon Valley Power is an electric utility that recently launched a pilot project with blockchain provider Power Ledger.[68] The project uses blockchain to track solar energy production and use in an electric vehicle (EV) parking garage.[69] A blockchain ledger records and aggregates usage information related to the EV charging, allowing Silicon Valley Power to capitalize on an EV credit that California offers.[70] The blockchain technology eliminates the costs of having a central administrator collect this data and thus, allows the EV operator to take advantage of the energy credit.[71] In other projects, Power Ledger uses blockchain to allow users to “energy trade,” i.e., connect directly with their neighbors to trade excess electricity produced by on-site generation.[72] While there are costs associated with working with a blockchain platform provider and setting up a secure ledger, blockchain still saves money in the long-term by eliminating consistent transaction fees.[73]
Both WePower and Power Ledger use consumer data to provide their services. WePower uses the customer’s “name, surname, address, email, crypto wallet address, passport / ID photo, face photo, energy consumption data (annual), bank account, social media profile (facebook, gmail etc.), [and] geographical location data.”[74] WePower uses this information to connect consumers with potential renewable providers, and uses particularly personal information, such as identification photos, only with the consumer’s consent.[75] The data is “kept in a form which allows identification of data subjects for no longer than is necessary,” and is processed in a manner to “ensure security” of personal information.[76]
Power Ledger collects a consumer’s “account and profile information; information about the premises (i.e. whether residential or commercial); and metering data.”[77] This information allows Power Ledger to provide the services that the customer signed up for, such as aggregating electricity use, trading energy, or connecting with renewable sources.[78]
As the electricity industry continues to evolve towards decentralized energy systems, consumer information plays an increasing role in electricity distribution. Net metering policies and HER’s demonstrate that electric utilities exchange consumer information with partners to improve the efficiency of their electricity distribution.[79] These measures are beneficial because they allow utilities to meet state-mandated renewable portfolio standards and deliver electricity affordably and reliably.[80] Blockchain transactions use consumer usage and demographic data to connect consumers directly with renewable sources and allow consumers to energy trade with their neighbors.[81] These transactions are beneficial because they make renewable energy more affordable, allowing consumers to decrease their greenhouse gas emissions.[82]
While decentralized energy systems have environmental and cost benefits, the increased data usage raises privacy concerns.[83] The CCPA, which grants consumers broad privacy rights over their information, invariably affects the use of consumer information in these energy systems.
B. The California Consumer Privacy Act
The CCPA grants consumers extensive privacy rights over their personal information.[84] The CCPA does not grant a private right of action;[85] the OAG began its enforcement of the CCPA on July 1, 2020.[86] The OAG has drafted regulations to clarify CCPA terms and explain enforcement mechanisms.[87] As of June 1, 2020, the OAG proposed and submitted its final regulations for review by the California Office of Administrative Law.[88]
The CCPA grants consumers rights relating to their “personal information” that “businesses” possess.[89] The statute liberally defines these terms. It defines a consumer’s “personal information” as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”[90] A “business” is any “for-profit legal entity that . . . collects consumers’ personal information,” that “determines the purposes and means of the processing of consumers’ personal information,” does business in California, and meets one of the following: (1) has annual gross revenues greater than twenty-five million; (2) uses personal information of 50,000 or more customers annually; or (3) derives more than fifty percent of its annual revenue from using consumers’ personal information.[91] Based on these definitions, the CCPA applies to a “wide range of businesses” and protects a “broad amount of information.”[92]
Substantively, the CCPA grants consumers the rights to know how a business uses their personal information, to opt out of the sale of this information to third parties, and to request the deletion of this information from the business’s records.[93] This Essay focuses on the opt-out and deletion provisions.
- The Opt-Out Provision
A consumer “shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.”[94] A business “sells” personal information by “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating . . . by . . . other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”[95] A business does not “sell” consumer information if the business shares a consumer’s personal information with a “service provider” when sharing is necessary to perform a “business purpose.”[96]
A “service provider” means any legal entity “that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose.” A “business purpose” is the “use of personal information for the business’s or a service provider’s operational purposes.”[97] The statute lists seven categories of business purposes: (1) auditing interactions with consumers; (2) security; (3) debugging/repair; (4) certain short-term uses; (5) performing services; (6) internal research for tech development; and (7) quality and safety maintenance and verification.[98]
- Deletion Provision
Consumers may also request that a business delete any personal information that the business has collected from the consumer.[99] Upon receiving a request, the business must delete that consumer’s information from its records, and direct any service providers that have that consumer’s information to do the same.[100] As of June 1, 2020, the proposed regulations clarify “deletion” to mean permanently erasing, deidentifying, or aggregating that consumer’s personal information.[101] “Deidentified” information is “information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.”[102] Any business using deidentified information must implement safeguards to prevent reidentification.[103] “Aggregate consumer information” is information relating to a group or category of consumers with individual consumer identities removed “that is not linked or reasonably linkable to any consumer or household, including via a device.”[104]
The CCPA provides several exceptions to the consumer’s right to request deletion.[105] Two are relevant here. First, the business is exempt from the deletion requirement if it needs the consumer’s information to “complete the transaction for which the personal information was collected” where the use is “reasonably anticipated within the context of a business’ ongoing business relationship with the consumer.”[106] Second, the business is exempt when the information “enable[s] solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.”[107] Thus, to determine whether the use of a consumer’s data falls under one of these exceptions, a business must determine whether the use is “reasonably anticipated” within the business-consumer relationship, or “reasonably aligned” with the consumer’s expectations of that business.
Because the CCPA grants consumers strong rights over their personal information, these new privacy rights affect how the decentralizing electricity industry may use consumer information.
II. Tension Between the California Consumer Privacy Act and Decentralized Electricity Systems
There are tensions between electricity providers’ use of consumer information and the privacy rights granted by the CCPA. Specifically, the opt-out provision does not specify how the law applies to electric utilities’ exchange of consumer information with third parties to deliver electricity as an “essential” service.[108] The deletion provision does not specify the scope of its exceptions and the meanings of “deidentification” or “aggregation” as a means to fulfill a deletion request.[109] This lack of clarity is problematic for the emerging world of blockchain, where consumer data may be stored on immutable ledgers, and where blockchain providers may not know how to comply with a consumer’s deletion request.[110] The unclear standards in both the opt-out and deletion provisions inhibit the electric industry from effectively delivering electricity to customers and from further innovating into decentralized electricity distribution fields.
A. Opt-Out Provision: How Are Electric Utilities Regulated?
The opt-out provision’s broad definition of “sale” inhibits utilities from exchanging information with partners to deliver electricity affordably and efficiently. This makes it difficult for electric utilities to meet their legal mandate of delivering an “essential” service, and to adhere to state renewable energy standards.
Because “sale” includes any exchange with a third party, electric utilities’ partnerships with third parties may qualify as a sale under the CCPA.[111] These third-party partnerships include the companies that help utilities run their net metering systems,[112] or companies like OPower, who gather usage information to help consumers decrease consumption.[113] Utilities also form partnerships to capitalize on renewable energy incentives, such as Silicon Valley Power’s partnership with Power Ledger to qualify for the EV charging credit.[114]
Three California utilities, PG&E, SDGE, and SoCal Gas, suggest that much of their exchange of information with third parties falls under the service provider exception,[115] and that their partners are “service providers” with whom they exchange information to achieve a “business purpose.”[116] However, there are conflicting interpretations of both “service provider” and “business purpose.”[117] For example, Facebook claims to be a “service provider” because its web tracking service collects and provides demographic information to other businesses free of charge.[118] However, some privacy experts argue that Facebook is not a service provider because it still profits off of the consumer data through eventual ad sales.[119] Industry experts also do not know the full meaning of “business purpose.” In rulemaking proceedings, both tech and energy representatives commented on the lack of clarity of the statutory definition of business purpose, including whether the list of categories was exhaustive and whether innovating into new fields constituted a “business purpose.”[120]
The lack of clarity as to whether electric utilities may exchange information with third parties could deter continued partnerships between utilities and private companies.[121] Inhibiting utilities’ partnerships with these companies is problematic for several reasons. First, utilities have a legal mandate to deliver electricity, an “essential” service, affordably, reliably, and efficiently.[122] Utilities’ partnerships with private companies enable this affordable, reliable, and efficient service. Net metering partnerships make electricity more affordable for consumers with on-site solar systems by allowing them to sell excess electricity to the grid.[123] Partnerships with companies like Opower allow efficient and reliable service by collecting consumer usage information so consumers may decrease their consumption where feasible, and so utilities know how much energy to make available.[124] And Silicon Valley Power’s partnership with Power Ledger makes EV charging more affordable by allowing the utility to take advantage of a clean energy credit.[125]
Second, partnerships allow utilities to generate more electricity using renewable energy.[126] This allows utilities to reach other legislative mandates, such as California’s renewable energy standards.[127] Third, for policy reasons of combatting climate change, California laws should incentivize innovation to improve efficient electricity distribution. Continued innovation in this field would improve the United States’ position to contribute to global energy goals.[128] Finally, California voters would likely favor partnerships that incentivize environmentally beneficial practices: the majority of Californians believe the threat of climate change is at least somewhat serious,[129] and California voters have historically pursued environmental issues more radically than other states.[130] For example, in 2019, California became the first state to commit to 100 percent renewable electricity by 2045.[131]
Because the CCPA does not clearly define how the opt-out provision applies to electric utilities’ partnerships with third parties, this could inhibit utilities from exchanging information to achieve reliable, affordable, and efficient electricity distribution.[132]
B. Deletion Provision: How Does the Deletion Provision Apply to Blockchain Transactions?
The CCPA’s deletion provision is problematic in the context of blockchain transactions for two reasons. First, the law and proposed regulations do not clarify whether blockchain transactions are exempt from deletion as transactions “reasonably anticipated” within the business-consumer relationship, or “reasonably aligned” with the consumer’s expectations. Second, while the proposed regulations clarify “deletion” to include “deidentifying” or “aggregating” consumer information, the regulations do not articulate a clear standard as to how to deidentify or aggregate consumer data in a blockchain transaction.
To ensure compliance with the CCPA, blockchain providers must determine whether they are exempt from the deletion provision and if not, how to comply. As written, the exceptions to the deletion provision provide safe harbors for transactions “reasonably anticipated” in the context of the business-consumer relationship or “reasonably aligned with the expectations of the consumer.”[133] A consumer’s reasonable anticipations are difficult to predict in the context of the transitioning field of electricity distribution,[134] particularly with transactions that involve blockchain, a new and confusing form of technology.[135] This begs the question—what is a consumer’s reasonable expectation of the use of her information in a blockchain transaction? If a consumer enters a transaction for the purpose of connecting with a renewable energy producer, does this entitle the blockchain ledger to hold her data for other green energy transactions, such as energy-trading with neighbors?[136] If faced with deletion requests, blockchain providers would have to assess a consumer’s reasonable expectations.[137]
If a transaction is not exempt, companies employing blockchain technology must respond to requests for deletion by deidentifying, aggregating, or removing a consumer’s information from their records.[138] This poses a problem to blockchain transactions related to energy trading, because these transactions often require every consumers’ usage data for accuracy, or occur on immutable ledgers.[139] Blockchain providers may get around this problem by deidentifying or aggregating the consumers’ data. If deidentifying or aggregating consumer data, blockchain providers must do so in a way that prevents the data from being “reasonably linked” with a particular consumer.[140] This implicates consumer data on blockchain ledgers because, even if pseudonymized, these ledgers may contain electricity usage, geographic location, user type (e.g., residential versus commercial), or other demographics.[141] At some point, usage and demographic data are likely “reasonably linked” to a consumer, but exactly when this happens is unclear.[142] To comply with the deletion provision, blockchain providers must know how to determine whether anonymized data is “reasonably linked” to a particular consumer.[143]
The lack of clarity in the law and proposed regulations as to how to comply with deletion requests may deter continued innovation into the field of blockchain.[144] Because blockchain transactions make renewables more affordable and accessible,[145] slowing this innovation could inhibit clean energy initiatives and the achievement of climate change-related energy goals.[146]
To ensure affordable consumer access to renewable energy and positive innovation in the electricity field by both utilities and private companies, the opt-out and deletion provisions in the CCPA need clarification. Part III explains how the OAG should clarify these provisions.
III. Proposal: Clarification of Opt-Out and Deletion Provisions
To clarify how the CCPA applies to electric utilities and blockchain transactions, the California OAG should: (1) add a regulation that clarifies how the opt-out provision applies to electric utilities and their partners regarding the exchange of consumer information; and (2) provide guidance that explains the exceptions to the deletion requirement and how to deidentify or aggregate data in the context of a blockchain transaction. Clarification of these provisions will allow electric utilities and blockchain providers to continue innovating to improve electricity distribution, while still protecting their consumers’ data.
A. Regulations Clarifying the Opt-Out Provision
To address the ambiguities with the opt-out provision, the OAG should clarify how the broad definition of “sale” applies to electric utilities.[147] Because California views electricity as an “essential” service, the OAG should promulgate a regulation governing the transfer of information between a regulated public utility, such as an electric utility, and a third party in order to deliver an essential service.[148] To prevent the uninhibited transfer of consumer information and uphold the CCPA’s privacy goals, this regulation should also include privacy measures.[149] To balance consumer privacy with the delivery of an essential service, the regulation should allow the transfer of a consumer’s information between a regulated public utility to a state or local government, utility or other entity, subject to the California Public Utilities Commission’s (CPUC) approval of this transaction.[150]
This proposed regulation allows electric utilities to exchange information with third parties to deliver electricity reliably and affordably, while still protecting consumer privacy. By allowing the continued exchange of consumer information between utilities and “other entities,” utilities may continue to work with current partners to deliver electricity.[151] At the same time, the proposed regulation upholds the consumer protection goals of the CCPA by requiring the CPUC to approve the transaction first.[152] This additional layer of security allows consumer advocates to oppose any proposed exchanges that threaten consumer security or fall outside of an exchange that is necessary for the delivery of electricity.[153]
This proposal falls within the OAG’s regulatory authority under the CCPA because it enumerates an “exception that is necessary to comply with state law.”[154] This exception is necessary to comply with the Public Utilities Act, which ensures citizens “safe, reliable, affordable, and environmentally sustainable electric service” and requires the CPUC to regulate electricity distribution and rates as necessary to achieve the provisions of this Act.[155] This clarification is also necessary for utilities to comply with net and smart metering policies[156] and California’s stringent renewable portfolio standards.[157] Further, by allowing the exchange of information to improve access to affordable and clean electricity distribution, the regulation allows electric utilities to comply with their mandate of providing “safe, reliable, affordable, and environmentally necessary” services to consumers.[158]
B. Guidelines Clarifying the Deletion Provision in Blockchain Transactions
To address the ambiguities with the deletion provision, the OAG should provide guidance that clarifies how to assess a consumer’s reasonable anticipation of the use of her data, and how to respond to requests to delete through deidentification or aggregation in the context of blockchain transactions. This guidance should include information for the consumer that explains both the right to request deletion and the benefits of allowing certain energy-related information to remain on secure blockchain ledgers.
As the proposed regulations stand, they do not clarify the catch-all exceptions exempting the deletion of data used for transactions within the consumer’s reasonable anticipation of the consumer-business relationship.[159] To clarify the scope of this exception, the OAG should issue guidance to blockchain providers explaining how to assess whether a particular use of a consumer’s information falls within a consumer’s reasonable expectations of the business-consumer relationship. The assessment of a consumer’s reasonable expectations must strike a balance between allowing the use of a consumer’s personal information to continue facilitating access to renewables in blockchain transactions, while also upholding the CCPA’s goals of granting strong privacy rights.[160]
The OAG guidance for determining a consumer’s reasonable expectations should recommend that the business: (1) determine whether there is a legitimate purpose to using the consumer’s data in a particular transaction; (2) compare previous transactions with the transaction at issue, considering the initial goals of the business-consumer relationship; (3) determine whether the transaction at issue uses the consumer’s data in alignment with the initial goals and previous transactions; and (4) ensure that data security measures are in place to protect consumer information in all transactions.[161]
These steps strike a balance between maintaining consumer privacy and allowing blockchain transactions to use consumer information that is necessary to facilitate electricity distribution. By confining the use of consumer data to transactions similar to previous transactions, blockchain providers have privacy checks in place to not use consumer data for any new opportunity that comes their way.[162] At the same time, this guidance allows blockchain providers to maintain a consumer’s information on a ledger as necessary to fulfill previous blockchain transactions or transactions similar to previous blockchain transactions.[163] Finally, the requirement that all blockchain transactions maintain strong security measures over their ledgers ensures an additional layer of consumer privacy.[164]
The OAG should also clarify how to deidentify or aggregate personal data in the context of blockchain transactions, specifically how to assess when usage data becomes “reasonably linked” with a particular consumer or household.[165] Research suggests that electricity usage data can be strictly anonymized,[166] and OAG guidance should clarify to what extent anonymized usage data becomes “reasonably linked” with a particular consumer or household.[167] For example, guidance could allow blockchain transactions to maintain some usage information on private networks, as long as the networks require access permission and pseudonymize consumer information.[168] This guidance would enable blockchain providers to create transactions that adhere to the level of deidentification or aggregation required by the deletion provision, while still maintaining some energy usage information in their records.[169]
OAG guidelines should also provide guidance to consumers about their right to deletion. Consumer guidance should explain both the consumer’s right to deletion and the benefits of maintaining some otherwise delete-able data on a secure blockchain ledger. Research suggests that usage data serves the most benefits, e.g., efficiency, reliability, affordability, when combined with demographic or financial data.[170] Because a combination of usage, demographic, and financial data could render personal information “reasonably linked” to a particular household, consumer guidelines should explain the consumer’s right to request deletion, including the options to delete by deidentification or aggregation.[171] At the same time, these guidelines should explain that blockchain transactions provide benefits of improving access to affordable and renewable electricity, and ensure a high level of security when on a private network.[172] Explaining these benefits allows the consumer to make an informed decision as to whether to exercise her right to deletion. By clarifying how to adhere to deletion requests in the context of blockchain transactions and explaining to consumers the benefits of maintaining some information on a secure ledger, these proposed guidelines promote the benefits of blockchain and uphold the CCPA’s right to deletion.
Conclusion
The CCPA’s broad protections for consumer privacy pose problems for the decentralizing electricity industry in two ways. First, the opt-out provision’s broad definition of “sale” is unclear as to when electric utilities may exchange consumer information with private companies to deliver electricity safely, reliably, and affordably. Second, the deletion provision is unclear as to how it applies to blockchain transactions. Together, these ambiguities could deter utilities and blockchain providers in the electricity industry from working with consumers to decrease emissions globally, reach state mandates for renewable energy production, and achieve cost-efficient electricity distribution for consumers. Thus, the California OAG should add a regulation that clarifies when utilities may exchange consumer information under the opt-out provision, and issue guidance as to how the deletion provision applies in the context of a blockchain transaction.
* By Hannah M. Hess, J.D., The George Washington University Law School
[1]. United Nations, Report of the Secretary-General on the 2019 Climate Action Summit and the Way Forward in 2020 1 [hereinafter “UN Climate Report”], https://www.un.org/en/climatechange/assets/pdf/cas_report_11_dec.pdf.
[4]. E.g., Paris Agreement, U.N. Doc. FCCC/CP/2015/L.9/Rev/1 (Dec. 12, 2015),
https://treaties.un.org/Pages/ViewDetails.aspx?src=IND&mtdsg_no=XXVII-7-d&chapter=27&clang=_en.
[5]. UN Climate Report, supra note 1, at 35.
[6]. See, e.g., Colo. Rev. Stat. § 40-2-124 (2019); see also Colorado Department of Transportation, Colorado Climate Plan: State Level Policies to Mitigate and Adapt [hereinafter Colorado Climate Plan], https://www.codot.gov/programs/environmental/Sustainability/colorado-climate-plan-2015.
[7]. S.B. 100, 2017–2018 Sen. (Cal. 2018) (amending the Cal. Pub. Utilities Code § 454.53 to include a renewable portfolio standard), https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB100.
[8]. Department of Energy, Tax Credits, Rebates & Savings, https://www.energy.gov/savings/dsire-page (database for state incentives and policies).
[9]. Patty Durand, Three things consumers want from electricity providers, Utility Dive (Apr. 10, 2018), https://www.utilitydive.com/news/three-things-consumers-want-from-electricity-providers-1/520821/.
[10]. Michael J. Coren, Two US electric utilities have promised to go 100% carbon-free—and admit it’s cheaper, Quartz (Dec. 13, 2018),
https://qz.com/1490832/two-utilities-promised-to-go-100-carbon-free-last-week/.
[11]. Merlinda Andoni et al., Blockchain technology in the energy sector: A systematic review of challenges and opportunities, 100 Renewable & Sustainable Energy Rev. 143, 144 (2019), https://www.sciencedirect.com/science/article/pii/S1364032118307184?via%3Dihub.
[14]. WePower, https://www.wepower.com/ (last visited Apr. 27, 2020).
[15]. GDPR, CCPA, Blockchain and Renewable Energy: Policy Lagging Behind Technology [hereinafter Blockchain and Renewable Energy: Policy Lagging Behind Technology], Mintz (Feb. 1, 2019), https://www.mintz.com/insights-center/viewpoints/2151/2019-01-gdpr-ccpa-blockchain-and-renewable-energy-policy-lagging.
[16]. E.g., VolunteerEnergy, Energy Customer Choice Programs & Energy Deregulation Explained, https://www.volunteerenergy.com/choice-2/ (last visited June 20, 2020) (discussing consumer choice programs, where consumers choose the source of their electricity and their utility connects with the renewable provider to deliver electricity to the consumer).
[17]. Blockchain and Renewable Energy: Policy Lagging Behind Technology, supra note 15.
[19]. E.g., Power Ledger, American PowerNet, United States, https://www.powerledger.io/project/american-powernet/ (last visited June 19, 2020).
[21]. See James Ellsmoor, Blockchain Is The Next Big Thing for Renewable Energy, Forbes (Apr. 27, 2019), https://www.forbes.com/sites/jamesellsmoor/2019/04/27/blockchain-is-the-next-big-thing-for-renewable-energy/#88d20f748c1b.
[22]. Andoni et al., supra note 11, at 145.
[23]. Cornelia R. Karger & Wilfried Hennings, Sustainability evaluation of decentralized electricity generation, 13 Renewable & Sustainable Energy Rev. 583, 583 (2009), https://www.sciencedirect.com/science/article/abs/pii/S1364032107001517?via%3Dihub;
Environmental Protection Agency, Distributed Generation of Electricity and its Environmental Impacts, https://www.epa.gov/energy/distributed-generation-electricity-and-its-environmental-impacts (Apr. 26, 2020).
[24]. Karger & Hennings, supra note 23; Environmental Protection Agency, Distributed Generation of Electricity and its Environmental Impacts, https://www.epa.gov/energy/distributed-generation-electricity-and-its-environmental-impacts (last visited Apr. 26, 2020).
[25]. Kristen Gillibrand, Confronting A Data Privacy Crisis, Gillibrand Announces Landmark Legislation To Create A Data Protection Agency (Feb. 13, 2020), https://www.gillibrand.senate.gov/news/press/release/confronting-a-data-privacy-crisis-gillibrand-announces-landmark-legislation-to-create-a-data-protection-agency.
[26]. E.g., Facebook: Transparency and Use of Consumer Data Before the H. Comm. on Energy & Commerce, 115th Cong. 5 (2018) (testimony of Mark Zuckerberg, CEO of Facebook), https://docs.house.gov/meetings/IF/IF00/20180411/108090/HHRG-115-IF00-Transcript-20180411.pdf; General Data Protection Regulation, art. 1, https://gdpr-info.eu/.
[27]. General Data Protection Regulation, art. 1, https://gdpr-info.eu/.
[28]. E.g., Facebook: Transparency and Use of Consumer Data Before the H. Comm. on Energy & Commerce, 115th Cong. 5 (2018) (testimony of Mark Zuckerberg, CEO of Facebook), https://docs.house.gov/meetings/IF/IF00/20180411/108090/HHRG-115-IF00-Transcript-20180411.pdf.
[29]. Gillibrand, supra note 25 (characterizing current times as a “privacy crisis”).
[30]. Cynthia Brumfield, 11 new state privacy and security laws explained: Is your business ready?, CSO (Aug. 8, 2019), https://www.csoonline.com/article/3429608/11-new-state-privacy-and-security-laws-explained-is-your-business-ready.html.
[31]. California Consumer Privacy Act [hereinafter “CCPA”], Cal. Civ. Code §§ 1798.100–199 (2018).
[32]. CCPA, Cal. Civ. Code §§ 1798.100–120 (2018).
[34]. Chris Martin, Will Wade & Mark Chediak, America’s Power Grid, The Washington Post (Jan. 31, 2020), ]https://www.washingtonpost.com/business/energy/americas-power-grid/2020/01/31/4ef061a8-4472-11ea-99c7-1dfd4241a2fe_story.html; see also, e.g., California Public Utilities Commission, Decision (D.) 16-01-044, Decision Adopting Successor to Net Energy Metering Tariff (Feb. 5, 2016) (decentralization through net metering laws); Colo. Rev. Stat. § 40-2-132 (2019) (requiring utilities to consider distribution system plans).
[35]. Ryan Thomas Trahan, Regulating Toward (in)security in the U.S. Electricity System, 12 Tex. J. Oil Gas & Energy L 221, 226 (2017).
[36]. David B. Spence, The Politics of Electricity Restructuring: Theory vs. Practice, 40 Wake Forest L. Rev. 417, 421 (2005).
[37]. Id.; William Hamilton McEwan and Peter R. Nadel, Regulation of Energy by the Colorado Public Utilities Commission, 6 J. Nat’l Ass’n Admin. L. Judges. (1986), http://digitalcommons.pepperdine.edu/naalj/vol6/iss2/2.
[38]. Cal. Pub. Utilities Code §§ 330(r), 399(c) (2018), https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=1.&chapter=2.3.&part=1.&lawCode=PUC&article=15.; California Public Utilities Commission, https://www.cpuc.ca.gov/, (last visited Apr. 26, 2020).
[39]. Mike Munsell, The Shift Toward a Decentralized, Distributed Electric Grid Is Already Underway, GreenTechMedia (Jan. 29, 2015),
https://www.greentechmedia.com/articles/read/three-pathways-to-grid-edge-evolution.
[40]. Jonathan T. Lee et al., Review and Perspectives on Data Sharing and Privacy in Expanding Electricity Access, 107 Proceedings of the IEE 1803, 1803 (2019) https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8737767.
[46]. California Public Utilities Commission, Decision (D.) 16-01-044, Decision Adopting Successor to Net Energy Metering Tariff (Feb. 5, 2016).
[47]. Mark Muro & Devashree Saha, Rooftop Solar: Net metering is a net benefit, Brookings (May 23, 2016) , https://www.brookings.edu/research/rooftop-solar-net-metering-is-a-net-benefit/.
[50]. California Public Utilities Commission, Decision (D.) 16-01-044, Decision Adopting Successor to Net Energy Metering Tariff (Feb. 5, 2016).
[51]. Constance Davis, Lexington Institute, Balancing Smart Grid Data and Consumer Privacy 10–12 (June 2017), https://www.lexingtoninstitute.org/wp-content/uploads/2017/07/Lexington_Smart_Grid_Data_Privacy-2017.pdf.
[52]. United States Department of Energy, Green Button, https://www.energy.gov/data/green-button, (last visited Apr. 26, 2020).
[53]. Oracle, Home Energy Reports from SoCalGas and Oracle Helped Customers Reduce Energy Use and Cut Carbon Emissions by 53,000 Tons, PR Newswire (Aug. 19, 2019), https://www.prnewswire.com/news-releases/home-energy-reports-from-socalgas-and-oracle-helped-customers-reduce-energy-use-and-cut-carbon-emissions-by-53-000-tons-300903244.html.
[55]. Oracle, What Is Opower, https://www.oracle.com/industries/utilities/products/what-is-opower.html (last visited Apr. 26, 2020).
[58]. See Andoni et al., supra note 11, at 155.
[61]. Blockchain and Renewable Energy: Policy Lagging Behind Technology, supra note 15.
[62]. See Andoni et al., supra note 11, at 155; John Farrell, Increasing On-Site Consumption of Distributed Solar, ILSR (Nov. 22, 2010), https://ilsr.org/increasing-site-consumption-distributed-solar/.
[63]. Blockchain and Renewable Energy: Policy Lagging Behind Technology, supra note 15.
[65]. See Andoni et al., supra note 11, at 145–46.
[66]. Blockchain and Renewable Energy: Policy Lagging Behind Technology, supra note 15.
[70]. Stephanie Palmer-Derrien, Power Ledger partners with Silicon Valley power grid to tackle renewable energy’s ‘duck’ problem, SmartCompany (June 21, 2019), https://www.smartcompany.com.au/startupsmart/news/power-ledger-partners-silicon-valley-power-grid-tackle-renewable-energys-duck-problem/; Power Ledger, Silicon Valley Power, https://www.powerledger.io/project/santa-clara-united-states/ (last visited Apr. 27, 2020).
[71]. Power Ledger, Silicon Valley Power, https://www.powerledger.io/project/santa-clara-united-states/ (visited Apr. 27, 2020); Blockchain and Renewable Energy: Policy Lagging Behind Technology, supra note 15.
[72]. Power Ledger, American PowerNet, United States, https://www.powerledger.io/project/american-powernet-united-states/ (last visited Apr. 24, 2020) (discussing project of commercial building that shares excess solar electricity with office park neighbors).
[73]. See Andoni et al., supra note 11, at 166; Peter Maloney, Silicon Valley Power tests blockchain to record EV charging credits, American Public Power Association (Sept. 24, 2018), https://www.publicpower.org/periodical/article/silicon-valley-power-tests-blockchain-record-ev-charging-credits; James Ellsmoor, Blockchain Is The Next Big Thing for Renewable Energy, Forbes (Apr. 27, 2019), https://www.forbes.com/sites/jamesellsmoor/2019/04/27/blockchain-is-the-next-big-thing-for-renewable-energy/#88d20f748c1b.
[74]. WePower, Privacy Policy, https://www.wepower.com/privacy-policy.html (last visited Apr. 24, 2020).
[77]. Power Ledger, Privacy Policy, https://www.powerledger.io/privacy/ (last visited Apr. 24, 2020).
[79]. See supra, notes 47–57 and accompanying text.
[80]. See State Net Metering Policies, Policy Overview, National Conference of State Legislatures (Nov. 20, 2017) (discussing utilities using net metering policies to meet renewable energy requirements).
[81]. E.g., Power Ledger, American PowerNet, United States, https://www.powerledger.io/project/american-powernet-united-states/ (last visited Apr. 24, 2020).
[82]. See supra, notes 62–69 and accompanying text.
[83]. Lee et al., supra note 40, at 1803.
[84]. CCPA, Cal. Civ. Code §§ 1798.100–199 (2018).
[86]. CCPA, Cal. Civ. Code § 1798.185(a) (2018); Wayne Rash, CCPA Enforcement to Begin on Wednesday, July 1, 2020, Forbes (June 29, 2020), https://www.forbes.com/sites/waynerash/2020/06/29/ccpa-enforcement-to-begin-on-wednesday-july-1-2020—steps-to-get-ready/#1c991d9c5f8b.
[87]. Office of the Attorney General, CA, Information About the Rulemaking for the CCPA, https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-rulemaking-fact-sheet.pdf.
[88]. Id.; California Consumer Privacy Act (CCPA), Proposed Regulations Package Submitted to OAL, https://oag.ca.gov/privacy/ccpa.
[89]. CCPA, Cal. Civ. Code § 1798.100(a) (2018).
[92]. Joanna Kessler, Data Protection in the Wake of the GDPR: California’s Solution for Protecting “The World’s Most Valuable Resource”, 93 S. Cal. L. Rev. 99, 108 (2019).
[95]. Id. § 1798.140(t)(1) (2018).
[96]. Id. § 1798.140(t)(2)(C) (2018).
[97]. Id. § 1798.140(d) (2018).
[98]. Id. § 1798.140(d) (2018).
[99]. Id. § 1798.105(a) (2018).
[100]. Id. § 1798.105(c) (2018).
[101]. California Consumer Privacy Act Regulations, Proposed Regulations [hereinafter “CCPA Proposed Regulations”] § 999.313(d)(2), https://oag.ca.gov/privacy/ccpa.
[102]. CCPA, Cal. Civ. Code § 1798.140(h) (2018).
[104]. Id. § 1798.140(a) (2018).
[105]. Id. § 1798.105(d) (2018).
[106]. Id. § 1798.105(d)(1) (2018).
[107]. Id. § 1798.105(d)(7) (2018).
[111]. See Written Comments Received During 45-Day Comment Period – California Consumer Privacy Act, Comments of the California Public Utilities Commission [hereinafter “CPUC Comments”], https://oag.ca.gov/privacy/ccpa (stating that the CCPA is unclear as how the opt-out provision apply to regulated industries).
[112]. E.g., Aclara, Electric Utility Solution, https://www.aclara.com/smart-infrastructure-solutions/electric-utility-solutions/ (last visited Apr. 26, 2020) (providing Smart Metering services).
[113]. Oracle, Home Energy Reports from SoCalGas and Oracle Helped Customers Reduce Energy Use and Cut Carbon Emissions by 53,000 Tons, PR Newswire (Aug. 19, 2019), https://www.prnewswire.com/news-releases/home-energy-reports-from-socalgas-and-oracle-helped-customers-reduce-energy-use-and-cut-carbon-emissions-by-53-000-tons-300903244.html.
[114]. See supra, notes 68–72. and accompanying text.
[115]. E.g., Pacific Gas & Electric, Your Rights and Choices Under the California Consumer Privacy Act [hereinafter “PG&E CCPA Policy”], https://www.pge.com/pge_global/common/pdfs/about-pge/company-information/privacy-policy/CCPA-Rights-and-Choices.pdf (last visited Apr. 26, 2020) (discussing sale for partners for commercial purpose); San Diego Gas & Electric, CCPA Policy [hereinafter “SDGE CCPA Policy”], https://www.sdge.com/ccpa-policy (last visited Apr. 26, 2020) (stating that does not sell, but discloses to a third party or service provider for a business purpose); Southern California Gas & Electric, California Consumer Privacy Act Policy [hereinafter SoCalGas CCPA Policy], https://www.socalgas.com/california-consumer-privacy-act-policy (last visited Apr. 26, 2020).
[116]. See, e.g., PGE CCPA Policy, supra note 115 (“However, we could be involved in programs that could be considered a “sale” under the California Consumer Privacy Act, such as in connection with cookies that our business partners may have collected on our website or online services in the preceding 12 months.”).
[117]. Sara Morrison, Facebook is gearing up for a battle with California’s new data privacy law, Vox (Dec. 17, 2019), https://www.vox.com/recode/2019/12/17/21024366/facebook-ccpa-pixel-web-tracker.
[120]. See Written Comments Received During 45-Day Comment Period – California Consumer Privacy Act, Comments of Engine, Inc. [hereinafter “Engine Comments”], https://oag.ca.gov/privacy/ccpa (stating that the CCPA is unclear as how the opt-out provision apply to regulated industries and discussing harms to tech startups of ambiguous “business purpose” definition); Written Comments Received During 45-Day Comment Period – California Consumer Privacy Act, Comments of California Water Association [hereinafter “CWA Comments”], https://oag.ca.gov/privacy/ccpa (discussing harms to regulated industries of ambiguous “business purpose” definition).
[121]. Cf. Engine Comments, supra note 120 (stating that ambiguities in the CCPA will likely deter tech innovation).
[122]. See Cal. Pub. Utilities Code §§ 330(r), 399(c) (2018), https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=1.&chapter=2.3.&part=1.&lawCode=PUC&article=15.; California Public Utilities Commission, https://www.cpuc.ca.gov/, (last visited Apr. 26, 2020).
[123]. Muro & Saha, supra note 47.
[124]. Oracle, Home Energy Reports from SoCalGas and Oracle Helped Customers Reduce Energy Use and Cut Carbon Emissions by 53,000 Tons, PR Newswire (Aug. 19, 2019), https://www.prnewswire.com/news-releases/home-energy-reports-from-socalgas-and-oracle-helped-customers-reduce-energy-use-and-cut-carbon-emissions-by-53-000-tons-300903244.html.
[125]. Palmer-Derrien, supra note 70.
[126]. State Net Metering Policies, Policy Overview, National Conference of State Legislatures (Nov. 20, 2017).
[127]. S.B. 100, 2017–2018 Sen. (Cal. 2018) (amending the California Pub. Utilities Code § 454.53 to include a renewable portfolio standard), https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB100.
[128]. See UN Climate Report, supra note 1, at 1.
[129]. See Mark Baldassare, Dean Bonner, Alyssa Dykman & Rachel Ward, Californians and the Environment, PPIC Statewide Survey (July 2019), https://www.ppic.org/wp-content/uploads/ppic-statewide-survey-californians-and-the-environment-july-2019.pdf; see also Durand, supra note 9.
[130]. E.g., Sammy Roth, California set a goal of 100% clean energy, and now other states may follow its lead, Los Angeles Times (Jan. 10, 2019), https://www.latimes.com/business/la-fi-100-percent-clean-energy-20190110-story.html.
[131]. S.B. 100, 2017–2018 Sen. (Cal. 2018).
[132]. E.g., CPUC Comments, supra note 111.
[133]. CCPA, Cal. Civ. Code § 1798.105(d)(1) (2018).
[134]. See CWA Comments, supra note 120.
[135]. Crystal Stranger, Why Most People Don’t Understand Blockchain Technology, Medium (Feb. 1, 2019), https://medium.com/cryptoweek/why-most-people-dont-understand-blockchain-technology-fe3841d34997; Bernard Marr, A Very Brief History Of Blockchain Technology Everyone Should Read, Forbes (Feb. 16, 2018),
[136]. Cf. Power Ledger, American PowerNet, United States, https://www.powerledger.io/project/american-powernet-united-states/ (last visited Apr. 24, 2020).
[137]. CCPA, Cal. Civ. Code § 1798.105(d)(7) (2018); see also PG&E CCPA Policy, supra note 115 (explaining exceptions to the deletion requirement as “providing services or products” to customers).
[138]. CCPA Proposed Regulations § 999.313(d)(2).
[139]. See supra notes 61–69 and accompanying text.
[140]. See supra notes 102, 104 and accompanying text.
[141]. The European Union Blockchain Observatory and Forum, Blockchain and the GDPR [hereinafter “Blockchain and the GDPR”] 19 (2018), https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf.
[142]. See Lee et al., supra note 40, at 1809.
[143]. CCPA, Cal. Civ. Code § 1798.105(d)(1) (2018); CCPA Proposed Regulations § 999.313(d)(2); see also Lee et al., supra note 40, at 1809.
[144]. See Chris Ott, Destination Unknown: The Perilous Future of Blockchain and Artificial Intelligence Technologies Under the California Consumer Privacy Act of 2018, UCLA L. R. (Feb. 19, 2019), https://www.dwt.com/blogs/privacy—security-law-blog/2019/03/destination-unknown-the-perilous-future-of-blockch.
[145]. See supra, notes 62–72, 82 and accompanying text.
[146]. See UN Climate Report, supra note 1, at 1; see also Engine Comments, supra note 120 (commenting that ambiguities in the CCPA may slow innovation amongst tech and energy start-ups).
[148]. Cf., CWA Comments, supra note 120; CPUC Comments, supra note 111.
[149]. CCPA, Cal. Civ. Code § 1798.175; Cf., CPUC Comments, supra note 111.
[150]. Cf., CWA Comments, supra note 120.
[151]. See CPUC Comments, supra note 111.
[152]. Cf. Written Comments Received During 45-Day Comment Period – California Consumer Privacy Act, Comments of the Public Advocates Branch of the California Public Utilities Commission [hereinafter “Public Advocates Comments”], available at https://oag.ca.gov/privacy/ccpa.
[153]. Cal. Pub. Utilities Code § 305 (2018) (establishing Public Advocate’s branch of the CPUC); see also Public Advocates Comments, supra note 152.
[154]. CCPA, Cal. Civ. Code § 1798.185 (2018).
[155]. Cal. Pub. Utilities Code § 399 (2018).
[156]. See supra, notes 47–51 and accompanying text.
[157]. Cal. Pub. Utilities Code §§ 399.11–399.33 (2018) (establishing California’s renewable portfolio standards); See also State Net Metering Policies, Policy Overview, National Conference of State Legislatures (Nov. 20, 2017) (discussing utilities using net metering policies to meet renewable energy requirements).
[158]. See Cal. Pub. Utilities Code § 399 (2018).
[159]. See CCPA Proposed Regulations § 999.313(d); Engine Comments, supra note 120 (commenting on lack of clarity of the exceptions to the deletion provision).
[160]. Stuart L. Pardau, The California Consumer Privacy Act: Towards A European-Style Privacy Regime in the United States?, 23 J. Tech. L. & Pol’y 68, 100 (2018); Muhammad Baqer Mollah et al., Blockchain for Future Smart Grid: A Comprehensive Survey 1–2 (2019), https://arxiv.org/pdf/1911.03298.pdf.
[161]. Cf. Katz v. United States, 389 U.S. 347 (1967) (Harlan, J. concurring) (discussing a “twofold” determination of the reasonable expectation, which requires a subjective (based on the personal expectations of the subject of a search) and objective (based on what society deems as “reasonable”). This solution adopts a similar subjective and objective test, by looking at the consumer’s personal goals of entering into the transaction and the overall goals of the business relationship); See also United Kingdom, Information Commissioner’s Office, Guide to the General Data Protection Regulation [hereinafter Guide to the GDPR], https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/what-is-the-legitimate-interests-basis/ (discussing the “purpose and necessity” test for determining whether data processing is within the “legitimate interest” of the business under GDPR regulations).
[162]. Cf. Carpenter v. United States, 138 S.Ct. 2206, 2217–18 (discussing that a consumer’s disclosure of information to a third party does not automatically gives that consumer’s consent for the third party to use her data in all types of transactions).
[163]. Id. (upholding a consumer’s reasonable expectation of privacy within the confines of the consumer’s relationship with the business).
[164]. Mollah et al., supra note 160, at 3 (discussing types of blockchain transactions and which ones are more secure than others).
[165]. Cf. Written Comments Received During 45-Day Comment Period – California Consumer Privacy Act, Comments of the Okta, Inc. [hereinafter “Okta Comments”], https://oag.ca.gov/privacy/ccpa (requesting that the CCPA regulations set forth specific compliance guidelines for businesses).
[166]. Lee et al., supra note 40, at 1807.
[167]. Cf. Okta Comments, supra note 165.
[168]. See Blockchain and the GDPR, supra note 141, at 16.
[169]. See e.g., Baqer supra note 160, at 3 (discussing anonymization availabilities); Blockchain and the GDPR, supra note 141, at 16 (discussing private, permissioned blockchain).
[170]. Lee et al., supra note 40, at 1807.
[171]. See CCPA, Cal. Civ. Code § 1798.105(d)(1) (2018); CCPA Proposed Regulations § 999.313(d).
[172]. See supra notes 79–82 and accompanying text (discussing benefits of decentralized energy systems).