Project • POC application

GDPR-compliant sharing of smart meter measurements


Towards a decentralized privacy-preserving infrastructure that opens smart meter data to the world

  • privacy
  • gdpr
  • ntru
  • energy
  • energy transition
  • p1
  • mam
  • mam+
  • consent
  • prosumer
  • consent wallet
  • alliander
  • dso



A proof of concept where smart meter data is obtained via a Raspberry Pi and published via IOTA Masked Authenticated Messaging. A consumer can proof he owns the Raspberry Pi, and the consumer can give and revoke consent to service providers to access the smart meter measurements for a specific goal. All on the IOTA Tangle.


P1 usage data with service providers can help the energy transition. But the data is privacy-sensitive. When dealing with personal identifiable information (like the measurements of a smart meter) a service provider has to adhere to the GDPR and therefore:

- State the goal for data usage clearly (and only use the data for that goal).

- Have consent of the consumer to access the data.

- Stop collecting data when consent is revoked.

Storing policies or data in a central place can lead to misuse, hacks and a single point of failure. Central storage can also lead to a vendor lock-in, where the owner of the smart meter data reader determines what service providers can use the data, instead of creating a level playing field where you can authorize anyone to access the data.

Distributed ledger technology could address these issues.

Distributed ledgers are capable of creating a single source of truth, without the need for a trusted third party. In the most famous example of a distributed ledger, Bitcoin, money can be transferred without a bank. In the case of providing access to energy data, data can be transferred and policies stored without an Alliander cloud.

The IOTA Tangle distributed ledger is suited for storing policies (and data transfer) because there are no transaction fees and it scales well.

Access to your smart meter data can be requested by the Wattt service provider. If you are the owner of the smart meter (in this project that's proved via a secret token) you can accept or decline this request. If the request is accepted a policy will be stored on the IOTA Tangle in a restricted MAM channel. And the service provider will receive the access key to the measurement data's MAM channel. The audit log (MAM channel) is only decryptable by you and the service provider (since the root and side key are only shared between you). When access is revoked a new key is communicated via the data MAM channel,  only decryptable with the private NTRU-keys (quantum proof) of the remaining authorized service providers.

Perhaps the idea of a quantum proof key exchange and key rotation when access is revoked can be implemented in MAM+.

We hope this will be a step towards a decentralized privacy-preserving infrastructure that opens smart meter data to the world.


Copyright 2018 Alliander N.V.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,


See the License for the specific language governing permissions and

limitations under the License.