Back to Blog

What Your Smart Meter Knows About You: The Privacy Risks of Energy Data

December 31, 2025 10 min read Privacy, Security, Infrastructure

Disclosure: This article contains affiliate links. We may earn a commission at no extra cost to you.

December 31, 2025: Dutch grid operators just awarded a contract for 4 million smart meter sensors to Kaifa Technology—a company 35% owned by Chinese state enterprise China Electronics Corporation. When questioned about security risks, the operators responded:

"This is a measurement sensor and contains no switch or telecommunications technology. Nothing has ever come up in our audits."

This response completely misses the point. The concern isn't about switches. It's about metadata—and what minute-by-minute energy data reveals about your private life.

Starting January 1, 2026, smart meters become mandatory in the Netherlands. But the privacy implications extend far beyond one country. Hundreds of millions of smart meters are installed worldwide, and they all share the same fundamental problem: they know too much about you.

Think energy data is boring? Your smart meter knows when you wake up, when you're home, when you shower, what appliances you use, and how many people live with you. That's not power consumption—that's surveillance.

What Smart Meters Actually Collect

Traditional analog meters measure total consumption. You read them once a month, send the number to your utility company, and that's it.

Smart meters are fundamentally different. They measure consumption every minute (or more frequently) and transmit that data to grid operators. This granular data reveals far more than "how much electricity you used."

The Data Points

Data Type What It Reveals
Usage timing When you wake up, go to sleep, leave for work, return home
Usage patterns Daily routines, weekend vs. weekday behavior, vacation periods
Load signatures Which specific appliances you use (each has a unique electrical fingerprint)
Occupancy How many people are home, when guests visit
Activities Cooking, showering, watching TV, using computers, charging EVs

Appliance Load Signatures

Every electrical device has a unique "fingerprint"—a pattern of power draw that identifies it. This field is called Non-Intrusive Load Monitoring (NILM), and it's remarkably accurate.

Researchers can identify:

  • Refrigerators — cyclic compressor patterns
  • Washing machines — distinct wash/spin/drain cycles
  • Electric vehicles — high sustained draw during charging
  • Heat pumps — variable speed patterns
  • Televisions — standby vs. active power
  • Computers — variable load based on activity
  • Coffee machines — heating element spikes
  • Hair dryers — high-power, short duration

With machine learning, NILM can achieve 90%+ accuracy in identifying individual appliances from aggregate smart meter data.

Real example: A 2012 study demonstrated that smart meter data could identify which TV channel someone was watching—based solely on the power consumption patterns of different broadcast content.

Why Metadata Matters

Grid operators often downplay privacy concerns by saying "it's just energy data." But metadata is never "just" data.

Consider what your energy usage reveals:

Example: A Day in Your Life

06:47 — Small spike (alarm clock/phone charger disconnect)

06:52 — Large spike (electric kettle or coffee machine)

07:15 — Sustained high draw (electric shower)

07:35 — Hair dryer signature detected

07:48 — Base load only (left for work)

18:23 — Lights + appliances resume (returned home)

18:45 — Oven/stove signature (cooking dinner)

20:00 — TV + low activity (watching Netflix)

23:15 — All loads off except fridge (went to bed)

From energy data alone, we know:

  • You wake up at 6:47 AM
  • You drink coffee and shower in the morning
  • You use a hair dryer (likely long hair)
  • You leave for work around 7:48 AM
  • You return around 6:23 PM
  • You cook dinner at home
  • You go to bed around 11:15 PM
  • You live alone (single-person patterns)

Now imagine this data collected every day, for years, for millions of households.

The Dutch-Chinese Controversy

The Dutch smart meter contract highlights a broader concern: who has access to this data?

The Facts

  • Dutch grid operators (Alliander, Enexis, Stedin) awarded a contract to Kaifa Technology
  • Kaifa is 35% owned by China Electronics Corporation—a Chinese state enterprise
  • China Electronics is on exclusion lists of Dutch pension funds and insurers
  • The contract covers sensors for 4 million smart meters
  • Starting January 1, 2026, smart meters become mandatory in the Netherlands

The Official Response

Netbeheer Nederland (the grid operators' association) defended the decision:

"This is a measurement sensor and contains no switch or telecommunications technology. Nothing has ever come up in our audits."

Why This Response Is Inadequate

The grid operators' defense misses several critical points:

  1. Metadata is the concern, not switches — The sensors collect granular usage data. Whether there's a "switch" is irrelevant to privacy.
  2. Firmware can be compromised — Sensors receive software updates. Backdoors don't need to be in hardware.
  3. Supply chain risks — Hardware can be compromised before installation. This is why Huawei was banned from European telecom networks.
  4. "Never found anything" ≠ nothing exists — State-level actors can hide backdoors that standard audits don't detect. Ask SolarWinds.
  5. Aggregation multiplies risk — One meter is harmless. Four million meters is a national behavioral database.

Precedent: The Dutch intelligence service (AIVD) has repeatedly warned about Chinese influence on critical infrastructure. In 2024, the Netherlands banned Huawei from telecom networks for the same reasons now being raised about smart meter suppliers.

Who Else Wants Your Energy Data?

Grid operators aren't the only entities interested in smart meter data:

1. Insurance Companies

Energy patterns reveal lifestyle. Are you home all day (unemployed? retired? work from home?)? Do you have energy-intensive medical equipment? Do you keep unusual hours? Insurers would love this data for risk assessment.

2. Law Enforcement

Police have used smart meter data to identify cannabis grow operations (which have distinctive high-energy signatures). While catching criminals sounds good, it sets a precedent for warrantless energy surveillance.

3. Advertisers

When do you watch TV? When are you home to receive deliveries? When do you cook vs. order takeout? This is valuable targeting data.

4. Burglars

If smart meter data leaks (and data always leaks eventually), criminals could identify which houses are empty and when.

5. Foreign Intelligence

Aggregate energy data reveals national patterns: industrial activity, population behavior, infrastructure vulnerabilities. For a state actor, this is strategic intelligence.

Legal Protections (And Their Limits)

In the EU, smart meter data is protected under GDPR. But protection has limits:

What GDPR Provides

  • Consent requirements — You must agree to data collection (but meters are mandatory)
  • Purpose limitation — Data should only be used for stated purposes
  • Data minimization — Only necessary data should be collected
  • Access rights — You can request your data

What GDPR Doesn't Prevent

  • Data breaches — GDPR punishes breaches but doesn't prevent them
  • Government access — Law enforcement can access data with proper authorization
  • Foreign intelligence — If data reaches foreign servers, EU law doesn't apply
  • Inference attacks — Even "anonymized" data can reveal individuals through patterns

How Can You Protect Your Privacy?

Complete protection is difficult since smart meters are often mandatory. But you can reduce exposure:

1. Opt Out of Granular Data Sharing

In many jurisdictions, you can request that your meter only transmit monthly totals rather than minute-by-minute data. This reduces the privacy risk significantly while still allowing billing.

In the Netherlands: Contact your grid operator and request "privacy mode" or reduced data transmission frequency.

2. Request Data Access

Under GDPR, you can request all data your grid operator holds about you. This helps you understand what's being collected and creates accountability.

3. Add "Noise" to Your Usage

Some privacy-conscious homeowners use battery storage or load-shifting devices to obscure their usage patterns. A home battery that charges during low-usage periods and discharges during high-usage periods makes NILM analysis much harder.

4. Support Privacy-Preserving Technologies

Researchers are developing techniques like:

  • Differential privacy — Adding mathematical noise to data before transmission
  • Homomorphic encryption — Processing encrypted data without decrypting it
  • Federated learning — Training grid models without centralizing data

Advocate for grid operators to adopt these technologies.

5. Protect Your Broader Digital Privacy

Smart meter data is one piece of your privacy puzzle. Protect the rest:

Comprehensive Privacy:

Frequently Asked Questions

Can I refuse a smart meter?

In many countries, including the Netherlands (starting 2026), smart meters are mandatory. You may be able to request reduced data transmission frequency, but you generally cannot refuse installation entirely.

Is my smart meter data encrypted?

Usually yes, during transmission. But encryption protects data in transit—it doesn't prevent the grid operator (or anyone with access to their systems) from reading it.

Can hackers access my smart meter?

Smart meters have been hacked in security research. Vulnerabilities have included weak encryption, default passwords, and unpatched firmware. A compromised meter could potentially be used to manipulate readings, cause power disruptions, or exfiltrate data.

Why do grid operators need minute-by-minute data?

Grid operators argue that granular data helps balance the grid, especially with variable renewable energy sources. This is technically true—but monthly or hourly data would serve most grid management needs. Minute-level data is overkill for grid balancing and a privacy overreach.

What about solar panels and home batteries?

If you have solar panels or a home battery, your smart meter tracks both consumption AND production. This means even more data about your home's energy behavior is collected and transmitted.

Conclusion

Smart meters aren't just measuring your electricity usage—they're building a detailed profile of your daily life. When you wake up, when you're home, what appliances you use, how many people live with you. This is surveillance infrastructure disguised as utility equipment.

The Dutch grid operators' response—"it's just a sensor with no switch"—reveals a fundamental misunderstanding (or deliberate dismissal) of metadata privacy. The concern isn't about physical switches. It's about what minute-by-minute energy data reveals, who has access to it, and what happens when that data is compromised.

Key takeaways:

  • Smart meters collect granular usage data that reveals your daily routines, appliance use, and occupancy patterns
  • Machine learning can identify specific appliances from aggregate power data with 90%+ accuracy
  • The Dutch contract with a Chinese state-linked company raises supply chain security concerns
  • "No switch or telecom technology" is a non-answer—metadata is the real privacy risk
  • GDPR provides some protection, but can't prevent breaches or foreign intelligence access
  • You may be able to request reduced data transmission frequency from your grid operator

Smart meters are becoming mandatory in more countries every year. As this infrastructure expands, so does the potential for surveillance, data breaches, and privacy violations. Understanding what these devices collect—and demanding better protections—is essential for preserving privacy in an increasingly monitored world.

Protect Your Privacy:

  1. Request reduced data transmission from your grid operator
  2. Hide your IP at myip.foo with a VPN
  3. Read: What Your ISP Tracks
  4. Follow: Privacy Checklist 2026

Your energy data is your business. Demand it stays that way.

Sources: De Telegraaf, Tweakers, Netbeheer Nederland, AIVD annual reports, academic research on Non-Intrusive Load Monitoring (NILM).