As governments and businesses alike try to measure their carbon footprint and strive to reduce their greenhouse gas emissions to limit the damage caused by climate change, there is increased interest in GHG emissions data.

GHG emissions data is hugely important, including that ownership can affect how this information is collected, shared, and acted upon.

And to be clear this is not some philosophical debate when the world’s most valuable resource is no longer oil, but data. Data from the more than 150 million electric utility connected households across the U.S. alone likely means more active users than the 260 million Facebook users in the U.S., such that the implications for that data security and privacy are enormous (.. think Cambridge Analytica on steroids).

A newly released U.S. spy agency report reveals that U.S. intelligence agencies, military units, and federal law enforcement agencies are the largest purchaser of commercially available information including utility data and are known to then resell or trade that data among themselves and through data brokers. To appreciate the breadth of this issue, when 74% of individuals and businesses in the U.S. have connected electricity, gas, and other utilities at a new location, U.S. Immigration and Customs Enforcement automatically learned about it through purchasing the utility data from brokers, which data it then resold on the open market to buy down the costs of more utility data, a practice that continued until U.S. Senators recently objected.

So, who owns your GHG emissions data? The answer is not straightforward and arguably depends in large measure upon the context in which the data is collected. Here are a few key scenarios to consider:

National emissions data: When it comes to the GHG emissions of a nation as a whole, ownership of the data is typically ascribed to the national government (although the word “ownership” is rarely if ever used in U.S. federal programs and maybe never in federal laws). Governments collect this data through various channels, such as mandatory reporting by businesses like the EPA GHG Reporting Program for large emitting facilities and the government’s own independent monitoring. Altruistically, it is nice to think that only aggregated data is then used to guide public policy and maybe even to announce compliance with international climate commitments, but governments regularly provide that data to others, including for consideration and opening the door for industrial espionage, state surveillance, foreign government spying, and more. EPA admitted in a Federal Register notice, “due to the large numbers of entities reporting” GHG data it cannot timely address data security and privacy concerns such that confidential business information “.. must be available to the public.”

Individual emissions data: For individuals, ownership of emissions data may be more ambiguous. While some individuals may collect data on their own emissions, such as through personal energy usage monitoring, this information is not typically regulated or reported. Increasingly, individuals may share GHG emission data with public utilities that provide electricity and natural gas, through the use of smart thermostats, demand response programs, and the like, and in most states, the utility company owns energy consumption data, however, the answer may be different in California and Utah with broad personal data privacy laws.

Business emissions data: When it comes to the emissions of a particular business or even industry, the ownership of data is more complex. In many instances, businesses are required to report their confidential and otherwise proprietary emissions data to government agencies, as they typically own the data although they may lose control of it after reporting. Increasingly governments are requiring reporting by using Energy Star Portfolio Manager as the input, an EPA online tool where the collection and analysis of data is controlled by the federal government (.. an earlier version of the Energy Star website said the government owned the data, but that language apparently does not appear today, although it has not been replaced with a meaningless privacy policy that says “your information is never released ..” which is not accurate including that it is contemplated to be released to the State of Maryland), and arguably owned by the government. Make no mistake, the EPA online tools, including Portfolio Manager, do not meet even minimal data security and privacy standards. And when those online tools are used to report the data to state or local governments for Building Performance Standards not a single program we reviewed met even minimal standards for data security and privacy; and nearly all allow the government actors to sell the private data.

Note that the current standard of care for building automation systems is they are not connected to the Internet because of concerns over criminals including acts with ransomware and terrorists taking control of infrastructure as well as matters of privacy. But then as part of this entirely new regulatory scheme in America, of regulating carbon emissions, owners may be required to upload Portfolio Manager data over the Internet to state or local government actors, resulting in an entirely new set of risks for business.

Many, if not most, public utilities today collect and sell customer data including energy consumption data and are planning to calculate GHG emissions from that data and own that extrapolated information to sell back to customers and third parties.

Most businesses operate in leased space so the question of who owns building GHG emission data, the landlord or the tenant, is a complex and sometimes contentious issue. A single tenanted building may present one set of issues whether the landlord or tenant is in control of energy systems, which is very different from a multi tenant building.

There are new energy benchmarking and building energy performance standards and the like being enacted that are largely trumped by state and federal consumer data privacy laws as well as Department of Defense security agreements that restrict contractors of supplies and services and federal government nondisclosure agreements required of many government contractors that make “punishable by civilian and criminal penalties” releasing information necessary to calculate GHG emissions.

Maryland enacted a statute last year that requires electric utilities to share tenant energy consumption data with landlords for benchmarking, but the law does not address tenants that are required to report GHG emission data and need information from their landlord and that statute does not require enough information to be shared to calculate GHG emissions nor even allow any of the information to be shared with the government; and, it is silent as to the new risk it creates for business associated with that data.

This is also an issue for commercial landlords that lease to government contractors and for the business of owning multi family residential buildings and other businesses that lease to residential users, a business model that adds consumer data privacy complexities to this subject and is unresolved in nearly all places, even those with mandatory GHG emission laws on the books.

There are untold numbers of other problems in this space. For example, the U.S. Green Building Council a non-profit trade organization that promotes sustainable building practices publishes building specific data on the energy performance of buildings that are certified under its LEED program and makes no offer of data security but does offer an excellent range of information privacy when asked. Of course, there are governments that mandate private buildings to be LEED certified or offer government incentives for LEED certification.

In nearly all instances, there are multiple important considerations when it comes to ownership of GHG emission data. One key issue is transparency versus green hushing.

Another key issue is accuracy. Ownership of data comes with responsibility, and whoever owns emissions data may be charged with ensuring that it is collected, analyzed, and reported accurately. This is particularly important for businesses, which may face legal and reputational risks if their emissions data is found to be inaccurate.

And there are issues of incentives. Who benefits from collecting and owning GHG emissions data, and how does this affect behavior? For example, if a business owns its own emissions data, it may be more motivated to reduce emissions in order to meet sustainability goals or avoid regulatory penalties. In many jurisdictions, there are public utility and government incentives, tax and otherwise, available based upon GHG emission data reporting, so, again, who owns the data is key.

We are working with businesses to monetize GHG emission data, so we appreciate that data security and privacy is too complex a topic for a single blog post so we will blog more about this in the coming weeks.

Ownership of GHG emission data is complex, varies from jurisdiction, and is context dependent. Matters of accuracy, transparency, and incentives are key considerations for ensuring that this data is effectively used to address the challenges of climate change. But none of that should stop an organization from mitigating the risk associated with keeping its own data safe while monetizing that valuable asset.

Drafted with the assistance of ChatGPT