DH-800 End customer authorizations
The rights of Datahub parties are managed by agreements and by means of authorizations. There are two types of authorizations:
Authorizations issued by the customer, in which the customer provides consent for the processing of personal and electricity consumption data. The principle of these authorizations is described under number 1 in the figure below.
Delegations and party authorizations are arrangements between Datahub parties that allow one party to grant another the right to access its data or to perform specific tasks associated with a defined role. The principle of these delegations and party authorizations is described under numbers 2 (delegations and party authorizations issued by the supplier) and 3 (delegations and party authorizations issued by the DSO) in the figure below.
The processes for end-customer authorizations are being revised. New functionalities will be implemented gradually from version 2.5 onwards. The new types of authorizations and their validity will only become possible with the revised processes; thus, the current authorization notification by a party cannot report authorizations with new authorization types (marked with * in the table below) or with longer validity than 2 years.
Authorizations issued by the customer: types, purposes and validity
The customer authorizes a Datahub party to use their information for a specific purpose. The following table presents purposes for and types of authorizations in Datahub.
Code | Purpose of authorization | Authorized Datahub party | Validity of authorization | Rights provided by the authorization | Rights to metering data |
AP02 | Authorization type: Invitation to tender, agreement for the accounting point The customer authorizes the supplier to view their information so the supplier can provide a better offer in a competitive bidding situation. Customer has an agreement for the accounting point. | New supplier, potential supplier | 30 days from the time the supplier reports receiving the authorization. | Customer information, accounting point information and metering data retrieval. | 6 years, or the validity period of the customer’s agreement if shorter. |
AP04 | Authorization type: Invitation to tender, no agreement for the accounting point The customer authorizes the supplier to view their information so the supplier can provide a better offer in a competitive bidding situation. Customer does not yet have an agreement for the accounting point. | New supplier, potential supplier | 30 days from the time the supplier reports receiving the authorization. | Customer information, accounting point basic information and agreement situation of the accounting point. | No access to metering data. |
AP03 | Authorization type: Competitive bidding, agreement for the accounting point The customer agrees with a consultant concerning competitive bidding and authorizes the consultant to view the customer and accounting point information. Customer has an agreement for the accounting point. | Third party | For the duration of the competitive bidding process, max 30 days. | Customer information, accounting point information and metering data retrieval. | 6 years, or the validity period of the customer’s agreement if shorter. |
AP05 | Authorization type: Competitive bidding, no agreement for the accounting point The customer agrees with a consultant concerning competitive bidding and authorizes the consultant to view the customer and accounting point information. Customer does not have an agreement for the accounting point. | Third party | For the duration of the competitive bidding process, max 30 days. | Customer information, accounting point basic information and agreement situation of the accounting point. | No access to metering data. |
AP01 | Authorization type: Energy reporting, agreement for the accounting point The customer authorizes a consultant to handle all their matters related to electricity use. Customer has an agreement for the accounting point. | Third party | Validity period defined by the customer (end date optional). | Customer information, accounting point information and metering data retrieval. | 6 years, or the validity period of the customer’s agreement if shorter. |
AP06 | Authorization type: Balance responsibility information, agreement for the accounting point * The customer authorizes a balancing service provider to access their balance responsibility information on the accounting point and to transfer the information outside of Datahub to the balancing service provider’s own systems. Customer has an agreement for the accounting point. | Balancing service provider | Validity period defined by the customer (end date optional). | Accounting point’s balance responsibility information retrieval. | No access to metering data. |
AP07 | Authorization type: Energy reporting and agreement information * The customer authorizes a consultant to handle all their matters related to electricity use and to access their agreement information. | Third party | Validity period defined by the customer (end date optional). | Customer information, accounting point information, metering data retrieval and agreement information. | 6 years, or the validity period of the customer’s agreement if shorter. |
AP08 | Authorization type: Accounting points The customer authorizes the supplier or a third party to retrieve basic information about their accounting points. | New supplier, potential supplier, third party | Validity period defined by the customer (end date optional). | Basic information of all the customer’s accounting points. | No access to metering data. |
The validity of the authorization must correspond to the period agreed upon with the customer. In the industry, fixed-term authorizations are generally recommended, but some types of authorizations may, if necessary, be valid until further notice. If a fixed-term service has been agreed upon with the customer, the authorizations must also be created as fixed-term.
Authorizations grant access to metering data only for the period during which the customer has held an agreement for the accounting point, up to a maximum of 6 years. When a customer authorizes a new supplier using the authorization type ‘Invitation to tender’, the supplier has the right to access the customer’s data for 30 days and can retrieve metering data for up to six years. A customer who is in the process of moving to a new accounting point cannot authorize a new supplier to access metering data, as they have not previously been a customer at that accounting point and therefore do not have any metering data until the moving date.
If the customer has had multiple agreements for the accounting point, and there has been another customer with an agreement in between, the authorization only grants access to data from the most recent agreement period.
Authorizations are stored in Datahub per customer and accounting point. An exception to this is the ‘Accounting points’ type of authorization, which is customer-specific and grants the authorized party the right to retrieve basic information about all of the customer’s accounting point, based on the customer’s identifier (business ID or personal ID). The customer can view the authorizations they have issued and their details (associated accounting point, recipient of the authorization, type of authorization, and validity period) in the customer portal.
Creating a new authorization
The customer issues an authorization to a supplier, a third party or balancing service provider, after which the party can retrieve the specified information from Datahub. According to the Electricity Market Act and current data protection regulation, a residential customer must personally issue an authorization directly to Datahub. Therefore, the residential customer always authenticates their identity using strong identification on the customer portal provided by Datahub. Suppliers and third parties can, temporarily, report a business customer’s authorization on behalf of the customer, using an authorization notification event, but the event will be discontinued once the authorization process reform is fully completed. After that, parties will send authorization requests to customers for approval through Datahub.
Maintenance of authorizations
If a customer moves out of an accounting point for which they have issued authorizations, these authorizations are automatically ended in Datahub when the customer moves out. The customer’s authorizations are also automatically ended also in situations when the customer is marked as information-restricted (non-disclosure). A customer marked as information-restricted cannot issue authorizations.
The combination of customer, party, accounting point and authorization type cannot be duplicated in Datahub. Authorization notifications with the same combination of information overwrite the existing authorization.
The party must terminate the authorizations received from the customer, for example, when the service relationship or contract between the party and the customer ends. Termination should not be left to the customer’s responsibility. The party can terminate the customer’s authorization in Datahub via a message or the user interface. It is also possible to cancel authorizations that are set to start in the future. A party can send a notification of termination/cancellation of authorization concerning:
One or more specified accounting points
All authorizations of a customer with a single request without specifying accounting points
A specific type of authorization for all of the customer’s accounting points with a single request
In the user interface, authorizations can only be terminated or cancelled one at a time.
Both residential and business customers can manage (add, update and remove) the authorizations in the Datahub customer portal. A customer can always terminate an authorization before the planned end date.
End customer authorization events