elering-6

Erase and rectify personal data

1. Description of the Use Case

1.1. Name of the Use Case

ID	Area /Domain(s)/Zone(s)	Name of the Use Case
1	Access to data, Balance management, Market for flexibilities, Operational planning and forecasting, Services related to end customers,	elering-6

1.2. Version Management

Version No.	Date	Name of author(s)	Changes
1	2018-04-12T00:00:00	Kalle Kukk (Elering),
2	2018-08-27T00:00:00	Mandimby Ranaivo R. (AKKA),
3	2018-09-21T00:00:00	Eric Suignard (EDF),
4	2018-10-04T00:00:00	Eric Suignard (EDF),	Version post WP5&9 physical meeting in Tallinn
5	2018-10-17T00:00:00	Eric Suignard (EDF),	Version reviewed by WP5&9 partners
6	2019-05-07T00:00:00	Eric Suignard (EDF),	WP6-7-8 demos alignment and miscellaneous changes
7	2020-06-16T00:00:00	Eric Suignard (EDF),	innogy’s and Elering’s review

1.3. Scope and Objectives of Use Case


Scope	Erasure and rectification of personally identifiable data.
Objective(s)	Safeguard the rights of every individual to have control over their own data.
Related business case(s)

1.4. Narrative of Use Case

Short description

According to data protection rules (GDPR), one has the right (unless otherwise stated in the laws) to execute control over one’s data, in particular to delete or rectify them.

Complete description

The management of personal data must be in line with the GDPR guidelines. In particular, any Individual Data Owner (a physical person) has the right to delete their data or rectify them if they are inaccurate or incomplete. Personal data include consumption/generation information, meter point and master data.

Via the Data Exchange Platform (DEP), an Individual Data Owner can request the deletion or the rectification of their personal data. The DEP identifies the concerned Applications or Data Hub and forwards the request. The Application or the Data Hub checks the legitimacy of the rectification or the deletion before proceeding. Finally the Individual Data Owner is notified about the success or the failure of the operations. Moreover, proof of deletion can be provided through deletion logs.

1.5. Key Performance Indicatiors (KPI)

ID	Name	Description	Reference to mentioned use case objectives

1.6. Use case conditions

Assumptions
The communication channel is protected

Prerequisites
The individual data owner has successfully logged in to the DEP

1.7. Further information to the use case for classification/mapping

Relation to other use cases

Level of depth
Prioritisation

Generic, regional or national relation

Nature of the use cases
SUC
Further keywords for classification

1.8. General remarks

General remarks

2. Diagrams of Use Case

Erase and rectify personal data - overview

3. Technical Details

3.1. Actors

Actor Name	Actor Type	Actor Description
Data Exchange Platform	System	Data exchange platform (DEP) is a communication platform the basic functionality of which is to secure data transfer (routing) from data providers (e.g. data hubs, flexibility service providers, TSOs, DSOs) to the data users (e.g. TSOs, DSOs, consumers, suppliers, energy service providers). DEP stores data related to its services (e.g. cryptographic hash of the data requested). The DEP does not store core energy data (e.g. meter data, grid data, market data) while these data can be stored by data hubs. Several DEPs may exist in different countries and inside one country.
Application	System	Any kind of system connected to a Data Exchange Platform and used by a market participant who wishes to receive data.
Data Hub	System	Data Hub is an information system which main functionality is to store and make available measurements (e.g. meter data, operational data) and associated master data. Data Hubs are not necessarily centralized in a country or in a region.
Data Owner	Business	Any person who owns data and can give authorization to other parties to access them. Can be, inter alia: Flexibility Services Provider Market Operator Consumer Generator
Data Hub Operator	Business	Data hub operator owns and operates an information system which main functionality is to store and make available electricity (also gas, heat) metering data and associated master data. Can be : Grid Data Hub Operator in the sphere of a System Operator Market Data Hub Operator in the sphere of a Market Operator Meter Data Hub Operator in the sphere of a Metered Data Operator Sub-meter Data Hub Operator in the sphere of an Energy Service Provider
DEP Operator	Business	Data exchange platform operator owns and operates a communication system which basic functionality is data transfer.

3.2. References

No.	References Type	Reference	Status	Impact on Use Case	Organistaor / Organisation	Link

4. Step by Step Analysis of Use Case

4.1. Overview of Scenarios

No.	Scenario Name	Scenario Description	Primary Actor	Triggering Event	Pre-Condition	Post-Condition
1	An Individual data owner deletes their personal data	The individual data owner requests the deletion of only a part of their personal data or the whole of them. The DEP forwards the deletion request to any concerned application or the data hub. The applications or the data hub check the legitimacy of the deletion before proceeding. They log the operations and notify the DEP. The DEP notifies the individual data owner about the deletion.
2	An individual data owner rectifies their personal data	The individual data owner selects their personal data to rectify and provide the new content to the DEP. The DEP forwards the rectification request to the concerned applications or the data hub. The applications or the data hub check the legitimacy of the rectification before proceeding. The DEP notifies the individual data owner about the rectification.

Notes

4.2. Steps – Scenarios

Scenario Name:
An Individual data owner deletes their personal data

Step No.	Name of Process/ Activity	Description of Process/ Activity.	Information Producer (Actor)	Information Receiver (Actor)	Information Exchanged	Requirements, R-ID
1.1	Delete data	The data hub proceeds to the deletion. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	43ac67ff-35a0-48e4-8b2c-d1eaf7537292	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	5a299e09-cf38-4bdb-a29e-330949349229 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
1.2	Delete data	The application proceeds to the deletion. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	5a299e09-cf38-4bdb-a29e-330949349229 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
1.3	Forward data deletion request	The DEP forwards the deletion request to any concerned application or the data hub. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	3b6d4cd1-7cd7-473e-af25-2cd3f990d415 4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385 43ac67ff-35a0-48e4-8b2c-d1eaf7537292 4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	5a299e09-cf38-4bdb-a29e-330949349229 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
1.4	Notify data deletion status	The DEP notifies the individual data owner about the success or the failure of the deletion process. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	a17749ef-fb35-4331-9275-eaadfad82b36	97336539-bfa7-4501-b370-ff9d6d4bf681	5a299e09-cf38-4bdb-a29e-330949349229 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
1.5	Request data deletion	The individual data owner requests the deletion of only a part or the whole of their personal data. Modsarus Use Case::InstanceName=Personal Data Modsarus Use Case::InstanceDescription=	a17749ef-fb35-4331-9275-eaadfad82b36	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	5a299e09-cf38-4bdb-a29e-330949349229 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374

Scenario Name:
An individual data owner rectifies their personal data

Step No.	Name of Process/ Activity	Description of Process/ Activity.	Information Producer (Actor)	Information Receiver (Actor)	Information Exchanged	Requirements, R-ID
2.1	Forward rectification request	The DEP forwards the rectification request to any concerned application. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	3b6d4cd1-7cd7-473e-af25-2cd3f990d415 4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385 43ac67ff-35a0-48e4-8b2c-d1eaf7537292 4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	e7d965fc-df56-4ef3-a6aa-0453a974554c 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
2.2	Notify rectification status	The DEP notifies the individual data owner about the success or the failure of the rectification process. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	a17749ef-fb35-4331-9275-eaadfad82b36	97336539-bfa7-4501-b370-ff9d6d4bf681	e7d965fc-df56-4ef3-a6aa-0453a974554c 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
2.3	Rectify data	The application proceeds to the rectification. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	3b6d4cd1-7cd7-473e-af25-2cd3f990d415	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	e7d965fc-df56-4ef3-a6aa-0453a974554c 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
2.4	Rectify data	The data hub proceeds to the rectification. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	43ac67ff-35a0-48e4-8b2c-d1eaf7537292	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	e7d965fc-df56-4ef3-a6aa-0453a974554c 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374
2.5	Request data rectification	The individual data owner requests the rectification of their personal data by providing updated data. The objective is to correct inaccurate data or to complete data if they are incomplete. Modsarus Use Case::InstanceName=Personal data Modsarus Use Case::InstanceDescription=	a17749ef-fb35-4331-9275-eaadfad82b36	4e694b8b-e0eb-4b2a-ae7a-1bcb6f656385	97336539-bfa7-4501-b370-ff9d6d4bf681	e7d965fc-df56-4ef3-a6aa-0453a974554c 91f1c5eb-7fd9-44c8-8241-2beeb1d669ae 4e1ba21d-6f60-4bef-87c6-ff1671a3c374

5. Information Exchanged

Information exchanged ID	Name of Information	Description of Information Exchanged	Requirement
97336539-bfa7-4501-b370-ff9d6d4bf681	Any Data		—-

6. Requirements (optional)

Category Identifier	Name	Description	mRID
Cat1	Personal data		bd1580a2-20b8-41fa-a8df-2ae6041bf604

Identifier	Name	Description	mRID
Req1	Forget Citizen Right	Right to request the deletion or removal of personal data where there is no compelling reason for its continued processing	5a299e09-cf38-4bdb-a29e-330949349229
Req4	Correct Citizen Right	Right to rectify data if inaccurate or incomplete	e7d965fc-df56-4ef3-a6aa-0453a974554c

Category Identifier	Name	Description	mRID
Cat2	Task 5.3	Requirements integrated from Task 5.3.	1880e39c-7084-4785-8c02-297057abe312

Identifier	Name	Description	mRID
Req2	PERSO-DATA-REQ2	Ability to share information related to rectification of personal data between data owners, concerned DEPs, applications and data sources	91f1c5eb-7fd9-44c8-8241-2beeb1d669ae
Req3	PERSO-DATA-REQ1	Ability to share information related to erasure of personal data between data owners, concerned DEPs, applications and data sources	4e1ba21d-6f60-4bef-87c6-ff1671a3c374

7. Common Terms and Definitions

8. Custom Information (optional)

Key	Value	Refers to Section