Now that it’s 2025, how should we improve permissioned access to energy data? What should policymakers focus on?

“Enforcement, enforcement, enforcement.”

That was my answer to a question posed last month at the Colorado Solar and Storage Association’s conference in Denver. Enforcement has been on my mind because of two contrasting events – one in American politics, the other involving utility regulation – that perfectly underscore its importance at this moment.

The first example, which illustrates the decisive power of enforcement, is the so-called TikTok ban. By now, we’ve all seen or heard of the message that TikTok sent on January 19th to its 170 million users: “Sorry, TikTok isn’t available right now.”

Even though the ban was ultimately paused, the brief shuttering of an app used by half of all Americans was a stunning development. In that moment, TikTok took seriously the government’s threat to enforce the law: Billions of dollars in fines were on the line.

While the “ban” part of the TikTok ban received the most attention, it’s important to understand that data portability is also part of H.R. 7521. The law requires any app designated by the President to provide, upon the request of a user, their data in a “machine-readable format”:

Failure to provide data portability is punishable by a civil penalty equal to $500 times “the number of users within the land or maritime borders of the United States affected by such violation.” With 170 million U.S. users, that would be a hefty $85 billion.

As I said, enforcement has been paused by the Trump administration. But, if DOJ simply signaled that it was prepared to enforce this provision of the law, I would put the likelihood that TikTok adheres to it at 100%. The government has already shown that it is prepared to demand the nuclear option – an outright ban – and so enforcing data portability is unlikely to be difficult for DOJ.

Contrast this with the long-running saga of allegations of data failures against Southern California Edison (SCE). Filed by OhmConnect, Inc. at the California Public Utilities Commission (CPUC) nearly six years ago on March 8th, 2019, it claims multiple violations of Rule 24, which requires the utility to provide customer data to demand response providers at the request of customers. If this were TikTok and DOJ, it would have been resolved years ago. But instead we have the deafening silence of the CPUC. There has been no timely remedy and no enforcement because, in the intervening six years, CPUC has not bothered to investigate anything or determine whether Rule 24 was violated. In fact, the only official action CPUC has taken about this complaint is to grant itself nine (9) extensions (here, here, here, here, here, here, here, here and here) to the statutory deadline for adjudicating such matters. CPUC's spectacular inability to do its basic duty signals that it’s not serious about enforcing much of anything.

There are Green Button Connect regulations in eight states (CA, CO, IL, KY, MI, NM, NY, TX), covering about 41 million meters. We’re pushing hard to expand data portability policies in other states, but we can’t let the novelty of new policy efforts overshadow the importance of enforcing existing regulations that are already on the books.

The risk of ignoring enforcement is not just some minor backsliding that can be corrected later. Indeed, it implicates the rule of law itself. Each unenforced infraction sends a message. Combine several such instances, and impunity’s benefits begin to outweigh its risks.

Enforcement isn’t a self-actualizing part of policymaking; it takes attention and effort. I’m reminded of a quote from Rohit Chopra, former member of the Federal Trade Commission: “Commission orders are not suggestions.” This remark was initially directed to Facebook, a repeat violator of privacy laws. Chopra was reasserting the Commission’s oversight powers. It’s time for public utility commissions to follow suit.