The Privacy Risks of PV Inverter Telemetry: A Systematic Analysis of Leakage Vectors in Modern DER Ecosystems

The large‑scale deployment of photovoltaic (PV) inverters in distributed energy resource (DER) ecosystems has created a highly connected environment where telemetry, remote access, and cloud platforms play a central operational role. Unlike smart meters, however, PV inverters have not been systematically examined from a privacy perspective, despite continuously generating fine‑grained data that can reveal sensitive information about users and installations. This preprint presents the first comprehensive analysis of privacy leakage vectors in modern PV inverter ecosystems, covering device‑level measurements, local interfaces, fieldbus protocols, cloud platforms, and external actors such as installers, aggregators, and utilities. Through a technical examination of inverter telemetry and widely adopted DER communication protocols (SunSpec Modbus, Modbus TCP, IEEE 2030.5), we identify structural risks including telemetry oversharing, metadata exposure, behavioural inference, cloud retention leakage, and installer‑side overprivilege. Our findings show that inverter telemetry can reveal occupancy patterns, behavioural routines, consumption habits, and installation characteristics with high fidelity. We conclude by outlining initial recommendations for telemetry minimization, metadata reduction, and cloud governance, establishing the foundation for a dedicated privacy‑by‑design framework for PV inverters and DER systems.This work establishes that PV inverters represent a first-order privacy threat in the modern home, demanding immediate attention from manufacturers, standard-setting bodies, and policymakers.