If proposed EU data protection rules prevent insurers from carrying out essential functions, such as fighting fraud, the cost of insurance will grow, according to William Vidonja.
Vidonja is the head of conduct of business at Insurance Europe, the federation representing European insurers and reinsurers.
Given that processing policyholder data lies at the very heart of their businesses, insurers are particularly sensitive to the importance of keeping it safe.
Insurers collect and process data to analyse the risks that individuals wish to cover, which in turn allows them to tailor products accordingly. Data processing is also an essential part of evaluating and paying policyholders’ claims, complying with EU regulations, and in the detection and prevention of fraud.
The EU is currently debating a new set of data protection rules, which originated in January 2012 when the Commission proposed a data protection reform package to adjust the current EU data protection framework to take account of rapid technological developments and an increase in globalisation.
The draft regulation will apply to all businesses processing data across sectors, both off and online. As a consequence of this, the draft has become a hugely complex legislative proposal. Insurers are concerned that the proposed regulation could introduce unintended consequences for the insurance industry and its consumers.
One concern is that proposed rules on profiling would not allow insurers to analyse data when measuring the risk that potential policyholders wish to transfer to them. For example, if someone wants to take out a car insurance policy, the insurer will need to know how many years they have been driving and how many car accidents they have had in order to calculate the risk they pose to the insurer and the insurance premium that that person would have to pay.
If insurers are not able to analyse this information, then they won’t be able to evaluate risks on an individual basis. This would add a degree of uncertainty and, consequently, would lead to higher costs for everybody across the board. In order to avoid this, EU policymakers should amend the draft regulation to allow insurance-related profiling at a pre-contractual stage and for the duration of the contract. This would avoid the risk of additional unnecessary costs for consumers.
Another concern is that the proposed Regulation could restrict insurers’ ability to share information in order to identify and combat fraud, which is estimated to already represent up to 10% of all claims expenditure in Europe.
One of the ways in which insurers detect suspicious activity is by examining policyholders’ previous claims history; for example, to see whether someone has made multiple claims of the same nature. If insurers are not able to share claims history data, their efforts to protect honest policyholders against the consequences of insurance fraud would be hindered. The proposed EU Regulation should, therefore, explicitly recognise the need for companies, including insurers, to process and share information for the purposes of fraud detection and prevention.
Insurers need to be able to retain and process their policyholders’ data, for example to comply with other EU regulations, so any data protection Regulation should make allowances for this.
A step in the right direction, but more is needed
In March 2014 the European Parliament approved a report on the proposed Regulation, which included several points to make it more effective. While the Parliament’s report made positive changes to the EC’s original proposal, further changes are still needed to ensure that the Regulation allows insurers to continue providing their services to consumers. If this does not happen, policyholders may find that the cost of their insurance policies rising unnecessarily.