UBI, personal data and the global implications of the European Union data directive
17 July 2015
On Monday, I was asked to present at a UBS conference for investors on technology disruption facing the industry. It was far from Celent’s usual audience of business leaders and technologists, and as a result the questions being asked were quite different, sometimes challenging, however refreshing at the same time. One of the most interesting sections of the day for me was looking at the adoption of usage based insurance (UBI) across the industry and the implications for data protection. Ever since personal data was first discussed as having the potential for emerging as a new asset class at the World Economic Forum in 2011, capturing and incorporating personal data into the proposition design has been seen as a potential gold mine, fueling the creation of many start-ups and, in our industry, propositions based upon understanding individual risk and investment behaviors. It’s hard to think of any digital proposition today that doesn’t require you to first mark a check-box to say that you’re willing to give up the rights to some of your personal data as part of standard terms and conditions. When used well, it can enhance the experience enormously. As an avid Netflix ‘box-set’ watcher, I’m sure that I’d quickly get lost (or bored) without it for example. However, I’ve also learnt to be increasingly picky about who I let have access to my data and what links I click. I’m often amazed by how many apps want access to my location without seemingly having a purpose for it. What’s harder for me to know, however, is what happens to my data once I’ve given permission for where I can see it benefits me to do so. At Celent, we’ve talked for quite a while about how personal data willingly shared could be a major asset in fuelling new proposition design and aiding risk avoidance. It’s not just UBI propositions that can benefit. The potential applies to all nearly all propositions – including commercial and specialty. Data sources such as LinkedIn, Twitter feeds, Glassdoor, and potentially even driving patterns could prove to be an interesting indicator of the quality and morale character of senior management teams for example. However, at the heart of these propositions or services needs to be an acute understanding of the legal implications and ethics around personal data use. One related piece of upcoming legislation discussed that every insurer with operations in Europe needs to be aware of is the new European Union Data Protection Directive. This directive seeks to unify data protection laws across Europe and is due to be finalized later this year, with a likely implementation date set in 2016. One of its aims is to protect the consumer and, in doing so, strengthen the laws on security, privacy, residency, permitted use and portability. The maximum fine for a firm getting it wrong could be as large as 5% of global turnover. So, for example, if you’re a US or Chinese insurer with operations in an EU country that suffers from a data breach or allows sensitive personal data to leave permitted EU jurisdiction, then your global profits could take a nasty hit. So, how does this relate to UBI and the use of personal data within the design of propositions and servicing? Well, apart from the obvious security, anonymity and archival implications, insurers will need to watch carefully what data they use and the permissions consumers have signed up for around its use, probably placing them squarely in control of it. These changes will inevitably tip the balance more firmly in favor of the individual. Open, transparent, incentivized and positive engagement around the use of personal data will need to become the norm. The days of fortuitous use or situations where policyholders are unaware of how much of their data is being used to underwrite risk may be numbered.