Big data and insurance: should there be a code of practice?

Out-Law Analysis | 09 Feb 2015 | 8:00 am | 3 min. read

FOCUS: Association of British Insurers (ABI) chairman Paul Evans called on the insurance industry to "anticipate regulators" and develop its own big data code of practice in a recent interview with the Financial Times , which makes a lot of sense.

A code could help insurance companies pre-empt regulators' concerns by setting standards on the use of data and its disclosure, but it must remain flexible enough to allow insurers to reap the benefits of big data. This will also benefit consumers because ultimately they pay the price of fraud through increased premiums.

If the insurance industry is going to develop a code of practice governing the use of vital customer data then the code will have to be flexible enough to make sure the benefits of big data are not lost.

Any code should also take account of the fact that while privacy and data protection laws are important, there are many other areas of law that are relevant to the use of big data in insurance.

From smartphones to in-car black boxes to online activity monitoring, people are increasingly leaving behind them a trail of rich data that can reveal a lot about them. That data could revolutionise the insurance industry by making sure that the risk of insuring a person or activity is better understood and is priced accordingly. This would mean more accurate premiums for customers and a more predictable business model for insurers.

Big data can help cut insurance fraud, lower the cost of insurance for low-risk policy holders and help providers to tailor products to a market's needs. But regulators and policy makers are paying increasing attention to how that data is used.

So what are the issues that a code might cover? We can all imagine privacy and data protection issues, but the use of big data in insurance touches on a number of other important legal issues.

As regulated businesses, insurers are under a general obligation to treat consumers fairly, and that extends far beyond simple compliance with data protection rules. It means that, in line with broader consumer regulations, insurers must avoid engaging in misleading practices.

Rules on financial promotions will apply and they, too, demand fairness, clarity in insurers' marketing and bans promotions which are misleading.

Competition law might also apply if an insurer is dominant in its market and controls large amounts of consumer data. If they use that to differentiate their services and distort the market to the detriment of consumers, and if they cut off rivals' access to the data, they might fall foul of competition law.

Aggregated or anonymised data is already widely used but to really target the right products and prices to individuals then data that is attached to that individual must be used. This raises not only questions of privacy and data protection, but wider questions of fairness, discrimination and transparency.

Plans for a code of practice are in their very early stages. A spokesperson for the ABI told Out-Law that it is not "actively working on a code of practice at the moment". Instead, the ABI is "at the planning and policy development stage in this area of work", the spokesperson said, adding that "industry use and management of data is a key emerging issue" and that the ABI is working with its members "to ensure we are on top of it".

A code could be useful in demonstrating to regulators that insurers are considering the consumer protection issues that all these laws raise. Because there is no doubt that regulators are increasingly interested in the issue.

The European Commission is hosting a round table event in Brussels on the issue of big data in financial services later this month in an effort to get a better handle on the issues and, in particularly, a feel for how big data is being harnessed in practice by banks and insurance companies.

The Commission wants input from the financial services industry on "how the EU can support the development of a data-friendly business environment". The Commission will be setting out a new action plan for Europe's data economy later this year.

The Commission said it is particularly keen to know more about how banks and insurance companies are using big data technologies now and their big data strategies for the future. Industry views on regulatory aspects, including rules on trust and privacy intellectual property rights, security and data ownership, are wanted by the Commission. It also wants to know how initiatives on research and innovation, infrastructure, interoperability, access to finance and skills can also help support the use of big data in the EU.

This is a good time for businesses to think about how they can engage with the Commission on big data issues. By explaining how they use big data in practice, they will help the Commission build an accurate picture of the benefits of big data to financial services and help persuade the law makers that regulations must be crafted in a way that balance effective use of data against protection of consumer rights.  

John Salmon is a financial services expert at Pinsent Masons, the law firm behind