Out-Law News | 16 May 2013 | 1:25 pm | 2 min. read
Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.
It is not often that behavioural monitoring and positive consumer outcomes are spoken of in the same breath. But over the last few years, the insurance industry has explored this very idea by introducing telematics based motor insurance products.
Telematics motor insurance involves the transmission of driver information from technology installed or used in vehicles back to insurers. The technology can take the form of a little black box or, increasingly, an app in a mobile device plugged into a vehicle's power source. The information transmitted may include anything which could impact on a risk assessment of a driver. Speed, vehicle diagnostics, driving conditions and many other variables can all be monitored.
Telematics insurance products are promoted on the promise of more accurate premiums based on more accurate data. Unlike gender and age, factors which lawmakers and courts have considered at times to be arbitrary indicators which unfairly discriminate against individuals, the use of telematic data may be a positive step away from arbitrary decision making.
At the same time though, there is no doubt that the use of telematic data presents legal challenges. Privacy and security issues are the obvious ones and have recently been addressed by the Association of British Insurers in its 'Selling telematics motor insurance policies, a good practical guide' for insurers. The guidance highlights that there is a risk that telematics devices may transmit personal data and that where this is the case, data protection rules on obtaining explicit consent, limiting the purpose for which data are used and being completely transparent about those purposes must be complied with.
While the guidance is aimed at and particularly helpful to insurers, legal issues arise also for other organisations. The transmission of data from telematic devices can create data ecosystems incorporating multiple entities that may or may not have reason to access data sent from a person's vehicle.
Data collected by a telematics device may typically be processed by an insurer, a telematics technology provider and a data processing centre. Organisations are also reportedly considering using cloud providers to process and store telematics data. Organisations intending to do so would need to be aware of the specific risks associated with cloud processing and financial services.
As the technology itself may be integrated within a mobile device app, issues as to who can access data and to what extent, particularly where there are little restrictions imposed by a device's operating system upon the extent to which app providers may access information through APIs, also need to be addressed. Both the Article 29 Working Party and the US' Federal Trade Commission have recently discussed the issue of mobile devices and personal data generally and published detailed guidance. Specific guidance from these bodies on the use of telematic data in the mobile context would provide the industry with more certainty.
There are also other organisations which may have an interest in accessing telematic data. While there may be no general principle of English law that requires the police to be contacted upon the occurrence of a crime, in some circumstances, the law of negligence will impose a duty to take action when a foreseeable risk could result in loss or damage. Any organisation processing telematic data would want to carefully weigh any suggestion that it may have an obligation to share data in order to avoid a foreseeable risk against non-disclosure obligations imposed upon it by data protection laws.