.jpg?v=3)
Topic
- Glossary
- Regulatory mapping on jurisdictions
- Online selling - Regulatory framework
- Differences with conventional distribution channels
- Online payment services
- Machine learning and Artificial Intelligence
- Blockchain in insurance
- Digital Identity and Onboarding Data
- Data Protection
- Open Insurance and APIs
-
Big Data
Belgium
There is no specific legislation in place, nor official guidance or a code of conduct expressly governing the use of Big Data by insurance companies and intermediaries.
France
In terms of code of conduct, there are no specific legal provisions on Big Data that have been enforced. However, GDPR guidelines published by the French Insurance Federation on July 2021 helps the industry to better deal with the main issues identified on Big Data usages.
As regards legislation:
- As mentioned in Section 4.1, GDPR provides specific conditions for data profiling when assessing insurance, especially if it is part of an automated decision-making process. Please also refer to other GDPR rules on data processing;
- The Decree No. 2019-341 lists the authorised use of the national identification registry (“NIR”), in particular by insurance organisations (e.g. social protection, entering, managing and executing insurance contracts, compliance with obligations relating to the fight against money laundering and the financing of terrorism or to the fight against fraud).
The National Assembly proposed, on 23 January 2019, a bill prohibiting the use of personal data collected by internet of things (“IoT”) in the field of insurance, especially for data relating to the lifestyle and health of persons. However, this law has still not been enacted.
Italy
There is not specific legislation in place, nor official guidance or a code of conduct expressly governing the use of Big Data by insurance companies and intermediaries.
Portugal
Currently there is no legislation specifically governing the use of Big Data by insurance companies and intermediaries nor any specific code of conduct.
The only Guideline available on this matter is a Report of the Joint Committee of the European Supervisory Authorities, which provides that financial entities deploying Big Data-driven tools must implement mitigating measures, acknowledge the risks for consumers and the difficulties resulting from having a wider knowledge of the client.
As such, the following adequate guarantees must be taken into consideration, namely:
- Clients need to give their free and express consent for their data to be processed;
- Financial institutions must provide all necessary information about the financial products and the underlying use of Big Data;
- Reinforced security measures must be taken, in particular, when considering the sensitivity of the processed information.
The Netherlands
The following local standards and guidelines apply to the use of big data by insurance companies and intermediaries:
- Code of Conduct for the Processing of Personal Data by Insurers published in 2018 by the Dutch Association of Insurers (in Dutch: Verbond van Verzekeraars);
- Ethical framework for data-driven applications by insurers for members of the Dutch Association of Insurers published in 2021; and
- Act of 16 May 2018, containing rules on the implementation of GDPR (in Dutch: De Nederlandse Uitvoeringswet AVG, UAVG).
Ukraine
There is currently no legislation, official guidance and/or a code of conduct specifically aimed at governing Big Data by insurance companies and intermediaries.
United Kingdom
At present there is no legislation specifically governing the use of Big Data by insurance companies and intermediaries nor any specific code of conduct.
The UK regulator has acknowledged the potential for positive consumer outcomes resulting from the use of Big Data, but has also highlighted how its use may result in some consumers experiencing difficulty in obtaining insurance, and has expressed pricing concerns. The UK regulator has reminded firms of their obligation to ensure that any use of data is in line with data protection legislation and guidelines from the ICO.
The UK regulator has also raised concerns over the potential impact of Big Tech firms entering the insurance market. Again, it has acknowledged the potential positive impact this may have, particularly in introducing efficiencies to the value chain. However, it has noted that competition concerns may arise as a result of the manner in which data gathered by Big Tech firms from their wider business is used in the underwriting process.
When using Big Data in the development and distribution of insurance products firms should be mindful of their duty to act in the customers’ best interests and the rules and guidance around ensuring fair value. The introduction of the new Consumer Duty is also likely to be pertinent to firms’ use of Big Data.
The following legislation, standards and guidelines apply generally to Big Data due to its close relationship with Data Protection:
- DPA 2018, UK GDPR (having the meaning given in the DPA 2018), PECR compliance.
- Accordingly, key principles of data protection laws apply: (i) lawfulness, fairness and transparency; (ii) purpose limitation; (iii) data minimisation; (iv) accuracy; (v) storage limitation; (vi) integrity and confidentiality (security); and (vii) accountability.
- The ICO has issued Guidance on AI and data protection which covers Big Data, the main takeaway being to consider data protection at an early stage when carrying out any projects using Big Data.
Spain
The following standards and guidelines shall apply to Big Data due to its close relationship with Data Protection:
- Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights;
- The Code of good practices in data protection for Big Data projects published by the Spanish Data Protection Agency (“AEPD”).
