The insurance industry’s appetite to see how Big Data might be mined to price products more accurately attuned to individual consumer behaviour is growing. Messrs Dino Wilkinson and Tyler Dillard of Norton Rose Fulbright caution insurers to tread carefully when harnessing the power of Big Data or risk losing customers and being embroiled in litigation.
The broader market and regulatory conditions, coupled with changing consumer preferences and wider cultural trends, have impelled insurers to harness the power of technology to reduce risks, cut costs, make profit and grow.
Insurers are under increasing pressure to price more competitively, estimate reserves more precisely and assess risks more accurately. They are constrained by unfavourable macroeconomic factors, historically low interest rates, lower premiums, more claims, harsher regulatory capital requirements and a soft market inundated with excess capital.
Big Data is the aggregation of large amounts of data derived from exploitable data sources. Growth objectives are at the centre of attempts by the industry to harness Big Data’s power to analyse consumer behaviour. The sources of such data, in particular social media platforms, and how that information could be used to meet customer expectations and to set premiums, are matters which regulators and lawmakers are struggling to address in a coherent and modern way.
Computer algorithms can be used as proxies for underwriting calculations. Previously untapped data can be analysed to get a richer and more accurate assessment of an individual as a risk.
For example, a potential insured’s social media posts can be digitally analysed to determine whether or not that person would be conscientious behind the wheel.
The concept is simple: if the data retrieved from social media and other sources indicate that the prospective insured is a careful driver, the person’s premiums can be adjusted to reflect the risk. “Posts” and “likes” can give the insurer insight into personality traits associated with good driving.
But where should the boundary lie between consensual use of personal data and an intrusive use of personal information? Certainly, falling on the wrong side of this line might lead to insurers and brokers that use personal data being subjected to a barrage of public criticism, not least from human rights campaigners, data privacy and digital rights groups, but also from consumers and regulators, the combined effect of which could sink Big Data initiatives involving social media and impact profits.
The insurance industry’s appetite to mine Big Data to price products more attuned to individual consumer behaviour is inexorably growing.
However, the notion of harvesting and using social media data – which may include information about a person’s private and family life, which is often strictly protected by constitutional and criminal laws throughout the Middle East – to determine insurance eligibility and set premiums raises a number of legal (and policy) concerns.
Given the exponential speed of technological advancement, the law and regulation can only address these issues up to a point, begging the question: what regulatory boundaries and ethical parameters will, in the future, be applied to insurers in the deployment of data derived from unconventional sources like Facebook, Twitter or Instagram?
This article seeks to answer this question by:
- Examining the use of Big Data by insurers to assess risks and set premiums;
- Exploring the ethical parameters and regulatory boundaries around the use of Big Data by insurers and the potential impact of such initiatives; and
- Considering the general regulatory response to Big Data to date.
Mining Big Data sources
Big Data is part of the wider ecosystem of InsurTech – the developing union between insurance and technology. The most prevalent sources for Big Data are the ubiquitous “connected” devices like telematic (or “black-box”) sensors installed in vehicles, location-based sensors fitted in offices and homes, and wearable devices such as watches and step counters.
These devices, now regularly offered with motor, home and life polices, are capable of collecting, storing and transmitting vast quantities of real-time, objective and unfiltered data, which can be used to construct an individual profile of a policyholder’s behaviour and the risks associated with his habits.
In addition to the information received from telematic devices which provide data on physical hazard, insurers are also interested in data on moral hazard – what makes the insured tick, how they perceive risk, their honesty and likelihood of committing fraud.
Data sources such as social media can be used to produce a “personality-based risk assessment” constructed from an applicant’s interests and purported levels of organisation and other characteristics.
Insurers could seek to rely on such data (and the science purportedly linking personality traits to driving) to adjust premiums. A number of insurers have taken similar steps by offering reduced premiums in return for more data derived from connected devices and as a reward for good driving and healthier lifestyles.
Legal and regulatory concerns
Although consumers are likely to be drawn to the prospect of reduced premiums that access to Big Data can offer, there are a number of legal concerns which merit careful consideration, principally in the areas of data privacy, confidentiality, cyber security, intellectual property and even competition laws in some countries.
Though these matters are outside the scope of this article, it is worth noting that some of the data that would be analysed might constitute “personal data” for the purposes of the data protection regulations applicable in local financial free zones such as Dubai International Financial Centre, Abu Dhabi Global Market and Qatar Financial Centre.
As data processors under these regulations, insurers operating in those free zones must be cautious about how they obtain data and be transparent about its usage.
Regional governments are following this trend of stricter regulation for personal data as evidenced by the recent publication of a data protection law in Qatar.
Internationally, market developments include the upcoming General Data Protection Regulation in Europe – set to be implemented in May 2018 – which spells out more robust obligations on companies harvesting data, including from digital sources like Facebook.
An additional concern in Middle East jurisdictions is the strict approach to information about personal and family life. Unauthorised disclosure of such information is a criminal offence under many national laws, such as the UAE Penal Code.
The potentially severe sanctions for such crimes and the uncertainty of how these laws may be applied in the case of data collection and use (particularly where this is done without the knowledge or consent of the relevant individual) are significant barriers to insurers considering the use of these techniques.
Beyond data protection and privacy laws, the use of social media raises regulatory concerns over pricing practices and risk segmentation. Extensive usage of Big Data (as well as the transmission of data over connected devices) in underwriting has the potential to segregate the risk pool, resulting in certain consumers being unable to obtain or afford insurance.
Big Data initiatives could also penalise loyal (and inert) customers, who, satisfied with their existing policies, may be less likely to “shop around” for more competitive quotes.
To the extent that gathering and using social media data were to become commonplace in underwriting, the transfer of such data between firms could become a logistical and regulatory nightmare, for example, on a portfolio transfer.
From the perspective of insurers, there is an inherent risk from using social media data, as customers may eventually “game” the system as they learn what types of information to publish on social media, in order to procure a lower premium, which would seriously undermine the underwriting process.
Some international regulators have started to tackle some of the industry’s issues on data usage. For example, the UK’s Financial Conduct Authority considered several of these issues in its September 2016 Feedback Statement on the use of Big Data in the retail general insurance sector.
However, regional regulatory bodies in the Middle East have generally been quiet on the increasing use of Big Data by insurers.
This perhaps reflects the complexity of the issues and the uncertainty around application of national laws, in addition to the more general difficulty of matching law and regulation with the pace of technological innovation.
However, as they continue to develop and launch their Big Data and other InsurTech plans, insurers will increasingly be looking for assurance that they are not falling foul of the rules to which they are subject. This may help to drive more industry-wide guidance on the parameters for using social media (and more generally, Big Data) in assessing and pricing risks, as this approach becomes more commonplace in the local markets.
The use of data from social media could enable long-term and general insurers to offer more personalised coverage to consumers and price premiums more closely aligned to the customer’s actual risk profile.
Given the legal and regulatory uncertainties in the Middle East, it is not surprising that insurers are treading carefully with any plans to harness the power of Big Data.
Indeed, there are numerous challenges to navigate before insurers can even think of requiring consumers to pass on more data as a condition precedent to underwriting the risk at a normal premium or using the data to impose unjustified exclusions.
As technology continues to advance, the boundaries are likely to be set by international best practices, industry guidance and each insurer’s own policies.
In the interim, insurers will continue to explore Big Data initiatives. However, they will need to ensure that such plans are fair, reasonable and transparent. Otherwise, they could risk losing customers or even face legal sanctions, regardless of how admirable or beneficial to the insured it may initially appear to be.
Mr Dino Wilkinson is Partner, Norton Rose Fulbright (Middle East) LLP and Mr Tyler Dillard is Associate, Norton Rose Fulbright LLP.