The rapid technological development in recent years have in many ways changed the way in which companies operate. This is also the case for the insurance and pension industry, which constantly innovates in order to remain relevant for consumers. New technologies such as blockchain, artificial intelligence, machine learning and Internet of Things are having a great impact. New solutions based on these technologies inspire the insurance and pension industry to increasingly think in terms of new processes and new technologies.
Data ethics in a global world
The rising level of digitalisation raises a number of ethical dilemmas. Even though the increased amount of data gives the insurance and pension industry new possibilities for using data to provide more tailor made products for the consumers, it is important to keep in mind whether or not it is ethically acceptable to use the data available.
IPD has developed a set of ethical guidelines for the industry’s use of data. The industry should be able to use the increased level of data available in order to provide more personalized products, but at the same time it is important that the interests of the consumer are protected. We believe that having introduced ethical guidelines and choices will become a competitive advantage for the insurance and pension industry in the future. Consumers must have faith in the industry using their data in a responsible manner and we believe in transparency regarding how consumer data is being used.
IPD supports the work done by EIOPA to secure digital responsibility in the insurance industry. We moreover work to make the common European insurance and pension industry develop ethical principles for the industry’s use of consumers’ data.
Car data from new cars
New cars are “connected cars”. They are connected to the internet and automatically send information from computers in the car to the world around it. Consequently, all cars will in the near future be a source to a large amount of data.
Collecting data in cars will improve the consumers' experience of using the car, it will improve road safety and it will aid the further development of self driving cars. These are all positive developments. However, it is the car manufacturers that control the amount and use of data. Not consumers themselves. This poses a problem.
Current legislation does not regulate the commercial value of car data, as car data is not defined as personal data and thus not regulated by GDPR. New cars collect data about driving behavior, number of passengers in the car, routes being driven and the personal data that is possibly being passed from mobile phones to the car. IPD believe that car owners should be able to decide what their data is used for.
Positions of IPD
Data from cars shall belong to the owner of the car
There is a need for regulation that includes both consumer protection and competitiveness regarding data from cars
Cloud outsourcing
The insurance and pension industry is having difficulties using the advantages offered by outsourcing all or part of its it systems to cloud solutions. This is due to strict regulation, but also to the fact that large cloud suppliers in their contracts use standard conditions which are virtually impossible for the insurance and pension industry to abide by.
IPD hope that EIOPAs future guidelines for cloud outsourcing will not become too restrictive. We moreover hope that the European Commission will develop standard contractual conditions for cloud suppliers. This will help insure that insurance companies and pension funds will not have to use a vast amount of resources negotiating contractual terms in order to abide by the regulatory conditions.
Positions of IPD
EIOPAs guidelines for cloud outsourcing should not become too restrictive
The European Commission should develop standard contractual conditions for cloud suppliers
Cyber security
Cyber security is becoming an increasingly important issue in our digital world. The European insurance industry is working hard to ensure the robustness of the defense against cyber attacks. Cyber insurances are essential for dealing with companies’ vulnerability against the consequences of cyber attacks.
The insurance industry is taking on a large risk regarding cyber insurances due to the fact that is a new and unexplored territory. We are facing a need to develop a more structured approach to collecting data in order to better be able to estimate the risks we are facing. The insurance industry needs to collect more data about cyber risks and incidences in order to develop better products. In this regard there is a need to strike a balance between the need for data while still protecting the anonymity of the companies that have suffered from attacks.
Given that cyber insurance is a market with limited data and experience, it is too early to develop standard requirements to insurance products offered.
Positions of IPD
We work for better guidelines and principles for sharing data about cyber incidences
We work to avoid standard requirements to cyber insurances being introduced at a stage when data is very limited
We work for a common terminology to be used in the area of cyber security