‘Is the principle of data privacy enough for insurance?’

In 2017 I wrote in this column how data was becoming the new gold. This year, the pressing issue for insurance is who owns this data gold, what rights they have and what this means for the future. Facebook’s problems in this area have rightly already accelerated these issues into the public domain

I am going to examine the case from the positon that data ownership and privacy are fundamental human rights. This is the position that Apple chief executive Tim Cook has taken and is the thrust of the General Data Protection Regulation (GDPR) that goes live across the European Union in May.

So, is a higher standard of privacy the death of digital marketing and artificial intelligence-led insights for insurers? Of course not, however it does mean that insurers must explain and abide by their own policies.
Impenetrable terms and conditions need to be supplemented with educational statements and corporate promises on how data will be managed. If a board can make a statement on corporate social responsibility, it can also make clear its policy on data privacy.

It is only a matter of time before public ratings on company data policies are required and for those customers that choose to exercise their right to privacy, operational processes are needed to give effect to those wishes. But is the principle of data privacy enough for insurance?

Machine-learning is giving rise to a new source of economic value from the acceleration of insights learnt from bigger datasets. In most cases, few would complain about using these insights for commercial benefit.

But what about medical insights from health insurance data that allow earlier and lower-cost treatment – who owns those? And what about artificial intelligence-enabled crop insurance using images to predict the extent of drought – do insurance companies have an obligation to share these findings?

This is the classic economic question about public goods and we must ask ourselves how we are going to regulate these “data lighthouses”.

In addition, we will need to use distributed ledger technology to provide platforms on which trusted and transparent transactions can be executed using encryption, to provide consumers with the level of privacy and data access they are starting to demand.

But it is because not all countries have enacted legislation that gives individuals power over their own data that I continue to consider this a data “war”. China is notable in operating one of the most “open” approaches to data privacy. This has fuelled the rise of Chinese tech giants such as Tencent, and a similar attitude to customer data is now in effect in India and other major emerging economies including Indonesia.

What we are going to see over the next few years is not so much a clash of cultures, but of data standards, as developing economies explore their roles as rising economic powerhouses. Data wars, like artificial intelligence and cyber security, are in their infancy.

I am in favour of the EU’s attempt to improve individual rights, as the United States is now more likely to follow. And let’s hope that both China and India go down a similar path, and that my fear of a data war is overplayed.

It is clear governments have a decisive role to play, but companies, across all sectors, would be wise to reflect on the words of Tim Cook, speaking at a town hall earlier this year: “The truth is we could make a ton of money if we monetised our customer, if our customer was our product. We’ve elected not to do that.”

Also found in Opinion