GlobalData Plc

UK Data Protection Bill update creates uncertainty for big data in insurance

New regulation poses questions and risks for insurers looking to use consumer data and analytics in their pricing processes.

The UK’s Data Protection Bill is set to be modernized to include protection for consumers on topics such as internet history, social media, and DNA, as the original bill was passed in 1998. It will be published when Parliament returns from its summer recess in September, and is based on the EU’s General Data Protection Regulation.

Big data and analytics are becoming increasingly essential to insurers in pricing and tailoring policies for customers, but this emerging trend faces some ambiguity. Storing vast amounts of personal data will present an increased risk as the cost of being breached is soaring, to go alongside very damaging reputational damage. The fines for businesses that lose customer data following a cyber attack are set to rise to as much as £17m, or 4% of global turnover, from a previous maximum of £500,000, with the reporting of any incident becoming mandatory.

Admiral attempted to utilize social media data to help price motor insurance in a failed experiment towards the end of 2016. Facebook and public outcry put an end to that specific incident, but it highlighted insurers’ interest in using insights from personal social media accounts. This too will become harder, with the definition of personal data now expanding to include social media posts, IP addresses, and internet cookies.

Insurers have been able to obtain personal data relatively easily until now, through consumers not ticking an opt-out box. However, with explicit consent now required at the point of sale, and consumers’ rights to have already-held data deleted, insurers will be dependent on customers believing they will benefit from the sharing of their personal data.

If this is not the case, insurers will have to rely more on anonymized data at the cost of opportunities to offer increasingly individualized polices. The new bill also makes it illegal to attempt to identify individuals from anonymized data.

Furthermore, processing data and creating insights is one area where artificial intelligence is starting to be used in insurance, but the bill states that customers will be able to demand that their personal data is processed by a human, not a machine. This may slow the rise of automation in the insurance industry.

In all, the shifts in data protection regulation provide much food for thought for the increasingly nuanced, big-data driven insurance industry.

By Ben Carey-Evans, General Insurance Analyst

To get in touch please contact Have something to say on this topic? Join our LinkedIn group: General Insurance Insights.