The Internet of Things (IoT) creates a whole host of new opportunities and problems for insurance companies. With devices connected to the internet monitoring your health and lifestyle, insurance companies in the future could potentially capture this data and better understand the risks associated with providing people with their premiums.
And although some may not want to hand over their data, those living a healthy lifestyle will drive this trend, as it will mean cheaper premiums for them.
However, this emerging business model – and it is happening – creates a fresh debate about the privacy of data in an 'IoT' world and also raises a number of concerns for people who may become too 'risky' to insure. Will the IoT create a world where only people living a certain way can get life insurance?
This was one of the very many interesting discussions that took place at a Business of IoT event this week in London. Amanda Brock, director of Origin International Technology Law, provided some very interesting insights on the way that the privacy frameworks are developing in this area, which sparked a number of noteworthy comments from members of the audience.
Brock explained that the European Commission is doing a lot of work in this area and has recently released a report called the Article 29 Data Protection Working Party, which looks specifically at how device manufacturers, application developers, data platforms and other stakeholders should be protecting consumer data when developing for the IoT.
For example, the report recommends that privacy impact assessments should be performed before any new applications are launched in the IoT, raw data should be deleted as soon as the providers have extracted the data they need, the principles of privacy by design should be built into all development processes and stakeholders should provide users access to their personal data.
However, Brock admitted that it isn't an easy thing to get right. She said:
It is a bit of a nightmare. What they have done is looked at data and talked about the balance between the need to use the data that you share with your IT providers, your apps, your system providers, people like your insurance company, and how you as an individual user are going to consent.
Companies and businesses that are going to be ahead of the game are thinking about this now. If you look at that document and the standards that it is trying to set and the way that it is splitting out the different participants – you've got the device manufacturer, you've got the app provider, you've got the primary provider - it's all going to come down to finding different ways to ensure that the user's rights are being respected. The user knows what they're giving the data over for and how it's going to be used.
Then there's the onward requirements that you have: I don't want you to have the data anymore and I don't want you to do certain things, I'm going to have to have the control. This is a time when we need to be looking at standards and collaborating on new ways so that the technical systems find standards.
Brock's comments and her explanation of the standards being set was followed up by a question from a member of the audience, who said he felt as if there was a real friction between what he wants as a user and what the market wants. He suggested that there should be a 'higher level system' put in place where users can control their own data, see who owns what and provide consent where they want.
However, Brock's response was one that may surprise many (especially coming from a lawyer), but I think is increasingly becoming the opinion of many consumers. She said:
As an individual, I gave up on my data a long time ago. Google knows more about me than I do, it knows things that I forgot a long time ago. So, I just don't care anymore. And I don't know whether that's where most people will get to, but I think people of a certain age just think: well you can track me, you can monitor me, so what?
But you'll also see that privacy authorities are increasingly coming down on Google and other companies. The authorities are not going to go away, but I do think collaborative working and lobbying is going to be the best way to do it, so that we do get some sort of standard so that we do know what we have to do and how to comply with it.
Brock's right of course, the authorities, especially in Europe, aren't going to back down. But as we have seen with the 'right to be forgotten' debacle, the authorities don't always have the best answers. However, there was a general agreement amongst members of the audience that they are getting to the stage where they don't particularly care who has their data and what they're doing with it.
But, of course, this could all change in the future. If insurance companies are going to be using my data to determine how much I'm charged for my premiums, or whether or not I can get insurance at all, maybe I would care if they used my data and how they used it? A member of the audience rightly pointed out that we are probably one step away from companies offering cheaper premiums or prices for products if we sign over our rights to let them do what they want with our data. Could data privacy just be for the rich going forward? It doesn't seem like we can dismiss the idea.
However, another member of the audience was actually from insurance provider Aviva, who was also sponsoring the IoT event. Forgive me for not getting her name, but the Aviva representative did say that insurance companies are very much monitoring this space and that there is this problem of the 'uninsurables'. She said:
This is a very real scenario that you've described here, the emerging 'uninsurables'. Okay they may not be uninsurable, it will just be at a price that they don't want to pay or that they can't afford to pay.
Worrying, very worrying. But the Aviva representative didn't seem too concerned for two reasons. Firstly, she argued that there is already precedent for dealing with situations such as this – which can now be applied to IoT. And secondly, she believes that it may actually lead to a healthier population. She
This is where regulators and government come in, there's precedent already for the tech side and the internet of things space. There's measures in the flood market, for example. The more and more insurers know about the flood risk, the more and more some properties seem to be uninsurable. There's industry responses forced by the regulator where the insurers have had to create a risk pool. So there is responses to it.
But there's also a point about behaviour modification – it's in your interest to become more healthy because your costs will go down, so we hope that there is a beneficial impact. In motor we see that already, with telematics used to monitor driving behaviour, which is pushing down fatality rates in younger people on the road.
This concerns me on so many levels. While I agree with Brock that I too don't really care who has my data or what they are doing with it at the moment, I really hate the idea of insurance companies knowing everything about my lifestyle in order to decide how 'risky' it is to insure me. That may be because I'm a journalist and live quite an unhealthy lifestyle, but I do not like the idea of being forced into living a certain way just to get certain benefits – benefits that I have to pay for. I mean, do we really want everyone eating healthily and exercising? Our systems are strained enough as it is with people living longer.
The idea of a group of 'uninsurables' – people that are either too unhealthy, too risky or too poor to get insurance - just doesn't sound right. I mean, who decides what is healthy? Do I have to exercise every day? Can I only have 2 beers at the weekend? Will my insurance premium go up if I am monitored and am not living up to 'my part of the deal'. If this is the world that the IoT is going to bring, I'm not sure I'm particularly looking forward to it.
Industry analyst, James Governer at Redmonk however finished the session with a comment that did fill me with some hope. He said:
On the one hand they want to whittle out all the bad customers, but at some point you have whittled out all the bad customers and you are left with no customers. Good luck to those guys, if you think you're going to find the perfectly healthy human and that's the only one they're going to insure, that's a pretty small market.