National Data Strategy offers significant opportunity to improve function of insurance market, says Kennedys

Authors / contacts: Karim Derrick and Deborah Newberry

The government’s proposed National Data Strategy offers significant opportunities to improve the functioning of the insurance and other industries, Kennedys said this week.

It also urged the government to take a “much more pragmatic approach” to declaring that other countries have adequate data security post Brexit.

The draft National Data Strategy aims to reflect “the opportunities and challenges of our new hyper-digital world”. Responding to a consultation on it, Kennedys agreed that “data and data use should be seen as opportunities to be embraced, rather than threats against which to be guarded”.

The response explained: “Across the insurance industry, data around risk, policies and claims are poorly standardised. Non-standardisation and a lack of coordination on data mean that data collected by one organisation cannot easily be used by another. This results in duplication of effort and wasted resources.

“Pooling data across multiple sources, both within and between sectors will create new economic opportunities just as has been shown to save lives during the Covid pandemic. Equally, data that is not standardised but is nevertheless pooled produces inaccurate results and in fact increases friction.”

Karim Derrick, Director of Research and Development Innovation at Kennedys, says: “The insurance industry has certainly had to find a way to adapt to the GDPR and is arguably not reaching its full potential due to the limitations and complexities associated with the current data protection framework.

“The fact that we have a legal framework which potentially hinders businesses from innovation and the use of new technologies – such as using aggregated data to price risk or otherwise – in an increasingly digital and data-driven age suggests that changes or clarification may be required.”

Kennedys recognises that there are many matters that need to be carefully considered where insurers are thinking of using aggregated personal data to price risk, augment the claims handling process or otherwise innovate to improve the customer journey.

“We also recognise that the rules which underpin such innovation must encapsulate principles that do not infringe human rights. As the UK takes over the G7 presidency in 2021, there is a clear opportunity for the UK to drive forward a framework that develops those principles, and at the same time, cement its role as a world leader.

“Indeed, we believe we are at a critical moment. Through responsible and human-centred rules, the UK has a very positive opportunity in both data-driven technology and rule-making.”

Kennedys urged the government to improve the approach to transferring data across borders. This is currently governed by the EU making ‘adequacy decisions’ on whether a non-EU country has an adequate level of data protection.

It said the first priority post Brexit should be to obtain an EU adequacy decision for the UK, while issuing an adequacy decision of its own for the EU immediately to speed up what can be a slow process.

Once an EU adequacy decision is obtained, Kennedys said the UK should adopt “a much more pragmatic approach to adequacy criteria and adequacy decisions for third countries than the EU does”.

The response explained: “While it is correct that there is a balance to be struck between the rights and freedoms of individuals and the free flow of data across borders, the EU adequacy decision making process in our view, has been too bureaucratic and conservative. In 25 years, the EU has made 13 adequacy decisions, seven of which relate to small states which are adjacent to the EU. Only two of those countries are in the top 10 trading partners of the EU.

“More than 100 countries globally have data privacy laws, and while those laws vary widely in their level of protection for personal data, and very few offer a truly equivalent standard of privacy protection under the GDPR, there are many jurisdictions that the UK could declare adequate without significantly compromising the rights and freedoms of UK citizens.”

This approach should include negotiating a version of the Privacy Shield between the US and the UK, it added.

Deborah Newberry, Head of Public Affairs at Kennedys, says: “The draft National Data Strategy is a significant and welcome plan that puts data at the heart of the country’s economic wellbeing and seeks to address issues such as trust and human rights that are a vital part of the conversation.

“At Kennedys, we have been working on legal and technical frameworks for operating within the GDPR to protect individual privacy rights whilst ensuring that consumer and corporates are still able to benefit from aggregated data.

“We are developing anonymisation techniques that bring together machine-driven personal data identification, data standardisation, data classification and hashing algorithms to develop data-driven insight free of bias and without compromising individual identities.

“The draft National Data Strategy gives us confidence that the government wants to put a structure in place that supports vital developments like these and place the UK at the forefront of data-driven technology.”