PET-ting your premiums: how PETs help insurers to capture data sharing value
Due to the rise of digital transactions and new regulatory developments, insurers are handling more data than ever before. To capture the value of this data, it needs to be shared – both internally and externally. However, data sharing is not without risks, such as the privacy risks when sharing personal data. Privacy enhancing technologies (PETs) have emerged as a crucial tool for insurers, allowing them to protect sensitive data while still enabling data sharing. PETs reduce risks and simplify compliance by restricting the use of the data to what is required for the specific purpose. Insurers who want to tap into the benefits of data sharing should experiment with proof of concepts (PoCs), build internal data management capabilities and explore possibilities for collaboration. By following these steps, insurers can capture the value of data while minimising the associated risks.
Data sharing is key for insurers to improve the customer experience, risk models and fraud detection
In today's digital age, the world is becoming more interconnected, resulting in a surge of digital transactions. This surge is driven by the increased use of emerging technologies such as social media, cloud services and the Internet of Things (IoT). All this data can help to optimise process efficiency, improve products and/or services and fuel training of AI models.
Insurance is traditionally a data-driven industry because it revolves around the ability to evaluate risks and price them accordingly. Due to the rise in internal and external data transactions between different departments, branches, organisations and even ecosystems (e.g. IoT, mobility), insurance companies are noticing an increase in the volume of data they handle. Besides the technological innovations, new regulatory developments like the Data Act and the Open Finance Framework are further driving the rise of digital transactions.
Access to all this data will enable the insurer’s digital transformation journey to result in a wealth of benefits. For example, the ability to combine health data with employer data opens up opportunities for employee disability insurance. Additionally, fraud detection can benefit from new data, particularly when it comes to double insurance or false claims about one's health condition. Furthermore, data across jurisdictions or from different branches of the same firm can enhance usage of telematics and advanced analytics. Sector benchmarking and tailored offerings for specific customer segments can also be achieved through data from brokers. For all these use cases, data needs to be shared, both internally and externally. By embracing these and other examples of data sharing, insurers can continue to evolve their digital transformation strategies and stay ahead of the curve.
PETs accelerate data sharing by reducing risk and simplifying compliance
On the flipside of the benefits of data sharing are the related risks, such as the protection of privacy. However, privacy enhancing technologies (PETs) have emerged as a crucial tool to protect sensitive data while still enabling data sharing. A key concept here is ‘data utility’, which refers to the usefulness of data in providing insights. Originally, a dataset is like a Swiss Army knife: it can be used for many different purposes, so it is described as having high data utility. PETs restrict the dataset so that it is only useful for a specific purpose, i.e. it becomes a screwdriver rather than a Swiss Army knife. By reducing the data utility to what is required for specific analysis, PETs open up new opportunities, reduce risks and simplify compliance. Examples of use cases for PETs include:
- Multi-party computation: A group of millionaires want to learn who is the richest without disclosing each individual’s wealth
- Federated learning: Developing an AI model by training sub-models locally in individual hospitals and combining the sub-models afterwards (link)
- Synthetic data: Release of high-quality societal microdata without compromising confidentiality (link)
PETs ‘take care’ of GDPR
In the context of GDPR, PETs support the technical implementation of various GDPR principles such as purpose binding, data minimisation and confidentiality, while ensuring that data utility is not compromised. When processing personal data, an insurer is responsible for compliance with these and other GDPR principles, including considering the existence of appropriate safeguards like PETs. Compliance with GDPR remains applicable when using PETs, because the application of PETs to a dataset containing personal information is regarded as ‘processing personal data’. In the Netherlands, the data is still considered personal data after the application of PETs if the source data can be reconstructed from the privacy-enhanced dataset.
3 steps to capturing PET value
To ensure the successful use of PETs, insurers must start by taking three steps: experiment, build and collaborate.
- Experiment with proof of concepts (PoCs) to become familiar with the possibilities and technology providers available. This will allow insurers to identify which solutions best meet their needs, as the value propositions of PETs differ per technology.
- Build internal data management capabilities, referred to as ‘data infrastructures’, to support future (privacy-enhanced) data sharing. By embedding a data management process in their organisational compliance and data governance frameworks, insurers can ensure that they are following best practices and regulatory requirements.
- Collaborate, because data sharing is not just about technology; business, legal, operational and functional issues are just as important to ensure trust in data sharing. Insurers should seek to formalise agreements with data providers and consumers in existing or new working groups. By working together, they can ensure that all parties have a clear understanding of their roles and responsibilities when it comes to data sharing, thus creating the necessary trust.
In summary, insurers who want to capture the benefits of data sharing should experiment with PoCs, build internal data management capabilities, and explore opportunities for collaboration. If you would like to know more about how PETs result in new propositions for insurers, please contact Maarten Bakker or Constantijn Molengraaf.