Insurance Europe welcomes EU Data Act but seeks ‘robust’ sector legislation
Insurance Europe said the proposed EU Data Act is set to shape the single market for data and it is therefore crucial that the rules establishes a framework that supports innovation.
The European insurer body has published a paper that examines the impact of different positions taken on the Data Act proposal by the European co-legislators — the European Commission, the Council of the EU and the European Parliament — in trialogue discussions.
The federation said that it welcomes the Data Act proposal, as it sets out key principles on how to access and share data collected from connected devices.
But it pointed out that “robust” sector-specific legislation on access to in-vehicle data is still needed to provide the confidence and incentive that independent providers require to invest in new data-driven services.
Insurance Europe pointed out that telematics-based insurance policies offer consumers the possibility to customise their insurance policy according to their needs.
For example, ‘pay as you drive’ insurance calculates the premium based on the actual mileage driven. It can therefore benefit anyone who wants to take control of their insurance premium.
In particular, it can reward low-risk drivers with lower premiums and reduce insurance premiums for drivers who drive less frequently, thereby both improving road safety and helping to cut greenhouse gas emissions.
Telematics can also reduce the length of the claims process and deter fraudulent claims, said Insurance Europe.
The federation has also welcomed the addition of EU texts that aim to strengthen the enhanced data-portability rights under Article 5.
“To ensure the data shared by the manufacturer is usable by the third party, it is important that it is delivered in a structured, commonly used and machine-readable format and accompanied by the relevant metadata to interpret and use such data,” it said.
Insurance Europe also said that the European insurance industry welcomes efforts made by the co-legislators to clarify that inferred and derived data should not be part of data-sharing obligations.
“As a key principle, data-holders should not be obliged to share business-sensitive information or proprietary data they have generated and analysed/enriched themselves and that is the outcome of their own work,” it pointed out.
The federation stressed that trade secrets and business-sensitive information should be excluded from data-sharing obligations.
“The mere risk of having to disclose this data could hamper innovation, with negative consequences for the development of the European data economy. For this reason, Insurance Europe supports the Council’s approach in Article 5 (8), which clarifies that in exceptional cases a data-sharing request can be refused if the data-holder is able to demonstrate that it is highly likely to suffer serious damage from the disclosure of trade secrets,” it stated.
Insurance Europe said that the protection of trade secrets should not be used as a loophole by manufacturers to refuse requests for data access.
“In this regard, Insurance Europe welcomes the European Parliament Recitals 24 (b) and (d), indicating the need for sector-specific regulation specifying the minimum available datasets that are essential for the provision of key aftermarket services,” stated the federation.
“While the Data Act is an important step towards the development of the European data economy, it will not be sufficient by itself for the automotive sector. Only a dedicated piece of legislation on access to in-vehicle data will provide the confidence and incentive that independent service providers require to invest in the new data-driven services in the automotive sector that will benefit consumers and the whole of society by providing smarter, safer and more sustainable mobility solutions,” said Insurance Europe.
In a recent report published on the Data Act, Blanca Escribano, EY Spain’s partner at EY Abogados and digital law leader, stressed the importance of the protection provided by the proposed rules for European businesses in an age of heightened industrial espionage.
She pointed out that the Data Act proposal seeks to prevent the unlawful transfer or access to non-personal data by third countries, complementing the framework on international data flows laid down in the GDPR and the Data Governance Act.
“With growing concerns about industrial espionage, intellectual property (IP) theft and unlawful access to information by foreign authorities, the new rules focus on protecting commercially sensitive data as trade secrets and data subject to intellectual property rights or confidentiality obligations under European law. Therefore, certain measures are introduced to ensure that the level of protection provided by the European regulatory framework is observed when non-personal data is transferred outside the EU territory,” she explained.
“For these purposes, data-processing services providers must adopt all reasonable technical, legal and organisational measures to avoid international transfers or governmental access to non-personal data held in the EU that could create a conflict with EU or national law (eg, commercially sensitive information, data that may affect security or defence interests),” she added.