The document cites two examples of situations where GDPR may hinder insurers' innovativeness:
- the use of blockchain technology, considered by insurers as presenting a high cost-reducing potential, as well as a source of increase transparency, could be jeopardized due to potential incompatibilities with the GDPR. "But how can the GDPR's right to be forgotten and right to rectification be reconciled with the fact that blockchain technology is designed to be an immutable and permanent record of all transactions?" In short, a tool that is expected to have a significant contribution to reinforcing trust in the insurance industry might be lost.
- the EDPB guidelines may discourage insurers from introducing automated processes. "This is because the guidelines allow insurers to use such processes only where they demonstrate that they are necessary, which would not be deemed to be the case if other "effective and less intrusive means" to achieve the same goal exist. In other words, the guidelines may prevent the development of innovative products based on solely automated techniques - such as real-time insurance offered through mobile phone applications - despite these enabling insurers to serve consumers better, faster and at a lower cost."
Yet, the document notes that the GDPR has not fully achieved the level of harmonization that was initially intended. While the GDPR has secured the same level of protection for consumers in all EU member states to a certain degree, it is not always applied uniformly across member states.
Insurance Europe concludes:
"Looking ahead, it will be crucial for the Commission to ensure that the application of the GDPR and its guidelines allow insurers to continue operating cross border and guarantee the safe development and introduction of innovative products that can benefit consumers."
The European Commission is currently taking stock of stakeholders' experiences of implementing the GDPR to prepare its report on the evaluation and review of the Regulation, due by May 2020. The insight briefing published by Insurance Europe examines whether the General Data Protection Regulation (GDPR) has delivered on its aims of enhanced protection and greater harmonization of data protection rules. It also asks if the GDPR is compatible with insurers' need to innovate for the benefit consumers. The full version of the document is available here.