On 1 st July 1994, a genuine single market for insurance was established within the member states of the European Union. Directive 92/96 / EEC established a single system for the authorization and financial supervision of an insurance undertaking by the latter having established its head office. Gradually, the legislation was enriched and had positive impacts on the market, it allowed an increase in competition, for example, in the field of automobile insurance in Germany, the consumer benefits from increased competition from removal of the obligation of prior approval of policies and tariffs which prevailed before the application of the single approval system. Now consumers in Germany have more choice in insurance policies and at lower prices.
More recently, the Insurance Distribution Directive (DDA) of January 20, 2016 introduced obligations that weigh on insurance companies. They aim to protect consumers in their dealings with insurance distributors. It establishes a real duty of advice which weighs on insurers: they must provide an analysis and give an opinion on the client’s situation. This opinion must be impartial and honest, in the best interests of the client. It obliges insurance service providers to provide clients with the IPID, the information document on the insurance product which formalizes the information related to an insurance product, for example it contains contractual obligations or even information on the type of insurance.
Within this European insurance market, the following question arises; how should the competition rules be respected?
The possibility of bringing out more competitive prices and the choice of suppliers
The Commission is contesting certain conditions of access to the Insurance link platform. She accuses the association of having arbitrarily delayed or refused access to the system to companies which had a legitimate interest in being able to access it. In addition, she claims that the company has put in place barriers that are impacting companies’ entry into the Irish car insurance market.
On July 20, 2021, the European Commission informed Insurance Ireland of its preliminary opinion that it has infringed the competition rules of the European Union, that only aims to communicate the complaints to Insurance Ireland and does not constitute a decision in any way. final decision of the European Commission to condemn the company.
Ms Margrethe Vestager , Executive Vice President for Competition Policy, said: “ Access to data is essential to enable insurers to assess the risk they take and offer customers competitive contractual conditions. We are concerned that some insurers and their agents have found themselves at a competitive disadvantage because Ireland Insurance has denied or delayed their access to its data sharing system, which compiles valuable loss information. This prevented the entry of new competitors and hence reduced the choice of competitively priced auto insurance policies available to irl driversandais. Non-discriminatory access to data sharing systems is important to stimulate competition in data-driven markets. ”
Since 2009, access to the Insurance Link platform is subject to being a member of the association. To gain this status, applicants must meet the membership criteria and go through an unpredictable application process. For several years, certain types of insurers were denied access to the platform because they were not eligible for membership. For some companies, their access to the system has been delayed by several years because of mandatory membership criteria. After carrying out its investigation, the European Commission found that the lack of access to Insurance Link has the effect of putting Irish companies at a competitive disadvantage in the Irish market compared to other companies that have access to the insurance base. data. This situation has a negative impact on costs, quality of service and prices. In addition, the problem of restrictive membership criteria constitutes a barrier to entry which prevents competitors from entering the market and therefore reduces the possibility of bringing about more competitive prices and the choice of suppliers.
The lack of access to the relevant data contained in Insurance Link not only impacts the Irish market but would also have an impact on cross-border trade between Member States, it could lead to a partitioning of the single market. If this practice is confirmed, it could be considered as contrary to Article 101 of the Treaty on the Functioning of the European Union and Insurance Ireland could be penalized for this. This article prohibits any agreement between companies or all decisions of associations of companies which could be made to prevent the restriction or distortion of competition in the single market of the European Union. If at the end of the investigation the Commission considers that the charges against Insurance Ireland have been proven, it may impose a fine of an amount equivalent to 10% of the company’s overall annual turnover. Alternatively the commission can proceed to a decision of engagement if no conclusion is drawn as to the existence of an infringement of the competition law so in this scenario no fine will be imposed. As part of this option Insurance Ireland will be able to offer commitments to remedy the problem highlighted by the European Commission. If the Commission accepts its commitments, they will become legally binding on the company, which will be obliged to implement them.
This revolution “ continues to offer opportunities to consumers, in terms of lower cost products and more suitable products “
The question therefore arises: under what circumstances can we consider that a data pooling and sharing agreement is valid and does not violate European competition principles? In the field of insurance, the pooling of data allows insurers to hold a mass of information which enables them to refine their knowledge of customers by crossing data between the different professions and to have the traces left by policyholders on the internet and social networks. It is a means of offering customers products and services in line with their needs and thus ensuring better support for policyholders. Inside insurance companies will be able to offer personalized offers, for example there is the “pay how you drive” offer which applies to the automobile insurance contract and which makes it possible to adapt the price of the contract as well as possible according to the use and risks of each insured. This method not only improves customer satisfaction but also improves the efficiency of insurers.
Depending on their design, data sharing agreements can therefore contribute to the proper functioning of insurance markets. In other sectors, they can also contribute to effective competition in a world where we are data dependent and fully digital. The European Insurance and Occupational Pensions Authority (EIOPA) published its annual report on June 15, 2019 </ a> in which sherecognized the fundamental role played by the use of digital technology and Big data in the field of insurance. This revolution “ continues to offer opportunities to consumers, in terms of lower cost products and more suitable products “. However, she clarified that it is necessary to supervise this use of data because there remains a risk of misuse which could lead to the exclusion of the most vulnerable consumers.
This framework involves in particular ensuring that these operations comply with competition rules. These are principles that the European institutions are striving to uphold, in particular with the establishment of a European data strategy, including the proposal for a regulation on data governance from the European Commission, which allows citizens to control exploitation to give them and provides a framework for companies to exploit them.
But today the collection of data by insurance companies remains subject to the principles resulting from General Data Protection Regulation of April 27, 2016 . The insurance sector has been particularly affected by this new legislation. From now on, all the structures which process personal data from European citizens have many duties to respect the first is the obligation to protect the personal data of their customers as much as possible, this requires in particular the establishment of a register internal as well as a data processing procedure but also by a commitment to process only personal data that are really necessary for the activity. Article 33 of the GDPR provides that “ In the event of a personal data breach, the controller shall notify the breach in question to the competent supervisory authority “, thus insurers have a obligation to inform the competent authority in the event of a personal data breach as well as the persons affected by such breach. These obligations oblige insurers to review their organization, data security and the tools used for this purpose.
The first step in being in compliance with the GDPR, as an insurer, is to secure the data stored in the course of their activity. In fact, the insurance sector is required to keep a certain number of personal data relating to the customer, in particular data relating to the subscription of various contracts. While before the entry into force of the GDPR, insurers could keep the personal data of their customers without limitation in time, now insurance companies must erase the data from their system as soon as they have not signed. contract within 3 years following a final contact. This implies a considerable obligation of vigilance for managers of data pooling systems who must ensure that the data available to them complies with the GDPR.
These obligations involve keeping a regularly updated automated processing register in order to obtain an overview of the flow and storage of personal data and to ensure compliance with the rules of the GDPR.
Eternoscorp supports you to put in place all the necessary measures to be in compliance with the GDPR.
What are the rights of the insured? The GDPR grants rights to customers, in particular with regard to the return and erasure of their personal data. Insurance companies are therefore required to send policyholders a file of all the stored data as soon as they request it. They should also allow them to easily modify their personal data. The GDPR establishes a real transparency obligation incumbent on insurers.
On the other hand, the request for deletion of personal data of customers is limited with regard to various regulations. For example, in Belgium, the law of September 18, 2017 relating to the prevention of money laundering and terrorist financing and the limitation of the use of cash provides in its article 35 that “ C the aforementioned documents and information are kept for ten years at date from the end of the business relationship with the client or of the transaction carried out on an occasional basis ”,“ these documents ”refers to all the documents which record the measures taken pto comply with the obligation to verify the identity of policyholders as well as the difficulties encountered during the verification process. The “ information obtained via the relevant trust services provided for by Regulation 910/2014 ” is also kept for a period of 10 years.
Finally, we see that there is a real European insurance market that the European legislator has gradually supervised, but challenges still remain to be addressed. There will be a need for more in-depth regulation of insurance associations that aggregate their information about policyholders such as Insurance Ireland. New issues will emerge with the increase in cyber attacks that goes hand in hand with the emergence of cyber insurance product offerings.
Eternoscorp remains at your disposal to defend you in your relations with your insurance companies as well as to prepare you for the new challenges that emerge with new technologies.