Data Protection

GDV asks for amendments to the General Data Protection Regulation

On 25 January 2012 the European Commission published the proposal for a new EU Data Protection Framework. The regulation shall apply to the data processing of both the private and public sectors. The German insurance industry supports the harmonization of data protection law in Europe, but legal uncertainties in the proposal will complicate the provision of insurance in the interest of the consumer.

The EU Data Protection Regulation offers the chance to standardise data protection in the European Union in the interest of consumers and business as well as facilitating cross-border activities. In order to achieve this, the one-stop shop principle (sole competency of one data protection authority) should be further developed on group level. Sector-specific self-regulatory measures, such as the Code of Conduct of the insurance industry as well as Binding Corporate Rules for data transfer in third countries, are useful. However, the rules must be less bureaucratic to allow efficient use of the instruments.

Given already high data protection standards, as for example in Germany, rules on the rights of data subjects and on the requirements for data protection und data security should be proportionate, thus avoiding unnecessary bureaucratic burdens. Rules which have clearly been influenced by incidents in the Internet business and only make sense for this area should not be implemented at a general or universal level.

With respect to insurance-specific business processes, the proposal for a General Data Protection Regulation contains substantial legal uncertainties as well as provisions which would make the provision of insurances considerably more difficult and expensive and partly even jeopardize it.

The GDV asks – in its own interest as much as that of its customers –  for a clear legal basis for the processing of the data of the insured and claimants as well as for risk-based pricing and risk assessment as insurers’ essential work. The measures for protection against insurance fraud and unreliable mediators, which were agreed together with the German data protection authorities, need to remain feasible.

The GDV’s complete position paper is available in the download section.