The UK data regulator’s recent warning to UK insurers to keep within the law when seeking access to a proposer’s full medical record raises two key issues: the insurer’s ‘right to know’ and consent. So how are insurers managing consent, and what might need to change?
The principal mechanism that insurers rely on for obtaining consent from a proposer or claimant is the declaration that has to be signed on the proposal or claim form. Such declarations are worded so as to give the insurer virtual ‘carte blanche’ to obtain any information they need for processing the proposal and to share any information they have in relation the proposal.
And therein lies the first problem: that declaration must be signed, for without it, no insurance is on offer and no claim can be considered. Yet the definition of consent with which UK data protection legislation is aligned says that consent has to be “…freely given…”. Sign or go without does not constitute a choice, so the consent that insurers draw from the signing of that declaration can hardly be freely given.
And then there’s the issue of the declaration’s wording being so very general and high level. That aforementioned definition expects consent to be ‘…specific and informed…”. Yet the wording used in declarations provides insurers with only a very generic form of consent. And it is so open that it is hard for policyholders to understand what is likely to happen with their data: that ‘informed’ test seems to have failed as well. Referral fees are an example of the problems insurers can create for themselves in this situation.
There’s a tension here. The very nature of insurance means that personal and small business proposers know little about how insurance works, while the insurer knows little about that they’re being asked to cover. This information asymmetry isn’t going to go away, but it can be managed through a corporate culture that cares about customer outcomes and support for professionalism.
What makes markets work
Consent is very much at the heart of the economic choices that individuals and firms make, so any tension around it needs to be paid attention. After all, it’s what makes markets work; it’s what makes outcomes legitimate.
There’s a lot of interesting research being published about how consent can function in a digital world. Insurers need to pay more attention to such work, just as individuals and legislators need to understand the shift in obligations it could bring about. One starting point could be the declaration wording traditionally used by UK insurers: is the world of big data making it obsolete anyway?
The channels through which insurers engage with proposers and claimants are now so many and varied that it seems relatively straightforward for insurers to devise and test new ways of obtaining legitimate consent when it’s needed. And of course proposers won’t all respond in the same way. Some insurers might blanch at the complexity this might produce, yet why so? After all, if insurers feel comfortable with personalisation from an underwriting perspective, why shouldn’t that come with some personalisation of consent built in as well?
Research into consent shows that it’s very much entwined with trust: if you trust the professional in front of you, you give consent more freely. If such trust is lacking, then you’re more wary and want more reassurances before proceeding. It would be a brave market indeed that sought to sidestep such realities. It is time for insurers to grasp such realities and integrate consent into their digital engagement with consumers.