Note to Insurers: silence does NOT imply consent

  • Maarten Bakker Mathijs Helgers
  • APIOpennessCustomer in ControlInsuranceConsent ManagementOpen Insurance

Data and putting the customer in control over his or her data are crucial elements for any platform strategy, especially in an open ecosystem. For insurance companies it means they can extend and improve their service offering and to develop new revenue models. But if they fail to handle the data with sufficient care, they risk damaging the trust consumers place in them. Experts from INNOPAY advise insurance companies to think carefully about their consent infrastructure.

As society continues to digitalize rapidly and everything becomes a transaction, ever-more data is becoming available that insurance companies can use to their advantage. Access to that data, while being compliant with GDPR, is becoming a crucial element to develop the applications that matter. Among the best-known examples are vehicle telematics devices, which – thanks to the Internet of Things – generate valuable data for providers of car insurance who are keen to gain greater insight into individual driving patterns as the basis for calculating fairer premiums. “But there are many more possibilities, such as fire insurance based on the insurance company having access to the smoke-detector data,” says Maarten Bakker, Senior Manager and Sector Lead Insurance at INNOPAY.

The use of new data sources is already happening. Numerous insurance companies have already attempted to gain insight into consumer driving behaviour by offering to install their own devices in customers’ cars, but very few customers agreed to the idea. “That was creating a closed ecosystem, which consumers were wary of. An open ecosystem is actually more interesting because the data from the device is valuable to other third parties too, such as garages that want to be able to notify vehicle owners when maintenance is necessary. An open ecosystem creates opportunities to develop new customer experiences, products and services” explains Mathijs Helgers, Senior Consultant and Knowledge Expert in APIs at INNOPAY. “It’s important that consumers retain control over what happens to their data, because they must trust their insurance company that their data won’t be sold to third parties,” adds Bakker. “Insurance companies need to foster this trust, not suspicion.”

‘Open insurance’ - API architectures for new propositions

Today the trend is shifting towards open ecosystems, or ‘open insurance’ as Bakker calls it. Rather than trying to gather the data themselves, many insurance companies are increasingly making smart use of data generated elsewhere. That is resulting in new risk models, propositions and revenue models, often within new partnerships with organizations that are interested in embedding insurance products in their own propositions. “Data sharing not only enables companies to give better, more personalized advice, but also to offer new embedded insurance products. For example, if you buy a Tesla nowadays, you purchase an embedded car insurance at the same time. The same is happening with the popular VanMoof smart bikes in The Netherlands for which you can purchase an all-in worry-free subscription with insurance, anti-theft protection, access to Bike Hunters and Bike Doctors. These embedded propositions are backed by insurance companies with the use of API based B2B2C platforms and access to the relevant data.” states Bakker.

181101B f1 insuranceFig 1: Open Insurer communicates and shares through an API architecture

Data cannot be shared unrestrictedly, of course. Since the GDPR came into force in spring 2018, insurance companies have been legally required to obtain each consumer’s permission for their data to be shared. “But irrespective of the legal requirement, it also makes sense to obtain consent,” says Helgers. “For insurance companies in particular, it’s important to win consumer trust, and insurers can do that by telling people exactly what information they intend to share, with which partners and why. An effective consent management framework helps insurance companies to position themselves as a trusted partner.”

Customer in control as the basis for any open platform proposition

Good consent mechanisms where the customer is in control are especially important in an open ecosystem with numerous parties. It is increasingly common for data in open ecosystems to remain at source. In other words, insurance companies and their partners have to pass through a digital gateway or ‘portal’ in order to access it, and they can only do so if they have consent. “We are emerging from an era in which companies have been focused on gathering as much data about their customers as possible, but there have also been various scandals related to the misuse of data. Thanks to GDPR consumer data has become an asset and a liability and it is thus wise to collect no more data than is strictly necessary. If the customer requests a service that requires extra data, the best and only approach is to ask them for consent to use that data,” comments Bakker. 

Insurance companies are currently working hard to establish new open platform propositions to offer products and services, both of their own and from partners. This requires data to be shared with third parties, but often too little – if any – attention is paid to creating an effective consent mechanism in order to organize the trust aspect of that data. Bakker and Helgers advise those insurance companies to stop and think for a minute. “A consent mechanism for data forms the basis for a platform proposition. Start by formulating your vision. Which role do you, the insurer, want to play in the data sharing? What are the objectives? Which partners do you intend to collaborate with? Which data do you want to share? And how do you plan to monetize it all? Then fulfil that role by ensuring effective consent management which revolves around the consumer.”

If you would like to know more about how consent management can support new platform propositions for insurance companies, please contact Maarten Bakker (maarten.bakker@innopay.com) or Mathijs Helgers (mathijs.helgers@innopay.com).

〈  Back to overview