Admiral attempted to utilize social media data to help price motor insurance in a failed experiment towards the end of 2016. Facebook and public outcry put an end to that specific incident, but it highlighted insurers’ interest in using insights from personal social media accounts. This too will become harder, with the definition of personal data now expanding to include social media posts, IP addresses, and internet cookies.

Insurers have been able to obtain personal data relatively easily until now, through consumers not ticking an opt-out box. However, with explicit consent now required at the point of sale, and consumers’ rights to have already-held data deleted, insurers will be dependent on customers believing they will benefit from the sharing of their personal data.

If this is not the case, insurers will have to rely more on anonymized data at the cost of opportunities to offer increasingly individualized polices. The new bill also makes it illegal to attempt to identify individuals from anonymized data.

Furthermore, processing data and creating insights is one area where artificial intelligence is starting to be used in insurance, but the bill states that customers will be able to demand that their personal data is processed by a human, not a machine. This may slow the rise of automation in the insurance industry.

In all, the shifts in data protection regulation provide much food for thought for the increasingly nuanced, big-data driven insurance industry.