Insurers, data collection and the blurred line between pricing and personalization

In the age of self-optimization, the smartwatch is a must-have accessory. It can track your sleep, your heartrate, your exercise regimes, your menstrual cycle. It’s an accessory that collects some of your most personal information — a fact that’s not lost on insurance companies.

More data means the development of better, more accurate technology that can be used by insurers to assess your health prospects. That data, if shared, may be good for you — but it’s even better for companies assessing the cost of insuring you.

In Australia, the only thing standing between insurers and the unimpeded use of health and fitness data collected by a smart watch is industry regulation. But that doesn’t mean insurance companies aren’t doing whatever they can to feed health data into their algorithms.

Australian consumers are being encouraged to link their smart devices to their insurance providers’ apps, with the drive marketed as a way to personalize insurance products and specialize offerings to members’ benefit. It’s all about convenience and an improved experience.

But there are growing concerns at the heart of this data-aggregation boom over how informed consumers are of the information they’re handing over and exactly how that information is being used. Health insurers may not be able to use the data collected to discriminate against potential clients; nonetheless, the industry’s hunger for personal information comes with significant privacy considerations.

It’s a situation that’s typical of Australia’s overlapping regulatory landscape, where the lines between financial services, privacy and competition regulation blur in a way that leaves consumers vulnerable across a range of industries: from health and wellness to supermarket and retail-outlet loyalty programs to life insurance.

It’s a question Australian and global regulators alike have struggled with for years. If a product — in this case, a smart watch — can only be accessed on the condition that the data it generates be shared, does the consumer actually have a choice?

And as more data accrues, there’s the potential that insurers will attempt to move away from a traditional “risk pooling” model — in which the overall risks are considered against the prospects of the average consumer — toward a future of cherry-picking the healthiest individuals.

Meanwhile, the ambiguity of Australia’s aging, ill-equipped privacy law and its slow-paced review is driving up the risk of sensitive personal data generated by a smartwatch being misused by insurers.

Data increases

Whether it’s a mobile phone application linked to your car that monitors your driving efficiency, or a health insurance wellness app linked to your smartwatch, the increase in data collection and a possible move towards the aggregation of that data is happening fast.

For example, recent Australian media reports suggested that life insurers were increasingly interested in sleep data and that wearable-technology data is helping to diagnose and treat disease.

The privacy risks that the flow of this data to insurers may pose appear not to attract much media interest; nor does the question of whether consumers downloading applications or linking devices to benefit insurers are in a position to offer informed consent.

However, regulators and researchers appear alive to the privacy risks posed by this type of data flow — even within the context of industries regulated to prevent discrimination.

Even the country’s competition and consumer regulator, which appears increasingly alive to issues of privacy, has sounded the alarm over the prospect of Big Tech attempting to monetize health and fitness datasets collected and compiled through smart devices.

In late 2019, days after Google announced its $2.1 billion acquisition of smartwatch maker Fitibit, Rod Sims, the then-chair of the Australian Competition & Consumer Commission, or ACCC, said that any assurance Google offered about not on-selling Fitbit data was essentially worthless.

The global deal closed in January, despite the fact that the ACCC was conducting an enforcement probe of the deal. That probe, which takes in both competition and consumer considerations, is ongoing.

Wellness apps

Insurers AIA Australia and NIB Health Funds, as well as airline operator and insurer Qantas, all run wellness apps that earn rewards for users in varying forms.

Health and life insurance provider AIA describes its AIA Vitality app as “a personalized, science-backed health and wellbeing program that […] incentivizes you to move more, eat well and complete regular health checks.”

The app is available for people with AIA Health and AIA Life Insurance policies. It’s linked to a compatible smart device and then users progress through a rewards program, potentially earning a 20 percent discount on their premium.

Seen against the backdrop of existing regulatory restrictions, these rewards are important.

Australia has a public health system, accessible to all. However, it also has a parallel private health system, which offers shorter waiting times for surgery. Health-insurance policies cover hospitalization in the private health system and provide policy holders with additional benefits.

All Australian health insurers are governed by a community rating system. Regardless of health status, age, gender or any other factor, individuals will be charged the same premium as every other member living within their state.

However, insurers can offer a discount if they know you’re moving more or eating well. But the regulatory framework means that the opposite behavior — someone moving less and choosing a less healthy diet — cannot lead to policy increases or, even, to the denial of a policy.

In response to written questions from MLex, NIB Chief Executive for Australian Residents Health Insurance, Ed Close, underlined that the insurer’s app was offered “at no additional cost” to users.

“When a NIB member uses our Well with NIB app, we may collect personal information to send communications to our members which contain personalized health information, products, and services,” Close said.

“We may also use a member’s personal information to identify areas where they may benefit from one of our health management programs,” he said, adding that it was up to the member to decide whether to participate.

What’s more, member may request that their personal information be erased from the app if they choose to no longer use it,” NIB told MLex. The insurer was adamant that this information wasn’t being used to price product, but merely to customize their client offers.

However, the line between pricing and personalization is blurred when a policy tailored to one’s lifestyle brings with it the benefit of a future discount. Even if these discounts benefit the consumer, they nonetheless establish a nexus between health data and pricing. After all — a discount amounts to a change in price.

Privacy warnings

Data generated by wearable technology gives insurers a big advantage. Not only can they know their customers better, but they are also able to fine-tune algorithms to profile people in a more detailed way. How those profiles will be used in the future is unclear.

Industry observers agree that all insurance companies in Australia are already competing to find their cheapest clients — that is, the policy holders less likely to fall ill and cost the insurers. Wearable technology speeds up that race, putting those with the most data at a competitive advantage.

Katharine Kemp, a law lecturer at the University of New South Wales, in Sydney, told MLex that there was “the potential for insurers to be discriminating and even excluding [based on] health indicators or activity levels they're picking up from the device.”

And in the longer term, Kemp says, a company could apply data to artificial intelligence and make “inferences and predictions about the consumer's future health; possibilities and probabilities that the consumer themselves might not know about and could be used against the consumer.”

“Some discrimination or exclusion will be hard to discover because the company will be using targeted advertising and it can just decide not to show its online ads and offers to 'undesirable' consumers,” Kemp told MLex.

“If you move to this intense surveillance, monitoring and pervasive data collection, you move towards cherry-picking and discrimination,” she added.

And with opaque privacy agreements and statements, any consent a consumer gives to hand over data generated by a smartwatch is probably ill-advised, Kemp argues.

“We really do need a change in the law — we need both laws against unfair uses and strong enforcement of higher standards of consent,” she says.

“It’s entirely disingenuous to say consumers are consenting to something when they don’t understand it and you have to consent to a bunch of vague extra purposes when you only want to agree to what's necessary to buy the product,” Kemp told MLex.

More to it

The issue of Australian personal data flowing from insured to insurer goes beyond wearable watches and life- and health-insurance industries, according to research published this week examining ways in which insurance companies are skimming data.

Zofia Bednarz, a Lecturer in Commercial Law at University of Sydney, has looked at access and collection of data as part of broader research looking at insurance law and antidiscrimination.

In an interview with MLex, Bednarz pointed to loyalty programs run by companies that also offer insurance products, such as Qantas and supermarket Coles Supermarkets Australia. Both companies offer loyalty programs, as well as products including home, health and pet insurance.

Bednarz analyzed privacy policies in place around a year ago and said their wording meant they might be changing and exchanging data between loyalty schemes and insurance products. “We’ve got no means to know how pricing of insurance works because companies keep it completely secret,” she said.

But what’s clear is that insurers show no sign of slowing their pursuit of data and the regulatory ambiguity underlines the urgency to update Australia’s 1988 Privacy Act.

Progress on the review has been slow. And this, according to Australian Privacy Foundation Chair David Vaile, has left the use of data by insurance companies as both a time bomb and “a honeypot.”

“It’s so rich and so attractive that even if it’s not being abused in this instant, it lures in ostensibly straight operators and scammers [alike],” Vaile told MLex.