Fraud detection in motor insurance: privacy and data protection concerns under EU Law

Abstract

Abstract This article focuses on the privacy and data protection concerns under European Union (EU) law with respect to the detection of insurance fraud in motor insurance. Insurance fraud—in the context of this article—encompasses all claims where an insured intends to deceive an insurer, aiming to direct payment towards a person who is not the intended recipient, or to procure payment to which the insured is not entitled. More and more frequently, insurers rely on advanced technologies (such as network analysis) to detect fraudulent claims. Evidently, these techniques need to operate within the boundaries of the law governing the protection of personal data and the right to privacy. The EU General Data Protection Regulation imposes certain restrictions on the processing of personal data. This article analyses the legal restrictions Articles 6 and 22 General Data Protection Regulation impose on insurers with respect to the processing of personal data for the purpose of fraud detection. Moreover, insurers work together to identify known fraudsters by sharing access to a database that contains registered cases of fraud (blacklists). This article analyses the legality of such blacklists in light of the EU law on data protection.