GDPR bill in current form could ’severely impact business models’, Clyde & Co’s Isabel Ost says
But Clyde & Co senior associate Isabel Ost said that the government’s proposed GDPR bill, published yesterday following a one-month consultation, fails to deliver the concessions around sensitive personal data that the insurance industry was hoping for.
She said: “The government’s statement of intent does not address the industry-wide concern that the regulation in its current format will continue to restrict the insurance chain from being able to process sensitive personal data without obtaining explicit consent, which would severely impact insurers’ current business models.”
The government’s proposed new legislation, The Data Protection Bill, will update and replace the Data Protection Act 1998.
The government asked for feedback on the bill between 12 April and 10 May, and received several responses from insurance industry representatives, including Aviva, AXA, BGL and the Insurance Fraud Bureau.
In its statement of intent, the government has vowed to use the available exemptions in the GDPR and, where possible, reproduce exemptions and safeguards that currently exist in the Data Protection Act in a bid to preserve the status quo as much as it can.
It noted in the statement that the current UK laws on processing criminal conviction and offence data had, among other things, helped facilitate the underwriting of motor insurance.
The government said in the statement: “The government believes that, should this right for a wider range of organisations to process criminal convictions and offences data be removed, there would be a significant, negative impact on UK interests.
“In view of this, and to preserve continuity with an aspect of current data protection which has been proven to work well in practice, we will legislate to extend the right to process personal data on criminal convictions and offences so as to enable organisations other than those vested with official authority to process criminal convictions and offences data.
“We will take a similar approach to that taken for the processing of special (i.e. sensitive) categories of personal data.”
But Clyde & Co’s Ost said: “Although it appears the government will retain the current status quo by legislating to extend the right to process personal data on criminal convictions and offences so as to enable organisations without official authority to process criminal convictions and offences data, the government’s position on the processing of health data by the insurance market is not addressed.”
“It remains to be seen what this legislation looks like in practice so the insurance industry must continue to bang the drum about this important issue.”