How open will open insurance be?

On 28 January 2021, the European Insurance and Occupational Pension Authority (EIOPA) launched a public consultation on a Discussion Paper titled “Open insurance: accessing and sharing insurance-related data”. In that paper, EIOPA explores whether and how far insurance value chains should be ‘opened’ up, i.e. whether and how far insurance-related and specific policyholder data should be shared amongst insurance and non-insurance companies.

Learning from payments

The discussion around open finance started more than five years ago in the banking sector, essentially in the payments area. Via PSD2 (the Second Payment Services Directive) of December 2015, applicable as of 18 December 2018, the EU pioneered open banking and introduced it in the EU and the EU legislative framework. Few jurisdictions worldwide have followed the EU’s example. Essentially, open “banking” focuses only on electronic payments, and based thereon also on account information services and payment information services. No other banking products were envisaged. But PSD2 marked an important step towards the sharing and use of customer-permissioned data by banks and third party providers to create new services. Indeed, the intended result of open banking is to make it possible for any accountholder, be it a retail, wholesale, public or private accountholder, of any account of any EU credit institution, to decide to pass on his or her account and payment information of one or more banks to third parties or to one another. It is not the bank which decides on the sharing, but the customer. The bank ‘only’ needs to make it possible. Ultimately, it is the customer instructing the bank to make his or her data available to a third party. Third parties can use the information to create new products. But the bank can also allow its app to work as an aggregator where data of other banking accounts are being added upon your demand and in line with your approval for further use. There is as of yet no PSD2 type legislation for insurance, pension or other banking or investment products. There is no definition of open insurance.

Open finance framework in the EU under preparation

In the Digital Finance Strategy of 9 September 2020, the Commission laid out as third priority the creation of a European financial data space. The Commission intends with such data space to promote data-driven innovation, while building on the European data strategy, and in full alignment with broader data access initiatives, such as the upcoming Data Act, and the already proposed Digital Services Act, currently being discussed by the co-legislators. It announced that it will present a legislative proposal for a new open finance framework by mid-2022. The Commission is also reviewing its competition policy to ensure that it is fit for the digital age. In this context, it will also determine whether sector-specific measures are needed to ensure fair access to platforms for all financial service providers.

Open insurance and GDPR

The main areas of EIOPA’s consultation paper include (1) open insurance definition and use cases, (2) open insurance and suptech (3) risks and benefits of open insurance, (4) regulatory barriers and (5) possible areas to consider for a sound open insurance framework. Next to the discussion paper, EIOPA also published a survey with a mixture of multiple choice and open questions. EIOPA considers that there might be potential on open insurance for consumers, for the insurance sector and for supervision, if handled right. According to EIOPA’s initial analysis, the exchange of both personal and non-personal data through (open) Application Programming Interfaces (APIs) has started to emerge in the insurance sector. This API based exchange seems to be the most common understanding today of what is open insurance. But the concept can go wider.

I believe it is only a matter of time before data portability, including in financial services, will become mainstream because of the interplay with the General Data Protection Regulation (GDPR). Article 20 of the GDPR foresees the general principle that data subjects should have control of their own personal data. This portability of personal data, financial and non-financial, coupled to the internal market’s free movement, empowers data subjects, the clients of financial services providers, to transfer their personal data from one provider to another. Translated to insurance, this would mean for example that you as (prospective) policyholder can instruct your insurer to provide your data to another party. But it may also foster the creation of new businesses focused on data-sharing service provisions, and ultimately a new data-sharing infrastructure.

So, when the Commission will come out with its framework on open finance, this shouldn’t come as a surprise. Once the principle of open banking was out in the field, turbocharged by GDPR, it was quite foreseeable that at some point in time the ‘open’ principle would wind its road into other sectors.

Enough food for thought

But obviously, there is the issue of (EU-wide) standardisation. GDPR does not provide a technical communication standard to exchange data between parties. And that is just one area where the shoe pinches and where further EU-wide solutions like in PSD2 might be necessary. What worries EIOPA also is that open insurance could also give rise to new or amplified risks such as data security, cyber risks, and liability, ethical and broader consumer protection issues. Increased data sharing, especially if combined with artificial intelligence or machine learning tools could also increase financial exclusion, dixit EIOPA. And the issue of a level playing field and reciprocity is thorny. At the same time, the potential EU approach on open insurance could contribute to a more integrated and efficient EU insurance market. And could it ultimately be a role model for other jurisdictions outside of the EU?

Ample food for thought. To find such a balance, EIOPA believes a broad multi-stakeholder discussion is needed. Stakeholders are strongly encouraged to provide views to the Discussion Paper by filling out the EU Survey Tool by 28 April 2021.

Lieve Lowet