Big Data in the Insurance Industry: Leeway and Limits for Individualising Insurance Contracts

Author:Florent Thouvenin - Fabienne Suter - Damian George - Rolf H. Weber
Position:Professor of Information and Communications Law, Chair of the Executive Board of the Center for Information Technology, Society, and Law (ITSL), and Director of the Digital Society Initiative (DSI) University of Zurich, Switzerland - Ph.D. cand., University of Zurich, Switzerland - Ph.D. cand., University of Zurich, Switzerland - Professor of ...
Big Data in the Insurance Industry
Big Data in the Insurance Industry
Leeway and Limits for Individualising Insurance Contracts
by Florent Thouvenin*, Fabienne Suter, Damian George and Rolf H. Weber§
© 2019 Florent Thouvenin, Fabienne Suter, Damian George a nd Rolf H. Weber
Everybody may disseminate this ar ticle by electronic means and make it available for download under the terms and
conditions of the Digital P eer Publishing Licence (DPPL). A copy of the license text may be obtain ed at http://nbn-resolving.
Recommended citation: Flor ent Thouvenin, Fabienne Suter, Damian George and Rolf H. Weber, Big Data in the Insurance
Industry: Leeway and Limi ts for Individualising Insurance Contracts, 10 (2019) JIPIT EC 209 para 1.
California law prohibit such individualisation based
on protected characteristics, in this way further re-
stricting the remaining leeway. While privacy laws in
the U.S. and California set some significant but rather
specific limits for the individualisation of insurance
contracts based on the use of personal data, the all-
encompassing Swiss (and European) data protection
law is clearly the most important barrier to individu-
alisation in Switzerland. Namely, it remains unclear
whether the processing of personal data for the pur-
pose of individualising insurance contracts may be
based on the legitimate interests of the insurer. As a
consequence, insurance companies are advised to al-
ways obtain their customers’ consent for making in-
dividual offers based on big data analytics. The au-
thors conclude that instead of indirectly hindering
the individualisation of insurance contracts through
data protection law, Swiss (and European) lawmakers
should initiate a dialogue involving all stakeholders
to determine which sectors of insurance should be
dominated by the principle of solidarity and in which
sectors and on what informational basis the individ-
ualisation of insurance contracts should be allowed.
Abstract: With the advent of big data analytics,
the individualisation of mass market insurance poli-
cies has become commercially attractive. While this
development would have positive economic effects, it
could also undermine the principle of solidarity in in-
surance. This paper aims to outline the different reg-
ulatory approaches currently in place for dealing with
this fundamental challenge by analysing the insur-
ance, anti-discrimination and data protection laws
of Switzerland and the U.S./California pertaining to
health, renters and automobile insurance. It will be
shown that the leeway for individualising insurance
contracts is vanishingly small for (mandatory) health
insurance on both sides of the Atlantic. By contrast,
the two legal systems pursue different regulatory
approaches with regard to the other two types of in-
surance. Renters and automobile insurance are pre-
dominantly governed by the freedom of contract
principle in Switzerland, whereas in California sec-
tor specific regulations significantly limit the infor-
mational basis of insurance companies, thereby lim-
iting the leeway for individualisation to a large extent.
While Swiss anti-discrimination law hardly restricts
the individualisation of insurance contracts, U.S. and
Keywords: Individualisation; Big Data; Insurance Contracts; Insurance Law; Discrimination; Data Protection Law
Florent Thouvenin, Fabienne Suter, Damian George and Rolf H. Weber
A. Introduction
1 The individualisation of insurance contracts is not
an entirely new phenomenon, but it has long been
quite costly and, therefore, not very widespread.
By denition, insurance is a data-rich industry; the
insurance undertakings always had to base their
business on accurate and relevant data for risk-
based calculations.1 The growing amount of data
(big data), the increasing computing power and
novel technologies (big data analytics), however,
allow today’s insurance companies to individualise
insurance contracts in all sectors of the industry.
In most insurance markets, companies have long
operated with categories of insured for which
they calculated the risks and the corresponding
premiums. But due to big data analytics, it has
recently become commercially viable to create
risk proles for individual customers and make
them corresponding individual offers.2 At least
from today’s perspective, this applies above all to
insurance premiums. Individualisation of other
contractual conditions is unlikely to be commercially
attractive in the near future.
3 The individualisation of insurance premiums raises
fundamental legal questions. Given that one of the
basic concepts of insurance has always been (and
* Professor of Information and Communications Law, Chair
of the Executive Board of the Center for Information
Technology, Society, and Law (ITSL), and Director of
the Digital Society Initiative (DSI) University of Zurich,
Ph.D. cand., University of Zurich, Switzerland.
Ph.D. cand., University of Zurich, Switzerland.
§ Professor of Law emeritus, Member of the Executive Board
of the Center for Information Technology, Society, and Law
(ITSL), University of Zurich, Switzerland.
1 Rolf H. Weber, ‘Big Data in the Insurance Industry’ (2016)
Jusletter dated 12 December 2016, para 3.
2 Cf. IBM Corporation, Harnessing the power of data
and analytics for insurance (White Paper, 2015) 2;
PricewaterhouseCoopers, Der Insurance Monitor:
Operational Excellence - Analytics als Grundlage für ein
digitales Geschäftsmodell, June 2016, <
geschaftsmodell/> accessed 25 September 2018, at 18 ff.;
BearingPoint Institute, ‘The smart insurer: more than
just big data‘, <les/BEI004-17-
accessed 25 September 2018, 58; Philip Bitter and Steffen
Uphues, ‘Big Data für die Versichertengemeinschaft’, in:
Thomas Hoeren (ed) Phänomene des Big-Data-Zeitalters:
Eine rechtliche Bewertung im wirtschaftlichen und
gesellschaftlichen Kontext, (Westfälische Wilhelms
Universität Münster 2019) 147, 153 f.; Weber (n 1) para 8ff.
For times when such individualisation was not yet possible
cf: Willy Koenig, Schweizerisches Privatversicherungsrecht:
System des Versicherungsvertrags und der einzelnen
Versicherungsarten (Herbert Lang & Cie 1967) 172.
continues to be) the solidarity of the insured,3
the law will need to strike an appropriate balance
between the opposing concepts of solidarity and
individualisation. Different legal systems will come
up with different solutions and these solutions will
likely not be the same for all types of insurances.
This paper aims to outline possible solutions to
this fundamental challenge by analysing the legal
situation on both sides of the Atlantic using the
jurisdictions of Switzerland (incl. partly the EU)
and California as examples of two quite different
For both systems, three bodies of law need to
be analysed: First, we will clarify if and to what
extent the applicable insurance regulations allow
for an individualisation of insurance contracts
(C). Second, we will assess whether and under
what conditions the individualisation of insurance
contracts is compatible with the requirements
of anti-discrimination law (D). Third, we will
investigate whether the processing of personal
data, which is carried out to calculate individual
premiums, complies with the requirements of data
protection law (E). In order to gain a broad picture
of the phenomenon, we will analyse three types of
insurances: (mandatory) health insurance, renters
insurance and automobile insurance. At rst,
however, we will briey outline the rationale behind
the individualisation of insurance contracts (B).
B. Individualisation of
Insurance Contracts
Insurance contracts – and in particular insurance
premiums – can essentially be individualised with
regard to two aspects: the risk prole, dened by
factors such as age, gender, health, work activity,
place of residence, driving behaviour, etc., and the
willingness to pay.4 These two aspects can easily
be combined in the individualisation of an offer.
Nevertheless, the rationale for individualisation
in terms of the willingness to pay differs from the
rationale for individualisation with regard to the
risk prole. Each aspect will therefore be discussed
3 E.g. Weber (n 1) para 16.
4 Moreover, prices might be individualised based on the
likelihood that a policyholder will change carriers, see: Rick
Swedloff, ‘Regulating Algorithmic Insurance’ (2019) <http://>, accessed 8 April 2019, 4.
Big Data in the Insurance Industry
I. Risk Profile
Insurance premiums are generally calculated
based on the risk prole of the insured. Most often,
however, insurance companies do not calculate
the risk for each customer but form groups of
customers and offer premiums corresponding to
the risk assessment of that group. This serves two
important policy goals; namely, the reduction of
adverse selection and the avoidance of moral hazard.
The notion of adverse selection5 refers to the
phenomenon that more attractive suppliers or buyers
are driven out of the market due to information
asymmetries. If insurance companies were to insure
a certain risk for all potential policyholders at a
uniform price, taking out such insurance would be
particularly attractive for persons whose individual
risk is above the average risk on the basis of which
the uniform premium was calculated. The offer
would therefore attract comparatively unattractive
customers. If only these customers were to take
out the insurance offered, the insurance company
would either have to accept losses because the
risks associated to its customers are higher than
anticipated, or it would have to increase the
premiums in order to reect the higher risks of its
actual customers. Over time, this mechanism would,
theoretically, increase the premiums to a point
where it would no longer be worthwhile for anyone
to take out insurance. In reality, however, this effect
is unlikely to be observed because policyholders
are unable to assess their risks accurately; rather,
they are prepared to take out insurance against a
risk that cannot be precisely calculated. Even if the
mechanism described is hardly observed in practice,
a uniform premium for all policyholders would still
attract comparatively unattractive customers and
may thus lead to a race to the bottom. The formation
of risk groups can prevent this effect by offering
insurance to members of different risk groups at
different prices. This is all the more true if the offers
are individualised according to the risk prole of the
individual policyholders.
Moral hazard6 occurs when people behave
irresponsibly or recklessly due to false incentives.7
The standard example of moral hazard is a change in
5 On adverse selection see also: Ronen Avraham and others,
‘Understanding Insurance Antidiscrimination Laws’ (2014)
87 S.Cal.L.Rev 195, 204ff. with further references; Bitter and
Uphues (n 2) 155.
6 On moral hazard see also: Avraham and others (n 5) 206ff.
with further references; Bitter and Uphues (n 2) 156.
7 Cf. N. Gregory Mankiw and Mark P. Taylor, Grundzüge der
Volkswirtschaftslehre (7th edn, Schaeffer-Poeschel 2018)
363; for a more restrictive denition see Peter Zweifel and
Roland Eisen, Versicherungsökonomie (2nd edn, Springer 2003)
295f., according to which moral hazard exists when persons
adapt their behaviour due to the existence of a contract.
behaviour following the conclusion of an insurance
contract for a particular risk.8 The risk of such
behavioural changes can be reduced if premiums
are increased after a claim and thus incentives are
created for policyholders to prevent the occurrence
of a claim despite the existence of an insurance
contract. The individualisation of insurance
contracts – and in particular of insurance premiums
– opens up further possibilities for combating moral
hazard. In particular, insurers can create incentives
for risk-reducing behaviour by collecting data about
the behaviour of their policyholders, for example, by
granting discounts if an insured person demonstrably
is a cautious driver or exercises regularly.
effects are positive, not only for policyholders and
insurers, but also for society as a whole, since they
prevent the occurrence of damage and promote the
health of policyholders.10
9 In addition to ghting adverse selection and moral
hazard, adjusting insurance premiums to the risks
of individual customers or groups of customers
promotes fairness by avoiding or at least limiting
situations in which individuals have to pay for the
risks created and the damages caused by others. It
seems, however, that this only holds true for risks
that can be controlled by the individual customers,
e.g. by adjusting their driving behaviour. With
regard to factors beyond the control of individuals
– such as their genetic disposition – it would seem
rather unfair if individual customers were treated
As we will see, this distinction is already
mirrored in the law to a large extent as the leeway to
individualise insurance premiums is very limited for
health care,
while it is predominantly permitted for
other types of insurance such as renters insurance13
and automobile insurance.14
8 Zweifel and Eisen (n 7) 295; see also Felix Walter Lanz, Adverse
Selection und Moral Hazard in der Privat- und Sozialversicherung,
Luzerner Beiträger zur Rechtwissenschaft, vol 77
(Schulthess 2014) 39; Martin Nell, Versicherungsinduzierte
Verhaltensänderungen von Versicherungsnehmern (VVW GmbH
1993) 4.
9 So called “Pay How You Drive”-Model, cf. Allstate
Corp. ‘How Telematics May Affect Your Car Insurance’,
December 2018 <
telematics-device.aspx> accessed 4 June 2019; Rick Swedloff,
‘Risk Classication’s Big Data Revolution’ (2014) 21 Conn.
Insurance L.J. 339, 342 ff; Peter Maas and Veselina Milanova,
‘Zwischen Verheissung und Bedrohung – Big Data in der
Versicherungswirtschaft’ (2014) 87 Die Volkswirtschaft,
23, 24.
10 In more detail: Maas and Milanova (n 9), 24ff.
11 Cf. Swedloff (n 4) 8ff. For a discussion on the fairness of
(individualised) risk classication: Avraham and others
(n 5) 203ff. and 214ff.
12 See below, for Switzerland: C.II.1; for California: C.III.1.
13 See below, for Switzerland: C.II.2 ; for California: C.III.2.b).
14 See below, for Switzerland: C.II.2; for California: C.III.2.c).

To continue reading

Request your trial